This article was originally published on not your CISO on Medium. Read the full post →
I have seen a lot of posts about the skill gap, unrealistic hiring expectations, and the number of open security roles. Most of them circle the same frustration: organisations want five years of experience in a technology that has existed for two, and then complain they can’t hire.
But I think the framing is wrong. The skill gap isn’t primarily a supply problem — it’s a hiring and development problem. Organisations have been optimising for the role they need filled today, not the practitioner they need in three years.
The fix: hire generalists with strong fundamentals and genuine curiosity. Create specialists through structured exposure and mentorship. Stop expecting the market to hand you finished professionals.