I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.
When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.
Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).
Each time I think I’m getting to the heart of the challenges faced by those on all sides of cybersecurity recruiting, a further complexity raises its ugly head.
While I still think that job titles are horribly limiting, that job descriptions completely miss the point, and that the cybersecurity skill-gap misconception is mostly the fault of the organisations asking for help, there’s no getting away from the fact that cybersecurity recruiters are doing themselves no favours.
5 years ago, when I was still smarting from being laid off [fired, cough], I found myself back in the job market looking for …something.
After 12+ years in the same organisation, I had worked my way up from ‘Firewall Administrator’ to ‘Director of Delivery’ for EMEA and APAC. Through poor planning and various character flaws I was at a complete loss where to even start looking for an equivalent position. My safety-net was non-existent as making connections has never been what I would call a strong suit.
Like every other independent security consultant out there, I have to ask; “Cybersecurity skills gap? What the Hell are you talking about?”
I’m not even going to quote the plethora of doomsday statistics, but suffice to say the majority of organisations and Governments believe the cybersecurity skills gap is actually a real thing and getting worse. They have no idea that the experts to solve most security issues are out there with dumbfounded expressions thinking; “I’m sitting RIGHT here?!”
If you’re reading this, you likely fall into 1 of 3 camps:
- You are horrified at the concept and can’t wait to tear me a new one;
- You actually think I may be able to help you make lot of money; or
- You know me and realise that the title is nothing but click-bait
If 1., then good for you, I would do the same. If 2., then you’ve come to the wrong place unless you’re prepared to put in significant effort. If 3., then you’re right! 🙂