this is pretty dire.

Seeing how the whole ICT industry is right now, this kind of event has some of the hallmarks of the dot com period

Who would want to protect the people in charge at this point with their #Infosec ?

Seriously.

taking this opportunity to hype public institutions:

Water needs you.
Edu needs you
Your city needs you.

you wont be a pen tester. probably not a SOC analyst. but youll have fun, learn a ton, go bald, turn grey, and maybe even save a life.

so my partner and I were talking about this recently. Their org needs entry level people and it is cybersecurity. Not red team, engineering or SOC, but insurance. This role isn't hunting baddies. But they need critical thinkers who can meet deadlines and have the broad cybersecurity domain knowledge. They have a heap of women in leadership. Oh, and you're not on call!

It's hard to predict exactly where your career will go. I thought I was going to be a mechanical engineer. And my custom LinkedIn URL still has dba in it.

I apologize for contributing to the bootcamp rift as part of the education staff. It earned me enough pocket change to hopefully complete my BS in cybersecurity if I hunker down.

I'm unfortunately part of the fallout of one of those bootcamps that's pivoted HARD, but I'll shortly be on the prowl for any jobs more aligned with cyber and security as I complete my certs and try to convince hiring managers the small projects I came up with and barely managed to pull off are worthy of their time to put me on an interview list.

It was a gig, it kept introduced me to things that were outside of my community college curriculum, it kept me mostly up to date on what hiring managers wanted to see... But the last 3 years I've seen my students struggling to find employment.

good post and some really naive replies.

Like you mention, I do think there is a feedback loop of training vendors performing unscientific surveys of infosec managers asking “how many more people do you need to run your program?” Rather than “how many additional people will you be able to hire?” And then run around setting pants on fire with their extrapolated nonsense, driving further investment in building a workforce for jobs that done exist. Employers are loving it, because it means they are finally seeing downward pressure on salaries due to the glut of workers. And now we get to compete with AI on top of all that.

@sindarina You do intend to remove this once you can, right ?

(No boost while the AI slop remains).

I've been training, reading, learning, breathing, drinking, shitting security for most of my adult life now and I haven't gotten a single role since I've been looking.

I have nearly 10 years in operational IT between both internal and MSP IT infrastructure as a security SME and I can't even get a call back from security role jobs I apply for.

I'm no rockstar and I know that. I expected SOME level of foothold with my experience, but I am so fucking wrong and it's depressing.

"none of the jobs I just named are the typical entry level tracks of 'junior pen tester' and 'SOC analyst'"

I can only talk about pentesting but my stance has for long been that pentesting shouldn't have been an entry level position in the first place. Inviting people to this path with 0 experience in dev or ops is a scam that has long-term negative effects on the industry as a whole.

@sindarina I’m still seeing the AI slop preview image on my end, I just hope the fix will propagate.

🤞

(I wonder if editing the post could help make mastodon refresh the preview ?)

one of the awful things that they've done is bring a glut of people into the market who are lacking the proper critical skills and security fundamentals.

The amount of wheat doesn't seem to have risen as much as the amount of chaff. And it does such a disservice to the good candidates, because they're nearly indistinguishable on a resume.

So now, if I'm hiring for a role, I have to go through 10x the candidates that I used to in order to find those people.

In short, everything is so much worse, including from the employers' perspective.

I grew up in the "Can't find a job, learn to program" and "Kids, learn to program because that's the most valuable skill for the jobs of the future" times.

Now it really does feel like the chatter is about "Get into Cybersecurity! It's understaffed and everyone's hiring!" But what I've seen is way more in line with your blog post. I've considered going after cybersecurity certs but I'm worried that by the time I get them (if not already) a couple certs without a degree won't be good enough for an entry level job.

Thanks for this. And all you do. I appreciate your truth-telling.

After some mental health upgrades, I decided to return to tech and was recruited to lead an autistic SOC project. It didn’t pan out, but I got hooked on cyber. That was just as the cloaca of cyber jobs hype opened up. I did all the things, but despite 2 decades of senior experience in biz and tech, and all the “right” letters after my name, I was ghosted by every cyber company I applied to. It was effing demoralizing. I was happy to start at the bottom and work my way up, but the market was smoke and mirrors.

I’m back to teaching and consulting in ITIL, online thank goodness. But the lost potential of so many adaptive, dedicated, fast-learning middle-aged career returners who thought cyber was cool and would have been really excellent team members, is just heartbreaking.

I know several women who attended a career change bootcamp here for cyber security. It was supposed to have guaranteed jobs.

Last I heard, *no one* got a job out of it. Very few offers, and among those that existed, none had pay rates that a mid career adult could afford to go down to without selling a house or moving (not so feasible with kids etc), and of course there were no part time jobs.

Edited to add: I'm not really blaming the program. I believe it was nfp, trying to address the gender gap. But if they don't address things like mentoring, part time and on call stuff (work life balance), and actually funding the blue team and janitorial roles properly so that there are people to do the mentoring *in the workplaces* .... Then it's not possible.