Companies Urged To Adjust Hiring Requirements for Cyber Jobs (wsj.com) 164
Companies need millions more cybersecurity professionals to fill roles around the world, but researchers say outlandish job requirements are the problem, rather than a lack of workers. From a report: Around 3.1 million professionals are needed to bridge the cybersecurity talent gap, a trade association for cybersecurity professionals estimated in a November report. The International Information System Security Certification Consortium, known as ISC2, said world-wide employment in the field would need to grow 89% to meet security requirements. However, excessive requirements for years of experience and professional certifications plus inflated expectations for junior roles aren't uncommon, said Chase Cunningham, principal analyst at research firm Forrester. He said that results in the perpetual problem of such positions going unfilled because companies often target overqualified candidates who can command greater salaries than these jobs tend to offer.
Not gonna happen (Score:5, Insightful)
1. They get to tell regulators "We'd love to secure our network but we can't find competent people".
2. They get to bring in already trained H1-Bs.
The only way to fix this would be with government regulation, and nobody wants to do that because we've been told for 50 years that government == bad.
Re:Not gonna happen (Score:5, Interesting)
the requirements are there because the companies don't want to train. So they set artificially high requirements to avoid training costs. This has 2 benefits: 1. They get to tell regulators "We'd love to secure our network but we can't find competent people". 2. They get to bring in already trained H1-Bs. The only way to fix this would be with government regulation, and nobody wants to do that because we've been told for 50 years that government == bad.
You're probably right. Don't forget, too, that most infosec jobs are more about compliance--paperwork, audits and bureaucracy--than anything fun or operational. So the flipside is people in Dev or Ops may not be interested in stepping over based on their experiences dealing with those same teams. Once you finally get that clueless CISSP off your back, why would you want to join his/her team?
Honestly the economy is crappy enough (Score:3)
Re: (Score:3)
Absolutely going to agree here. The companies doing this know very well what they are doing, they know they can't find people that meet the requirements. Occasionally they need to post a token job publicly that can't be filled to fulfill some internal or external regulatory requirement before moving on to what they want to do (either go without or just hand the position to someone contrary to a requirement that the person should have to fairly compete with candidates.
In the most charitable case, they are c
Re: (Score:3)
Actually, they probably *could* find competent people domestically, just not ones that are willing to do that job for what they are offering.
What sort of regulation do you imagine being effective?
Re: (Score:2)
Exactly, if it exists, then there is always supply at the right price. If it's not available at the price someone is offering it's because it's worth more than they're offering to pay. If someone can't find top notch experienced engineers willing to work at their startup for minimum wage and 100 stock options, it's not because there is an under-supply of engineers.
Re: (Score:2)
So there are millions of highly-trained engineers refusing to work because salaries are too low?
I don't think so.
Re: (Score:2)
More specifically, because many of the salaries being offered are too low, but with respect to what is being discussed here, yes.
Not all companies lowball their salaries, but many do.
The problem is training (Score:2)
H1-Bs are disposable by nature, Americans are not.
Re:Not gonna happen (Score:5, Insightful)
the requirements are there because the companies don't want to train. So they set artificially high requirements to avoid training costs.
Cyber-security professionals can and should have a lot of certifications. These companies are shooting themselves in the foot by gate-keeping, though. It's probably far cheaper to take someone with a degree and put them through certification than to negotiate salary with someone that already has all the pre-requisite certifications.
They get to tell regulators "We'd love to secure our network but we can't find competent people".
Cyber-security requires a high level of competence, so this is unsurprising.
They get to bring in already trained H1-Bs.
This is when H1-B visa programs work as intended. Anecdotally, I can attest that's something that doesn't happen in my industry. Security positions are not assigned to foreign nationals under any circumstances.
The only way to fix this would be with government regulation, and nobody wants to do that because we've been told for 50 years that government == bad.
Cyber-security is a newish discipline. The requirements are extremely high due to the nature of the job. I don't know if corporations can do that much about it in the US other than hire entry-level workers and turn right around to train them again with the right certifications. Most companies simply aren't going to have the infrastructure built to support that.
The free market may catch up and provide the workers needed in five to ten years. Government regulation could boost those numbers by, I don't know, providing more scholarships for cyber-security degrees? Maybe the new administration will point us in the direction.
government regulation to fix the H1-B visa issues (Score:5, Insightful)
government regulation to fix the H1-B visa issues can be done.
Like
an min wage (With COL added in) say 80K is good in some areas but not bay area.
Stopping Extreme OT for H1-B workers.
Stopping fake job ad's to keep out US workers.
Not locking H1-B's to the job so they can't be abused.
IF an US workers needs to train an H1-B to get there severance then that should trigger an review / fines.
80K isn't near enough (Score:4)
You won't be able to do the other thing's you're talking about. Regulations that try to accomplish those things can easily be worked around. Stupidly high salary requirements cannot. It's too cut and dry. Either you're paying it or you're not. Things need to be blunt and cut and dry or you'll get lobbyists writing loopholes in.
Re: (Score:2)
Cyber-security is a newish discipline. The requirements are extremely high due to the nature of the job.
Cyber-security has literally been around for decades now. The only thing "newish" here, is the sudden desire to actually give a shit enough about cyber-security to hire people.
And the corporate give-a-shit factor still isn't anywhere near high enough, so we should expect more of the same. Massive hacks. Massive data breaches. Massive losses. And ultimately massive lawsuits that don't change a fucking thing, including increasing the give-a-shit factor.
Seemingly the only companies actually taking cyber-se
Re: (Score:2)
The threats have never been so pervasive or damaging.
But the bar is set high so that HR and top mgmt can point to the lack of seats filled and have a cop-out reason.
Your rationale fits, but the give-a-shit factor has another skew, called irrational expectations. I'll take one seasoned pro over four people with an alphabet soup of certifications any day. The problem is finding and assessing who's actually seasoned, and who thinks they're an nmap wizard and deserves the gig. If you're in HR, looking at resume
This is right. Also job postings are wish lists (Score:2)
I pretty much agree from my experience in the field.
Something to keep in mind for all job seekers, no matter what the field, is that job postings will list several qualifications that the employer would like to find. If you take that list as "you must have all of these, and exactly these, or don't bother applying", you're missing good opportunities. The employer doesn't know what qualifications you have before they talk to you. Maybe you have other qualifications that they didn't think about which will b
Re: (Score:2)
I'd be more than happy to move into a cyber-security position, having formerly been a network admin and support technician. I don't however have a host of cyber-security certs as they were never a core part of my job. If these people wanted someone with related experience who would be easy to train, I'd be a great fit. However, they don't even respond to my submissions.
Re: (Score:2)
Re:Not gonna happen (Score:5, Insightful)
More specifically, they don't want to train, nor do they want to pay a reasonable rate for someone already trained. Since they're only interested in ticking boxes rather than actually being secure, they just need someone willing to claim they're trained.
Re: (Score:3)
The lack of training investment in most IT businesses is pretty staggering.
I work for an MSP and the sheer amount of winging it that goes on is astonishing. I sometimes secretly hope it goes badly on a client project and the resulting lawsuit holds the business negligent along the lines of malpractice.
I mean if you got on an airplane that was repaired by people who "figured it out" and it crashed, the airline would be gutted for not providing expertise.
Re: (Score:2)
Re: (Score:2)
I don't have problems with H1-B. But companies should be required to pay them the same wages as Local Employees for the same position. Also the H1-B employees better meet the requirements that they couldn't find the jobs for.
We have been told that Government == Bad. However these are also companies begging for the Government to give them a hand.
If you are going to ask for Extra Government Help, there should be strings tied to it, to make sure that you are working for the public good. This also should be
Re: (Score:2)
But companies should be required to pay them the same wages as Local Employees for the same position.
They'll just cut the position's pay for everyone until the local employees walk away and then they need H1-B labor.
However these are also companies begging for the Government to give them a hand.
In what way? It's not asking for a hand if they believe that they already have the right to freely hire from any corner of the world. They just want government out of the way.
We should keep mindful that the individuals who are running the government, are working for us the Citizens, and not for themselves or special interests.
Yeah, right. That didn't work out so well last month. Hint: Keep a close eye on your 401(k)s and IRAs. Rule changes could make them start to evaporate pretty quickly next year. Socialism will only tolerate the government h
Re: (Score:2)
Let's all point
How can you do that with your sleeves buckled behind your backs?
Re: (Score:2)
the requirements are there because the companies don't want to train.
One of my friends had to hire a security team. The requirements were some sort of basic networking experience, and some general IT experience. The positions were for industrial controls security, which almost nobody has experience with, so training would be included. Out of a few dozen applicants, maybe five or six met those *basic* requirements. One of the applicants said that he dealt with managed switches - "Like, three or five port switches..." He was one of the better candidates, as he at least knew wh
Re: (Score:2)
2. They get to bring in already trained H1-Bs.
The only way to fix this would be with government regulation, and nobody wants to do that because we've been told for 50 years that government == bad.
You don't think that's a particularly bad example? I mean, unless you think the H-1B program came from the immigration fairy, government really does == bad in this instance.
Re: (Score:2)
That has always been the case in ANY profession. There has always been a gap between mindset of the hiring managers and HR people, making the whole issues a confusing mess
Re: (Score:2)
Government regulation is what set up this situation. The fix is for the regulators to do their jobs. Trump has actually made progress on this front, but you can forget about it on January 21.
Re: (Score:2)
Right, they outsource to india, costa rica, etc where they can find papermill freshers rather than hire and train US workers. The high requirements help them justify those moves.
Re: (Score:2)
the requirements are there because the companies don't want to train. So they set artificially high requirements to avoid training costs. This has 2 benefits: 1. They get to tell regulators "We'd love to secure our network but we can't find competent people". 2. They get to bring in already trained H1-Bs. The only way to fix this would be with government regulation, and nobody wants to do that because we've been told for 50 years that government == bad.
I deal with cybersecurity and I can tell you that this is just simply not the case. HR and recruiters don't understand it but it's very difficult to find the right people you need anywhere in the world. Would I love to hire 10 security experts in India? Sure as hell would - but I'd pay a fortune to find anyone with the skills I need. It would be easier and more cost effective to hire some fresh college grads in the US and train them for what I need. I'd probably spend at least a year looking for such pe
Re: Not gonna happen (Score:2)
What rising wages? Everyone at my company took a 25% paycut because covid "was going to disappear by Easter"
Re: (Score:2)
That was before the Chinavirus and the lockdown.
I was up $40k/yr since 2016. Now I'm unemployed.
Re: (Score:2)
Now I'm unemployed.
Maybe you shouldn't have eaten the brains of your cubicle mates.
Re: (Score:2)
Posting AC doesn't save your points. Who spread this nonsense? If you could post (ac or not) and mod on the same story you could abuse the combination.
Re: (Score:2)
Re: (Score:2)
I liked the recent proposal where they were going to put a wage requirement on H1-Bs. If you need to bring in workers that are the best in the world, then you will pay them accordingly? right?
Re: (Score:3)
Agreed - if there's an actual shortage of skilled labor, rather than just a shortage at the desired price point, then there should be no objection to paying them accordingly.
I'm not sure the proposed six figure minimum wage is necessarily the right approach since H1-B targets skilled labor, but not necessarily just best-in-class, nor only high-profit industries. But anyone on an H1-B should be getting paid at least in the top 10th percentile or so for the field.
I'd also say there should be a straight-forw
Re: (Score:2)
For the last four years there have been no rising salaries. Wages have been stagnant.
Re:Not gonna happen (Score:4, Insightful)
Yes, governments can and have been pretty evil on occasion, so we can't ever have a government do anything at all on any front.
Better that we entrust everything to private companies that have never ever done anything vaguely evil.
Re: (Score:2)
The German educational model seems to work pretty well. University is not for everyone, consequently, janitors do not need a two year degree. Apprenticeships are common and often cover a wide variety of functions in one apprenticeship (I know our apprentices will work several rotations in different departments, and even our IT apprentices will work in manufacturing for a rotation).
Not Just A Problem For Cybersecurity (Score:4, Insightful)
Re:Not Just A Problem For Cybersecurity (Score:4, Insightful)
It may be an issue with recruiters too who for many IT jobs post outrageous lists of frequently contradictory requirements because the recruiters actually don't know diddly about IT.
One of my favorite I saw back in the day was a recruiter posting saying they wanted a developer with 5 years of .NET experience but .NET had only been out for about 3 years.
Re: (Score:2)
I don't know if the fault lies with the company's IT department (probably not), it's HR department (more likely) or the recruiter (also more likely), but between them they have managed to whittle down the potential candidates from a few hundred to none...
While similar requirements might have a function to
human resources recruiter doesn’t have exper (Score:3)
human resources recruiter doesn’t have experience in the area to know what is entry-level??
One time I think I had that 1st thing in the interview you have all of that but this is an entry-level job so you will not be doing a lot of the listed skills that you have.
Re: (Score:2)
Re:human resources recruiter doesn’t have ex (Score:5, Interesting)
You know, I lead a security team of several hundred people. I can tell you that HR does not define our job ads - we do.
And it’s been like that at every company I’ve ever worked with. HR also doesn’t understand finance roles, or medical engineering, or... etc. They don’t try to stick themselves in the middle like that.
What they do try to do is ensure you’ve got the basics covered.
This hate on HR has gotta stop. If cyber ads are poor, it’s our own damn fault, not theirs.
What do you mean? (Score:2)
Re:What do you mean? (Score:4, Funny)
What do you mean 10 years experience with Kubernetes is ridiculous?
If they ask for 10 years of Kubernetes experience then say you have 10 years of Kubernetes experience. Hell, I've been using it since the 80's. And I know Kung-Fu.
Re: (Score:2)
When I got laid off from a game development job in mid 2010, I was looking for a similar career to what I had been doing, and I recall coming across one job ad that asked for five years of experience in iPhone game development.
Considering at the time, the iPhone had only been out for 3 years, I found this amusing. Where I had been working, I had only personally been involved in one iOS project up until that point, so I applied anyways, and didn't mention my iOS experience specifically except in the con
Re: (Score:2)
Considering at the time, the iPhone had only been out for 3 years, I found this amusing. .... I never heard back from them, and I eventually landed a different job with another local game studio. I always wondered what they were actually expecting, however.
They hired me instead because I had TEN years of iOS experience.
Lying on a resume will get you fired with cause (Score:2)
This is why we need government regulation, workers and employees are not on even footing.
IBM wants 12 years in Kubernetes (Score:2)
https://tech.slashdot.org/stor... [slashdot.org]
Re: (Score:2)
adversarial (Score:2)
Shocking news! (Score:2)
Wow, you mean to tell me companies try to lowball prospects when hiring? I am shocked, absolutely shocked!
Re: (Score:3)
Re: (Score:2)
they can unilaterally bring down salaries between all companies
If they need to do it between multiple companies, then they're doing it multilaterally
/pedantry
They must be joking (Score:2)
This is only about 1 thing (Score:4, Insightful)
Any organizations, corporations or groups that are pushing this will just buy the laws and regs they want from their Political, Bureaucratic and Legal assets.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
This is why, IMO, that the minimum wage should be brought up to living wage standards.
If you expect to pay a living human being to do the work, then pay them a wage that is high enough to, you know, actually live on.
Otherwise, IMO... you need to either automate the job or else just do it yourself.
Re: (Score:2)
This is why, IMO, that the minimum wage should be brought up to living wage standards.
If you expect to pay a living human being to do the work, then pay them a wage that is high enough to, you know, actually live on.
I agree with this, but to preemptively counter the "high school student/working my way through college" argument, allow for companies to apply to classify positions as "student" positions that pay below livable wage but are subject to stringent employment criteria: age of the employee, proof of attendance to an educational institution of high school/high school equivalent level or higher, a cap on the number of hours worked per week (so they can study), and workable hour restrictions (since they should be a
Re: (Score:2)
allow for companies to apply to classify positions as "student" positions that pay below livable wage but are subject to stringent employment criteria: age of the employee, proof of attendance to an educational institution of high school/high school equivalent level or higher, a cap on the number of hours worked per week (so they can study), and workable hour restrictions (since they should be attending class at certain hours of the day).
What about retirees who want to make a little extra money to supplement their retirement income? What about people who want to earn a little extra money for the holidays?
The individual employee qualifying for this position should also be tracked and monitored to limit the amount of hours they work per week as well (so they aren't working 3 jobs for 60 hours a week, for example).
And, who do you expect to do this extreme invasion of people's privacy?
I would also say limit the number/types of positions that could qualify for this classification for each workplace/location
And, who decides what that using what criteria? Can every employee at a fast food restaurant qualify?
This lets fast food restaurants and similar employ cheaper employees who don't need a livable wage while protecting those who actually need to be able to support themselves.
The people primarily protesting for high minimum wages are people employed by fast food restaurants and in positions that require little to no skill or education. You ar
Re: (Score:2)
Why should not requiring much skill or education be an excuse to pay a living human being anything less than what a human being needs to actually live? Why should a person who lacks education or experience have less of a right to survive in society?
Absolutely everyone, from the experienced engineer to the janitor to the person who flips hamburgers for a living should by rights make enough at their job to live off of it if that is their only job and it is anything close to full time, but because of the
Re: (Score:3)
Why should the fact that some people might not need a full time job to live affect how much people who do need one can make doing the same job?
It is abhorrent that *ANYONE*, regardless of the qualifications or education level, should ever make anything less than the amount they need to live on.
Regardless of the demands of the job,
If the job isn't worth paying a human being enough to do the job, then why would anyone have human beings doing it in the first place unless they wanted to treated people as
Re: (Score:2)
allow for companies to apply to classify positions as "student" positions that pay below livable wage but are subject to stringent employment criteria: age of the employee, proof of attendance to an educational institution of high school/high school equivalent level or higher, a cap on the number of hours worked per week (so they can study), and workable hour restrictions (since they should be attending class at certain hours of the day).
What about retirees who want to make a little extra money to supplement their retirement income? What about people who want to earn a little extra money for the holidays?
Easy, carve out exemptions for them too. Retiree based, again, on age, and total hour restricted. Seasonal should have hourly limits (since it's supposed to be a supplemental job), and of course limited by industry and time of year (the same business doesn't get to say Jan-Mar is one season, Apr-June is another, etc)
The individual employee qualifying for this position should also be tracked and monitored to limit the amount of hours they work per week as well (so they aren't working 3 jobs for 60 hours a week, for example).
And, who do you expect to do this extreme invasion of people's privacy?
This may shock you, but for the people who work jobs where minimum wage is a factor, the government (specifically the IRS and state equivalents) already know exactly how many hours they are wo
Re: (Score:2)
This is why, IMO, that the minimum wage should be brought up to living wage standards.
If you expect to pay a living human being to do the work, then pay them a wage that is high enough to, you know, actually live on.
Otherwise, IMO... you need to either automate the job or else just do it yourself.
Not all jobs are targeted at people who need "a wage that is high enough to, you know, actually live on." Many jobs are targeted at retirees, teenagers who live at home, people wanting to make extra money. The big problem is that people are trying to live on jobs that require no skills and grade school education because they that is all they qualify for because they blew off school and have no skills. Also, the minimum wage for the nation should be what is required in the cheapest place, not the most expen
Re: (Score:2)
I don't know, but whatever it is, at least they will be paid better.
Most people who get laid off through no fault of their own do eventually find other work.
I have not heard of any study that shows any sort of correspondence between minimum wage increases and homelessness of able-bodied people who were otherwise willing to work.
Re: (Score:2)
Not all jobs are targeted at people who need "a wage that is high enough to, you know, actually live on." Many jobs are targeted at retirees, teenagers who live at home, people wanting to make extra money. The big problem is that people are trying to live on jobs that require no skills and grade school education because they that is all they qualify for because they blew off school and have no skills.
Or just had shitty luck. I graduated with a Master's degree and spent 3 years working in a warehouse for $12 an hour before I got a decent paying job. Because I was lazy and unskilled? Nope. Because I graduated during the middle of a damn recession. And the only reason I got that $12 an hour warehouse job was because I had been working seasonally/part time for that company since freshman year of college and I had the seniority to qualify for a full time position. That is why you need livable minimum w
there are plenty of people until they aren't (Score:2)
There are plenty of IT people available if you pay the going(livable) wage. Any organizations, corporations or groups that are pushing this will just buy the laws and regs they want from their Political, Bureaucratic and Legal assets.
Are you actually hiring people? Where from? What you're saying sounds nice. I just have been trying to fill a team in a tech town. It's tough and we really have to compromise and still the positions go unfilled.
For example, a routine backend engineer...we expect them to know core Java and how to write a basic SQL query, 2 of the most common skills in the last 20 years for working programmers...ideally we'd like them to have experience with ORM and writing REST services, but we gave up on that long ag
Re: (Score:2)
All of this - and then add that if youâ(TM)re hiring for Cybersecurity, itâ(TM)s a high stress environment (studies show that Cybersecurity has among the highest levels of substance abuse of any tech job), and often require people with BOTH high level technical skills (take a look at this code and review it for any SQL injection attacks is harder then Write code to query a table) and people skills (OK, now that you found the injection vulnerability, talk to the developer who wrote the code and tea
Re: (Score:2)
I just have been trying to fill a team in a tech town.
I don't consider 150k-200k for entry-level routine business programming to be 3rd world wages
That depends on the tech town in which you are trying to higher. If you are in Silicon Valley where people making $150K a years have to live with 3 roommates to be able to afford an apartment, then you are wrong.
So, tell what tech town you are referring to and we will judge if you are in the right ballpark for entry level people.
The Entire Process is Broken (Score:5, Informative)
A lot of this could be fixed just by having the recruiter know something about programming and the business model of his clients, but that would require him to work more closely with his clients than most recruiters do. And any recruiter who knows that much about programming would make more money as a software engineer anyway. No one seems to be particularly inclined to change the system, so it'll probably stay that way. You'd think that if a company came along that could suck just a little bit less at all of this, they could clean up in the market, but so far no one actually has.
Cyber Jobs? (Score:3)
They *pay* people to cyber now? Wow. I guess the pandemic really did change things.
Oh, wait. This is about cybersecurity. Never mind.
Re: (Score:2)
Let's stop whining (Score:2)
Re: (Score:2)
This is a long time coming. (Score:2)
A lot of companies are letting possible excellent employees go, because their job requirements just stink.
Often they take the Experience of the guy who just left the company and tries to get a new employee who matches the guy who just left. Not thinking the following.
1. The guy who left, probably left because he was overqualified for the job, and couldn't move further. So you are trying to bring in someone just as overqualified thinking that they will jump at the opportunity to do a job beneath their abil
Re: (Score:2)
Wanting to work for $15 an hour.
But you are ignoring the stock options! That's how you will be rich.
One executive that I used to work with started a company and tried to recruit me. When I said I'd need a sizeable salary bump, he responded that it would actually be a cut, but instead I would have equity given and that is going to let me be the multi millionaire instead of making someone else a multi millionaire.
Strangely, despite his assurances that was the better deal, he wouldn't keep the equity and give me a higher salary. To no-ones s
Re: (Score:2)
Avoid coded critera (such as Fitting into the Corporate Culture),
Fitting into the corporate culture is not "coded criteria". Hiring people who don't fit into a company's corporate culture is a recipe for unhappy employees and high turnover.
I know of a company whose corporate culture including being on call. They hired a guy who was technically what they wanted and had the skills they needed but he told them straight up that he didn't own a cell phone and didn't want to own a cell phone. He lasted an entire day and was told not to come back because he didn't fit in with
Dammit Slashdot (Score:3)
What's the fucking point of having a checkbox "Ads disabled" if you keep resetting it or not respecting it between your dozens of sub-domains?
No money (Score:2)
Re: (Score:2)
In other words, American companies are not reserving the funds they need in order to protect themselves from hostile nations. Wonderful, I'm sure that will end well.
Don't worry. I'm sure the enemies of America will be happy to provide an outsourced cybersecurity manager after American Greed complains loudly to the H1-B program about American salaries. Foreign spies will even take that job cheap.
Only downside is finding new hires. Seems they only stick around long enough for the file copies to get done...
Imagine (Score:2)
Re: (Score:2)
And, if you don't have the required experience, don't apply for the job.
Everything old is new again.... (Score:2)
This has been going on forever.
I remember seeing a job with requirements of "5 years experience in ${PRODUCT} 2007" ... in 2008.
The view from the other side of the desk (Score:2)
Iâ(TM)ve been hiring people for âoecyberâ positions from before it was called that :).
Hereâ(TM)s some tips for anyone attempting to break into this segment:
1) Cyber != IT or development. Expect different questions. Iâ(TM)m unlikely to ask you to code anything during an interview. Iâ(TM)m going to ask you to explain the difference between Asymmetric Crypto, Symmetric Crypto, and Hashing. Depending on the position Iâ(TM)m hiring for, I may ask you to describe to me a vul
Re: (Score:2)
There are a lot of cybersecurity positions that exist to ensure some cybersecurity framework or other (weak) compliance requirement is "met".
What you are looking for I would imagine might be hard to fill unless you're offering that million dollar salary to compete with that skilled individual who's having fun sitting at home cashing in on bug bounty programs. If you have the skills to go "wide and deep" in cybersecurity, there are probably much better paying positions that are quite frankly more exciting a
Re: (Score:2)
> What you are looking for I would imagine might be hard to fill
Ya, I work the operational security side of the fence. My teamâ(TM)s job is to implement real security (my bossâ(TM)s words, not mine) and watch the script kiddies and nationstates poke around the place and build the next set of walls.
I personally find it more rewarding then the bug bounty game, and way more ethical then the 0day weapon broker market. But I agree its not a universal mindset. I find redteam to be too easy. They
Yakity Sax (Score:2)
No doubt I'll draw angry comments from actual competent cybersecurity professionals who are here on Slashdot, but before you start shooting at me: my opinion comes from the virtually daily news stories of this-or-that large company or organization that's getting their ass handed to them by this-or-that cybercrime organization -- and yes, I acknowledge the fact that your efforts are regularly hamstrung by shitt
Yup (Score:2)
I don't have it handy, but a guy posted a tweet about finding a listing for a programming job. The ad said the candidate had to have five years of experience with a particular language.
The problem was the language had only been around for three years and the guy who posted the tweet was the one who developed the language.
The comment above has been
Manager here... HR is often the problem (Score:3, Informative)
a. HR filters candidates based on keyword match - if even some are missing, resume get dropped. This makes job description overly generic, as I don't want HR to filter our good candidates because they listed Python when I asked for Metasploit.
b. Ladies at HR have their own ideas what makes someone a fit and they will often hire based on diversity goals, as their bonuses partially tied to that. I only can come up with top 3 picks out of filtered pool and they ultimately decide who to hire. For something specific, there might not be 3 qualified candidates in the pool.
c. I have very difficult time justifying high InfoSec salaries, seeing how HR sees my field similar to IT and development and wants to pay accordingly. Our organization has salary ranges based on seniority, to offer competitive salary I have to set 10+ years seniority, this means I have to ask for 10+ years in some specific skill. This means HR will screen your resume unless you put it as a line item on your resume.
Let's be real.... (Score:2)
They'll claim they want cybersecurity... then require the certs that three people might get in 10 years, just as they do for everything else, because a) they don't want to pay fair wages, and b) under no circumstances will they *pay* for training, they'll have the employees charge it to the contractee company's accounts (like my company did).
Then, of course, the CEO, and all the MBAs, will put that as last item of business, and be shocked, shocked, when they're hacked.
Dunning-Kruger barrier. Bending reqs to fit agenda (Score:2)
It also worries me gre
In agreement (Score:2)
I've wanted to get into infosec but the experience and certification requirements are definitely excessive. I may not have all of the knowledge, but I'm a quick learner, have a grad degree, know some programming languages, and enough about Linux and networking to run my own home servers for a variety of services. Clearly, I have no issues learning new technologies and keep abreast of changes. It's not good enough, they say. Someone mentioned that it's about not wanting to train people, and that seems like a
Re: (Score:2)
You better fire your secretaries, help desk, tech support, cleaning crew, etc. They don't directly increase profits.
Even your developers don't directly increase profits, they just make your products and only cost money. The only people who directly increase profits are the people in your sales department.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
fire your secretaries
LOL, no. Having a secretary is a status symbol, and lording it over the lesser managers is the only thing more important than next quarter's profits.
tech support, cleaning crew, etc
They've been gone for years! T1 help desk is run out of a call center in Indonesia that handles a hundred other companies, T2 is also the Exchange/database admin, and the cleaners are sub-sub-subcontractors who definitely don't *know* are here illegally and getting paid less than minimum wage, cash under the table.