If you’ve followed cybersecurity headlines, you’ve probably heard about the “skills gap.” The narrative goes like this: organisations are under constant attack from cybercriminals, but there just aren’t enough qualified professionals to protect them. This shortage, we’re told, is a dire crisis threatening businesses and governments alike.
While there’s some truth to the idea that demand for cybersecurity talent is growing, the industry’s obsession with the “skills gap” is riddled with overstatements, misconceptions, and, yes, bollocks. Let’s dissect the myths behind this so-called crisis in part twenty-three of my satirical comedic polemic series.
“There Aren’t Enough Cybersecurity Professionals”
The most common claim is that there’s a significant shortage of cybersecurity talent, often cited in sensational terms like “millions of unfilled jobs.” But these figures are often based on dubious methodologies, such as counting every cybersecurity-related job posting as an unfillable position.
In reality, many organisations are looking for “unicorn” candidates—people with years of experience, multiple certifications, and expertise in every niche area of security. Instead of hiring and training entry-level talent, they set unrealistic expectations and then blame the “skills gap” when they can’t fill roles.
The idea that there’s an absolute lack of talent? Overblown bollocks. The problem lies in how organisations define and seek talent.
“We Need More Certifications to Close the Gap”
Cybersecurity certifications like CISSP, CEH, and CompTIA Security+ are often touted as essential for breaking into the industry. While certifications can be useful for demonstrating knowledge, they’re not a magic solution. Many hiring managers place too much emphasis on credentials, overlooking practical experience and problem-solving skills.
What’s more, certifications can be prohibitively expensive, creating a barrier for talented individuals who lack the resources to pursue them. The narrative that certifications alone can close the gap is bollocks—it’s a symptom of an industry obsessed with gatekeeping.
“The Skills Gap is Why Companies Get Hacked”
When a company suffers a data breach, the skills gap is often trotted out as an excuse. But in most cases, breaches occur because of systemic issues—poor security practices, outdated systems, or a lack of investment in basic defences—not because of a lack of talent.
Blaming the skills gap shifts responsibility away from organisations that fail to prioritise security and invest in the right tools and training. The claim that breaches are primarily the result of a talent shortage? Convenient bollocks to avoid accountability.
“Automation Will Fix the Problem”
Some argue that automation and AI will solve the cybersecurity skills gap by reducing the need for human intervention. While automation can help with tasks like threat detection and incident response, it’s not a panacea. Complex attacks still require human judgment, creativity, and contextual understanding.
Relying too heavily on automation can also lead to a false sense of security, leaving organisations vulnerable to sophisticated threats. The promise that AI will make the skills gap irrelevant is more tech industry bollocks than reality.
“There’s No Path for Entry-Level Talent”
One of the most frustrating aspects of the skills gap narrative is that it ignores the struggles of entry-level professionals trying to break into the industry. Many cybersecurity job postings require years of experience, even for junior roles, creating a paradox where candidates can’t get experience without already having it.
At the same time, organisations are slow to invest in training or mentorship programs that could help close this gap. The narrative that there’s no talent available often ignores the untapped potential of people eager to learn. The idea that entry-level talent can’t contribute to cybersecurity? Lazy bollocks.
“We Need More STEM Graduates”
Another common refrain is that the cybersecurity industry needs more STEM (science, technology, engineering, and mathematics) graduates. While technical skills are important, cybersecurity also requires creativity, communication, and strategic thinking—skills that aren’t exclusive to STEM fields.
In fact, many successful cybersecurity professionals come from non-technical backgrounds, bringing fresh perspectives to complex problems. The overemphasis on STEM graduates as the solution to the skills gap is narrow-minded bollocks.
“The Skills Gap is a Crisis”
While there’s growing demand for cybersecurity professionals, calling it a “crisis” is misleading. The industry’s framing of the skills gap often serves to justify expensive training programs, certifications, and recruitment services. It’s a convenient way to shift the focus away from systemic issues like poor hiring practices and underinvestment in security.
The reality is that the skills gap is more of a challenge than a crisis—and one that can be addressed with better training, realistic hiring expectations, and a commitment to nurturing talent. The idea that we’re on the brink of disaster? Sensationalist bollocks.
“It’s All About the Talent Pipeline”
Much of the conversation around the skills gap focuses on building a pipeline of new talent, but it often ignores the retention problem. Many organisations fail to provide meaningful career development, fair compensation, or a healthy work-life balance, leading to high turnover rates.
Burnout is a significant issue in cybersecurity, where professionals face relentless pressure and long hours. The idea that the solution is simply pumping more people into the industry, without addressing why they leave, is shortsighted bollocks.
Conclusion: The Skills Gap Isn’t What You Think It Is
The cybersecurity skills gap is real, but it’s not the catastrophic crisis it’s often made out to be. The problem lies not in the availability of talent, but in the industry’s unrealistic expectations, reliance on gatekeeping credentials, and failure to invest in training and development.
Instead of perpetuating the narrative of a crisis, organisations should focus on building sustainable hiring practices, supporting entry-level talent, and creating environments where cybersecurity professionals can thrive. Because while there’s work to be done, much of the “skills gap” panic is, quite simply, bollocks.