http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage By https://twitter.com/addelindh and https://twitter.com/0xtero http://3vildata.tumblr.com/ Jan 26th, 2015 Today I got into an argument on Twitter that started with me saying something sarcastic in reference to a recent statement by a vendor and ended with a discussion about the skills shortage in security. Twitter can be a difficult medium sometimes and I don’t really feel that I got my point across, so this is my attempt to correct that. Before I start I would like to point out that in no way do I think that this is the only reason there is a skills shortage in security, but that I do consider it a large contributing factor. In the beginning, there was firewalls Enterprise investment in security has traditionally been in products such as firewalls, anti-virus, IPS/IDS, and so on. Security products has in turn been marketed and sold as “solutions” rather than tools; heavily automated and not really much to work with. Because of this, they have been considered as infrastructure components rather than applications, you just install and configure them and then let them do their magic. Automation is great, until it isn’t The thing about buying automated solutions is that it removes the incentive to invest in knowledge of the problem the solution was supposed to solve. Why pay money so that someone can learn how to solve a problem that has already been solved, right? For an enterprise, this makes perfect sense, and for a while it worked. […]