> Yes the more involved jobs in information security do require widespread knowledge that can't necessarily be taught on site

It certainly can, companies just don't want to pay for that training. That's really where the "maniacal obsession" with job experience comes from. Companies just want to save money on training.