The list of potential language posts goes on for quite a bit, especially when you consider how broad a term 'security worker' is. It is entirely possible to devote an entire career to statistics, yet fall within plausible definitions of a 'security worker': consider risk analysis, breaking data annonymization, etc. R, various Python-based tools, etc. (all related to technical computing), would then become quite important.
I have attempted to get a grip on what a 'security worker' might be, hence what the qualifications might be, for several years. On at least one occasion, it was in response to an HR request for specific instructions regarding hiring a counterpart in a foreign country. This is a hard problem; to take a random example, the Law of Large Numbers is important in surprisingly many security fields, but it is obviously nowhere near being a useful universal selector.
What else goes wrong in HR, from an applicant's perspective? My top three contenders, on an on-going basis are
- Requiring five years experience with something that has only existed for two years
- Requiring experience with something which is completely irrelevant
- Being driven by marketing fashion, not fundamentals
HR doesn't operate in a vacuum. Someone (likely an over-worked developer, sysadmin, or entry-level supervisor of either) provided those bogus requirements. The knock-on effects are that
- The best candidates will likely never make it to an interview
- If the person who defined bogus requirements is part of the interview team, defensiveness is likely to fail the best remaining candidates
The best candidates have now been weeded out. HR often takes the heat, through no fault of their own, while much Internet drama is conducted in the various technical cognoscenti fora. The evil HR director Catbert, made famous in the Dilbert comics, exists. I have run into a few, over the years. However, Catbert is the exception, not the rule.
That seemingly throw-away point above? "Being driven by marketing fashion, not fundamentals?" That is a whole topic in itself. It may be the greatest challenge facing the security industry today.