"We security folks need to build a farm system. I've supported vendors that sponsor college programs and it would be great to see more of that. But the fact remains that if you can deal with the job (and many can't), it's a sellers market for security talent and will remain that way for a long time to come."
Here's where I'd stand up and applaud if I were in the audience. Bravo, Mike. Well said.
But I think it goes deeper than just building a farm system - we need to build a talent creation system. My goal on every team that I've been on in my security career has been to create a system where we could take people who weren't grey-beard, old-school veterans of security and turn them into extremely capable and high-performing talent in as short a time as possible (usually less than 3 months).
There are three parts to the equation for winning the talent war in information security - I'll probably be ranti... uh, talking about these parts in greater depth over the coming months. But, the short version is simple:
1. Hiring For Growth 2. Creating a Talent Acquisition Structure 3. Creating a Knowledge Growth Culture
Of these, #1 is easily the most important. Really, building a team of great security people is much like real-estate - the profit is made when you buy the property (as goes the old maxim). Simply put, if you hire correctly, the other two take care of themselves.