Good point. Rather than searching for the rare people that wear their underwear outside their trousers and have every certification ever issued, it would be better to select on talent…:
[…] What we have in this industry isn’t a skills shortage. It’s a creativity problem in hiring. To close the existing talent gap and attract more candidates to the field, we need to do more to uncover potential applicants from varied backgrounds and skill sets, instead of searching for nonexistent “unicorn” candidates — people with slews of certifications (like CISSP, CompTIAPenTest+, CySA+, CASP+, CEH, CISSP and CISM), long tenures in the industry (10+ or, in some cases, 20+ years of experience — longer than most relevant technology has been around), and specialized skills in not one, but several, tech stacks and disciplines (from cloud security to app sec and compliance).
But how? By dropping the secret-handshake-society mindset that enables a lack of diversity in the workforce, deters new entrants to the field, and, ultimately, undermines our ability to stay secure in the long run.