Security Hiring, But Young People Aren't Interested?
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Ran across this article and thought what a load of crap. I tend to believe that the issue comes down to most jobs wanting a ton of experience and the cleanest of backgrounds. I know when I finished school I applied for a number of security positions all over and hadn't even received a call for an interview. Also, I've seen people not cleared due to either massive student loans or foolish things (Facebook or downloading related things). I tend to believe there is a motive behind this article...
The Cybersecurity Industry Is Hiring, But Young People Aren't Interested | Motherboard
The Cybersecurity Industry Is Hiring, But Young People Aren't Interested | Motherboard
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
Also, I think you are spot on about the jobs - employers want already developed security pros with experience and certifications. Considering the lack of sec pros at the moment on a global scale, finding the ideal infosec people is a challenge. The requirements often gravitate to unrealistic scenarios. This may be a problem for IT as a whole but I see it even more being an issue with security. If employers take the time to develop quality personnel, it will be a lot better.
I won't name the company but it is a small shop.
I get to the interview and they asked me about my credit history (30k student loan that at the time was in forbearance due to not having a job to pay it...) I told them of the situation how I would be able to start paying it off when I had a job to make payments. I provided a logical argument regarding the series of events leading up to my current situation and how I was pushing forward to better my future.
The interviewer didn't care.
"I'm sorry, but someone that has such a huge debt (30k Non-Interest bearing student loan....) is too big of a risk. Your experience isn't even that great either, you've never had a job in IT before?"
The position requirements said "0-2 years experience. A+ required."
I had about 3 months volunteering in the local area for businesses and obtained my A+ a month before that.
I left that interview feeling like I was the lowest piece of dirt scrub out there, like even after doing what I did that it meant nothing.
A few minutes after I got home I received a call from a competing company and they asked if I could come in for an interview in 10 minutes.
I did my best to sound excited and enthusiastic even though my mood was horrible.
The interviewer said he saw me leaving their competitor and asked what I thought of them. I was entirely honest and said some not so nice things in a rather blunt manner.
He looked shocked and then laughed, "I like you, you can start tomorrow. It's already closing time so did you want to go grab a drink with the rest of the guys?"
Best. Day. Ever.
Respect yourself and others, take pride in your appearance and your work, maintain a positive attitude and be tenacious. Don't give up, and NEVER surrender.
And yes, about the jobs, all the ones I've seen require min of 5 years experience, BS, certs (usually CISSP) and lots of security specific knowledge. Maybe it's just the specialization but I don't think "entry level security" jobs are even out there.
Companies need to invest and help grow security people but mostly invest in finding ways to keep them with your company and often it's not just salary that does it. I know where I am at now they spend no money on training and it shows in the security side of the house. Big part of it is employees never leave but they also never grow, so the experience they gained is all they will ever have.
What a joke. Where did they conduct this survey? Acting school? I really doubt that if you grab 100 students 40% will say that they want to be in the entertainment industry. I dismissed the article right then and there.
This sounds like it was a survey done to be a 'sensationalized' survey instead of an actual verifiable survey of merit.
I enjoy my work, I use the experience I gain at work along with the money I get from it to pay off my loan, play some games and pay for my pursuit of certs. While I doubt I will ever get into the cyber security field I most certainly do not think I would do well as an 'Entertainer'. I like sitting at my bench, and solving problems. I suppose I might get bored one day, but until then I'm having fun with it and gaining valuable experience interacting with software/hardware/network and customers.
I got in contact with a headhunter who was looking for someone for a city government information security specialist position, which I happen to meet pretty much all requirements and even some of the "preferred" items, and the pay scale was something like $55k to $85k+, and honestly with what they were wanting and the position it should have been at least $70k, well the headhunter said they were looking to bring someone in at the bottom of the scale and let them get experience before moving up. I thought yea ok, they want to get someone with all of checkmarks and not pay them anything.
Now I can say that the issues with that have a good deal to do with the fact I'm looking in Florida, but still, employers are looking for people with way too much for what they are offering. I'm ok with a small pay bump from where I'm at or even a lateral if I can get in with a company that is going to get me the hands on experience in the different areas or technologies in security, but no one seems to want to do train and build up their employees.
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
When I was in high school, I was one of maybe three people in my class with a deep interest in any area of computing. This is a class of 600 people, and I'm 25 so it's not like it was in the Jurassic era of computing. Everyone owned a Windows or Mac computer and the school had labs of both. It was actually a more exciting time to get into IT, IMO. There was just very little interest. This really shouldn't be surprising to anyone. Most people would rather be rich and famous and pretty or talented than do something brainy or work hard.
I'm skeptical that only 40% said they'd want to be in entertainment. I would have guessed 75%.
Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
In progress: CLEP US GOV,
Next up: MATH 211, ECON 352, ICS 340
If you asked me, right now, what I would prefer to do tomorrow, and gave me the following choices:
1. Cybersecurity
2. Convenience Store Clerk
3. Actor
4. Neurosurgeon
I'm choosing "Actor". What do I want to do? I want to get paid twice as much to snort coke off prostitutes between scenes...
EDIT: The coke thing was in jest. Don't do drugs, kids.
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Precisely. The survey should have somehow been phrased or predicated on actual career options. If 90% (making up a number) of those who pursue entertainment end up working retail or food service instead, asking them if they'd rather do something they can't is kind of pointless. A more interesting survey would be to give them an aptitude test and make them pick between their top ten or twenty options after being given information about working conditions, compensation, unemployment rates, training and education, and predicted future market conditions. Something along those lines might both show and even induce some interest in cybersecurity.
In fact, in my experience, more people are interested in science and math fields than IT or computer science. Software just isn't as sexy as chemistry and biology, even (especially?) for smarter kids.
Sadly, most of the people from my generation I've seen decide to go into IT were just tech-savvy gamers who couldn't find a more lucrative career and finally bit the bullet.
Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
In progress: CLEP US GOV,
Next up: MATH 211, ECON 352, ICS 340
One being the sketchy statistics that they've dredged up. I am not really going to expound on this further since everyone else is pretty much in agreement that 40% wanting to be a movie star is kind of like saying 40% of respondents would rather make millions of dollars a year vs 200k or less.
The other issue I have with the article is the same issue I take with the argument that people making more than 100k should be taxed significantly more because they're "rich" (I disagree strongly with the one-size-fits-all methodology of US Tax Code but that's beside the point)
A six figure income sounds great, even a low six figure income at $116,000 and the article tries to make it sound like this is a good competitive salary... That is until you look at the area in which Cybersecurity is primarily based, which by the article's own admission is DC. The cost of living in the DC Metro area is a good 50% higher than most of the country. A quick look at CNN money's cost of living calculator ( Cost of Living Calculator: Compare the Cost of Living in Two Cities - CNNMoney ) found only 5 locations with a higher cost of living:
1. New York, NY (+27.9% average, varies between 5.4% and 56.3% depending on which borough between Queen [5.4%], Brooklyn [21.8%] and Manhatten [56.3%])
2. Honolulu, HI (+18.8%)
3. San Francisco, CA (+13.5%)
4. San Jose, CA (+6.0%)
5. Stamford, CT (+1.1%)
When you live in one of the 10 most expensive cities in the US, that $116,000 doesnt go as far as you would think, dont get me wrong, its still a good living (even when adjusted for cost of living it is a good 20k+ higher than the median household income in the US) but I feel the statment that "millennials are prioritizing “Interesting work” above things like “competitive pay”" is misplaced, especially when there is more lucrative money to be made in other IT roles in the area.
That being said, the article is right in one regard; we are struggling to bring people into the field and not just security but IT in general. I think there is multiple factors contributing to this.
Employers are a major problem in this equation. Employers complain about a skills-gap and that millenials are job hoppers, yet employers are unwilling to offer training, pay and/or other benefits to retain their talent and fill any gap in skills. Every job ad Ive seen recently wants 5 years experience or more and has a list of required competencies thats a mile long and while they might be willing to overlook the fact you are missing one or 2 of their "required" comptencies, that will hurt you significantly in the salary negotiation... Nevermind the fact that they only make 2 BGP changes a year, they really need someone who already knows it and since you dont they're going to offer you 30% less.
The other major problem I see is the manufacturers dumbing-down technology. They're trying to make computing so fool-proof nowadays that no one seems to be tinkering with their devices or learning how to fix it when things go wrong. In fact, manufacturer's are now actively discouraging tinkering. Apple wont let you run unapproved applications on their iPad without jailbreaking which technically voids your warranty, similarly, there is no access to the underlying file or process system of the device and tinkering with the hardware is even more frowned upon. Even Windows 8/Server 2012 which are full blown Desktop/server OS's suffer from this dumbing down effect. I think tinkering is how most of us got our start in IT and by developing these devices and discouraging tinkering, we are bringing up a generation of highly connected individuals with no understanding of how the underlying infrastructure and systems work.
2020 Goals: AWS/Azure/GCP Certifications, F5 CSE Cloud, SCRUM, CISSP-ISSMP
I stopped reading after that silly statement.