I agree that the skills shortage is real. I see it when attempting to hire security-minded people.
There is another part to that skills shortage, and that is how corporations value security. In a nutshell: Not very highly. Everyone talks about it, few organizations want to spend even a fraction of their budget to actually tackle it. As any security person knows, security is hard: And that seems to bump it right down in the priority list when it comes to spending. Though it is a high priority talking-wise.
I used to be an information security employee, until I took an arrow ... never mind. Until I saw how much more money I could make by just doing infrastructure, switching and routing. It's child's play compared to security - and it gets actual dollars. Should that market shift towards security, I'll be happy to shift with it.