I think the industry really f'ed themselves on not developing pipelines to onboard security staff when the shortage of professionals first became acknowledged years ago. Look at this research report from over 10 years ago discussing it as a problem[1].
Yet here we are, talking about burnout with more than a few people ITT _still_ talking about teams being understaffed.
Meanwhile there is no shortage of people obtaining credentials and education in cybersecurity who have nowhere to go because many parties feel these are effectively worthless. So what's the answer when the onus of training has shifted to workers, but none of the major players want to develop these people.
Yet here we are, talking about burnout with more than a few people ITT _still_ talking about teams being understaffed.
Meanwhile there is no shortage of people obtaining credentials and education in cybersecurity who have nowhere to go because many parties feel these are effectively worthless. So what's the answer when the onus of training has shifted to workers, but none of the major players want to develop these people.
[1] https://www.csis.org/analysis/human-capital-crisis-cybersecu...