Part of the skills shortage in Cybersecurity is caused by the time wasted explaining the basics to the numerous tricksters in our line of work. It's nigh impossible to counter all the BS from the checkmark brigade. People don't scale.
The trouble is that the easy solutions are compelling, and that the lack of a consistent story is ruining it for all of us - it is easier to sell "we have a firewall, so it's secure" than "we need to improve our detection and response capabilities - and oh, btw. I need two more FTEs for Threat Hunting".
While wasting our time explaining the basics over and over again, we miss the opportunity to mentor and grow real competences in security and it has to stop. There's competences everywhere; In help-desk, in Dev, in HR, but they - too - are being held back by the personalities discussed above, so let's all help grow the ones that can make a difference and call out the tricksters.