The new report from Cobalt The State of Pentesting 2022: How Labor Shortages Are Impacting Cybersecurity and Developer Professionals finds that the lack of qualified people has become the No. 1 problem for security pros and especially pen testers, and notes: “The majority of vulnerabilities stem from not staying on top of configurations, software updates, or access management controls – these are common and easily preventable security flaws. To proactively fix and prevent these vulnerabilities, both security and development teams need access to more resources, particularly manpower, which can be hard to come by thanks to talent shortages.”

Excellence as a cybersecurity practitioner, particularly in pen testing, draws on cognitive abilities such as visual-spatial working memory, anomaly detection, and rule induction. Our research has shown that these abilities flourish in a spectrum of the population that is more than large enough to satisfy the need. Until recently, the problem has been divining \”who\” can learn the trade. We can close the gap, economically, by looking at populations that aren\’t at the typical recruiting hot spots, finding those with the highest potential for pen testing, secure design, and other roles, and rapidly spinning them up. By focusing on those with the cognitive potential, we stop gambling with training money and start methodically building the workforce.