|
|
|
|
|
|
by ForHackernews
1597 days ago
|
|
|
Security Engineers that know how to secure applications running on a cloud platform are rare as hen's teeth. We've tried and failed to hire one for almost two years now. All the candidates are either "cloud security experts" who will run through a checklist of AWS best practices while remaining wilfully ignorant of the application itself, or on-prem dinosaurs who want to talk to us about the ports on our corporate firewall. |
|
|
Hiring a person and training them for the role is going to be quite a lot cheaper than finding that rare professional, who's going to command a very high premium.
Which means that at least one of the following things is true:
1. You're not willing to pay enough for an individual who's a perfect fit.
2. You're not willing to hire someone who's not a perfect fit and spend money to train them for the role.
3. You've done the math and concluded that the cost of doing either 1. or 2. above is higher than the value brought by actually securing these applications (who's doing it now? nobody?)
So in cases 1. or 2. it's entirely your company's fault, and in case 3. it's nobody's fault and you don't actually care about the end result. It's an evergreen listing for a job that you already decided shouldn't exist.