Cybersecurity skills shortage, is it real?
Comments
-
DatabaseHead
Member Posts: 2,754 ■■■■■■■■■■
I work for a fortune 100 company and there are security jobs out there, but not a ton (in my current company). Where I see most of the job reqs is in development of some sort, front end, web, api, database, big data (Cassandra, Hadoop, Mongo), BI/ETL.
Full stacks starting off can make 150+ and they get manager bonuses, > 15%. -
Panther
Member Posts: 118 ■■■□□□□□□□
I've seen lots of 'entry-level' positions that want 5+ years of experience.
Translation ... I want to pay you less. -
paul78
Member Posts: 3,016 ■■■■■■■■■■
Why do you think that doesn't happen? That's a pretty common scenario which does occur. I don't know of any hiring manager or company that doesn't hire the best candidate if that's the closest fit. Ultimately, companies and the managers have a business to run and if a job goes unfulfilled, growth could stagnant and top-line could be effected. In previous roles, if one of my managers or directors have open positions and they don't fill it within a quarter, my natural thought is that the department may not need that headcount and I will consider moving that headcount someplace else. Most managers in larger enterprises are usually incentivized to fill headcount. Also, if a department has a goal that requires the additional headcount to that a job done - you can bet that the position will get filled or the manager will risk a poor performance review.if a shortfall truly exists then don't you think industry leaders and employers will be embracing and chasing applicants who have 75% of skill set they are looking for. But is that happening at all?
Just to give you some context since the bulk of my career has been in financial services. Depending on the financial services sector, having experience in that particular sector or industry is extremely important. I am actually one of those that will not hire a candidate for a mid to senior level position if the candidate doesn't have financial services experience. That candidate is going to have to be pretty stellar for me to reconsider that baseline. The reason is that financial services can be pretty stressful. And understanding the business is a career in itself. When we hired entry-level folks (0-3 years experience), in some roles, the expectation is that it would take anywhere from 6 months to 12 months before that individual is actually productive.I have sent out a few resumes so far, despite having multi year experience, the talks breakdown when it comes to me not having experience in a financial institute.
And in security, for financial services, that's even more true. If I had a candidate with 10 years of relevant experience but the candidate worked in AdTech and no financial services experience, that's likely going to be a pass for me. The threat landscape, regulatory mandates, and business drivers so different that it would take someone like that 6 to 12 months to get up to speed.
BTW - there are other types of companies that typically have similar attitudes. For example, tech startups typically will avoid hiring people that have never worked in a startup. And there is a bias against hiring candidates that come from large enterprises. -
Kapital
Member Posts: 33 ■■□□□□□□□□
Hi Paul - Thanks for replying.Why do you think that doesn't happen?
And in security, for financial services, that's even more true. If I had a candidate with 10 years of relevant experience but the candidate worked in AdTech and no financial services experience, that's likely going to be a pass for me. The threat landscape, regulatory mandates, and business drivers so different that it would take someone like that 6 to 12 months to get up to speed.
1. "Why do you think that doesn't happen? " - It is based on my limited expereince as well as based on what I have heard from other candidates. It seems like no one is willing to train, no one is willing to even talk as to what needs to be done. Employers just look for candidates from other similar organizations with similar skills or yell - Cybersecurity talent.
I am not saying that they leave positions unfullfilled - I think many job posts are actually a smokescreen to fill in internally.
2. I am not sure why it would take more than 4/5 weeks for a condidate to be productive if he has multi year expreience and lots of lots of well known, diverse, industry leader certifications to back it up. i would happlily offer to work for a dollar a month for first three months but do you think any employer yelling shortage of cyber security talent is willing to listen? Nope. -
paul78
Member Posts: 3,016 ■■■■■■■■■■
Interesting that you said that... I'm actually not sure how pervasive this practice is. But I've done that before. But usually those jobs don't get posted externally. This is a tactic that I used to get around stupid HR mandated promotion processes. For example, it's always more cost-effective to retain good employees so if there's someone that deserves a promotion, and there is open headcount budget. It's a way to give someone a well-deserved promotion and a small raise. And usually the open headcount budget gets reduced to a lower position.I think many job posts are actually a smokescreen to fill in internally.
I can't speak for other companies but I'm not seeing a shortage of talent. You just have to know where to look. There are always going to be managers that want the perfect candidate but eventually they will fill the position if they want it filled badly enough.I am not sure why it would take more than 4/5 weeks for a condidate to be productive if he has multi year expreience and lots of lots of well known, diverse, industry leader certifications to back it up. i would happlily offer to work for a dollar a month for first three months but do you think any employer yelling shortage of cyber security talent is willing to listen?
I actually got an interesting call yesterday from a recruiter about a position he was having a tough time filling. We had a very nice talk and he is someone that I've done business with in the past. But I couldn't help laughing because we both knew that he was never going to find that person. -
LordQarlyn
Member Posts: 693 ■■■■■■□□□□
Hi Paul - Thanks for replying.
1. "Why do you think that doesn't happen? " - It is based on my limited expereince as well as based on what I have heard from other candidates. It seems like no one is willing to train, no one is willing to even talk as to what needs to be done. Employers just look for candidates from other similar organizations with similar skills or yell - Cybersecurity talent.
I am not saying that they leave positions unfullfilled - I think many job posts are actually a smokescreen to fill in internally.
2. I am not sure why it would take more than 4/5 weeks for a condidate to be productive if he has multi year expreience and lots of lots of well known, diverse, industry leader certifications to back it up. i would happlily offer to work for a dollar a month for first three months but do you think any employer yelling shortage of cyber security talent is willing to listen? Nope.
Yep, a former boss of mine told me that as much as a third of publicly posted job listings are either to collect CVs, or, they already decided who they were going to fill, but for policy or legal reasons, still had to post the job. Indeed, my current job when I got promoted, was the former, I already had the job, the "interview" was just a formality, but for legal reasons and in accordance with HR policies, they had to post my job publicly and internally.
Anyway, I will agree there is a need for many more cybersecurity positions, as long as there is a huge abundance of cybercriminals.
