The potential shortage of bad guy talent, then, is made up by their ability to collaborate in the dark web. "Classically we have had a problem sharing information because of the issue of digital trust. They are afraid the information won't be protected," said Gerdes.
A number of opportunities are out there for security defenders, but too often companies are pushing with a standard hiring profile. Most want someone with a four-year degree and a minimum of five years experience. "Once they get an interview, then they ask about platforms and skills," said Gerdes.
Realistically, for people who decide today that they want to start down that path, it's nine years from now before they are able to apply for one of those jobs. Gerdes said, "The other opportunity is to look into trade schools or technical colleges or company offered training. They can enter into the space in an entry-level position within a year or two, but there are companies who will take those folks and train them internally."
While job applicants need to hone their skills, network, and get themselves noticed, enterprises also need to change their expectations. "There are no bachelor's degrees in firewall management. Some candidates have five, seven, 10 years of experience that won't be considered because of the basic rules," said Gerdes.
"There are companies out there where you can earn your degree over time as an employee benefit," Gerdes said, so a quicker entry way might be for applicants to change the companies that they are targeting.
Sign up for CIO Asia eNewsletters.