Cybersecurity hiring managers need a reality check when it comes to hiring junior staff, with job adverts littered with unfair expectations that are hampering recruitment efforts, says industry training and cert issuer ISC2. According to the organization's latest hiring trends study, entry-level and junior job descriptions …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Friday 13th June 2025 13:41 GMT Throatwarbler Mangrove

Security+

On a lark, I decided to do a CompTIA Security+ prep course and found it so basic that I skipped right through several modules. Not that I'm particularly interested in security work, per se, but perhaps I should scoop up the certification if it's in such high demand.

21 0 Reply
1. Friday 13th June 2025 14:56 GMT elsergiovolador
  
  Re: Security+
  
  If a job description fixates on certificates, it's usually a sign that no one in the hiring pipeline actually understands the role. Expect to work alongside people who bought their certs, memorised multiple-choice answers, or got waved through because HR needed a checkbox ticked.
  
  And if they clock that you’re actually competent? Brace yourself - you’ll get all the work, none of the credit, and probably be told you’re “not a team player” when you burn out from carrying dead weight.
  
  38 0 Reply
  1. Friday 13th June 2025 15:02 GMT ecofeco
    
    Re: Security+
    
    ...or eventfully fired because you're a threat to the favored son and making them look bad.
    
    My philosophy these days is sod it all and let them burn.
    
    22 0 Reply
  2. Sunday 15th June 2025 22:17 GMT MachDiamond
    
    Re: Security+
    
    "Expect to work alongside people who bought their certs, memorised multiple-choice answers, or got waved through because HR needed a checkbox ticked."
    
    I put the effort into getting good at taking tests. I find that most of the time, the certification doesn't have much to do with what the job is about and can often ramble off into edge cases. Having a stack of certs is nice decoration on a resume and it impresses the HR types. Get a few, lie about having a few more, get to the interview with the supervisor if it's a job you feel qualified for.
    
    3 0 Reply
2. Friday 13th June 2025 16:21 GMT BartyFartsLast
  
  Re: Security+
  
  I did the pre requisite COMPTIA certs for some manufacturer training by skimming the index of the books, they're basically gatekeeping and I tend to skip jobs which list COMPTIA as a requirement because it signals they're pretty clueless.
  
  I do find it wryly amusing when I see the whining of recruiters and managers that they can't find qualified candidates but then refuse to train or try to hire people with years of experience for an intern level wage.
  
  The main shortage is one of employers who are prepared to invest in and pay staff as well as create a work environment and culture that people want to be part of
  
  26 0 Reply
Friday 13th June 2025 14:01 GMT Pascal Monett

Let's be clear

Recruitment offer that demands you to be young and highly qualified and experienced at the same time ? What a surprise.

This has been going on for decades already. Companies want to put you to work and pay you peanuts for the priviledge. Everybody knows the stupidity of this, but somehow it keeps on happening.

34 0 Reply
1. Friday 13th June 2025 14:26 GMT Doctor Syntax
  
  Re: Let's be clear
  
  I suspect that some of these problems can often be laid at the door of ISO 9000 and its friends and relations.
  
  Scene: Quality manual is being written
  
  Wallah 1. We come to minimum experience need for any job.
  
  Wallah 2. It can't be just anybody. All jobs must be done with somebody with good experience.
  
  Wallay 3. How about 5 years?
  
  Wallah 2. Sounds good to me. Should that be the current version of whatever it is they're using?
  
  Wallah 3. That must be right. In fact current versions of anything should always be used.
  
  Wallah 2. I'll go along with that.
  
  Wallah 1. And me. I'll put that down.
  
  And hence we have a requirement to use stuff which is never more than 2 years old and those needing it need to have been using it for at least 5 years.
  
  31 1 Reply
  1. Saturday 14th June 2025 12:17 GMT Eclectic Man
    
    Re: Let's be clear
    
    I was a security consultant to an organisation that had an ISO 9000 'quality' system. I was told the external consultant just sat in a corner and wrote it for them. Which is why it was completely useless and ignored.
    
    10 0 Reply
  2. Monday 16th June 2025 10:39 GMT HMcG
    
    Re: Let's be clear
    
    And this is why people lie about their experience on their CV’s , and employers don’t bother checking up on claimed former employers .
    
    0 0 Reply
2. Friday 13th June 2025 17:28 GMT Groo The Wanderer - A Canuck
  
  Re: Let's be clear
  
  Yes, this has been "industry practice" since the early 2000's for all IT positions. The kicker is they call a decade of experience a "junior" when in any trades those are experienced journeymen.
  
  Why? So they can screw you over right royally on compensation.
  
  20 0 Reply
  1. Saturday 14th June 2025 16:59 GMT martinusher
    
    Re: Let's be clear
    
    Its not just IT positions. Its been a bit of a joke in engineering for a couple of decades or more that job descriptions were written that the only possible candidate could be someone employed in a key role in a competitor (who's hardly likely to want a junior position!). It got so bad at one time that there was even a comprehensive article in the Wall Street Journal back in the 2000s about this.
    
    But as everyone has noted, it says more about the company than the candidate. What they're actually likely to end up with is a first class blagger -- someone who knows how to talk the talk. Ideal Marketing material,in fact.
    
    6 1 Reply
    1. Saturday 14th June 2025 17:10 GMT mcswell
      
      Re: Let's be clear
      
      "Its not just IT positions." Agreed. A relative was trying to find an intel analyst job a couple years ago, and many of the ads were for so-called "entry level" positions with 5--10 years of experience. Any HR person should have known that this much experience is not entry level.
      
      6 0 Reply
    2. Sunday 15th June 2025 22:24 GMT MachDiamond
      
      Re: Let's be clear
      
      " Its been a bit of a joke in engineering for a couple of decades or more that job descriptions were written that the only possible candidate could be someone employed in a key role in a competitor (who's hardly likely to want a junior position!). "
      
      That's who those postings are written to attract. Acme widgets can't just put in the ad that they want the head of engineering from Spacely Sprockets straight out. If they write the ad for that and go one to say that it's a junior position with a salary bracket that is far too low, they've shot themselves in the foot and what might have happened is that once the posting was crafted, some other nob with approval authority didn't get the memo on why the position was being advertised. Hint: it wasn't to bring in a junior anything.
      
      Another reason you will see these type of ads with odd qualifications is the company needs to advertise the position in-country and not get any "qualified" candidates so they can hire somebody foreign who will have the necessary qualifications for the job and will work for half the wage (that they send home).
      
      0 0 Reply
Friday 13th June 2025 14:02 GMT Boris the Cockroach

Its always

been this way.

Technology X is released to the public.

5 minutes later the job ads start appearing Senior roles : must have 5 years+ in technology X, junior roles: 2 years experience in technolgy X (plus a master degree in comp science and 5-10 years in a developers role, ideally aged 21 or less)

Cynical? and there me thinking the was my middle name

39 0 Reply
1. Friday 13th June 2025 14:16 GMT b0llchit
  
  Re: Its always
  
  The real kicker is that questioning or commenting on the contradictions and impossibilities makes you ineligible for the job. You are marked as "person questions authority" and that disqualifies you immediately.
  
  27 0 Reply
  1. Friday 13th June 2025 15:14 GMT DJV
    
    Re: and that disqualifies you immediately
    
    Then again, do you really want to work for a company that prides itself in the employment of people who constantly generate such contradictions?
    
    Of course, if the company also has a BOFH with more than 10 years of lift-shaft maintenance, a qualification in applied quicklime along with a sideline in rolled-up carpetry, there may still be hope for the place!
    
    17 0 Reply
2. Friday 13th June 2025 23:04 GMT Anonymous Coward
  
  Re: Its always
  
  Indeed. I remember a User Friendly cartoon mentioning a job advert that required 10+ years experience in Java, with a character pointing out that Java was only 5 years old. (Exact years may not be right, but the point is.)
  
  The cartoon itself has been defunct since 2010.
  
  7 1 Reply
  1. Saturday 14th June 2025 06:53 GMT Gene Cash
    
    Re: Its always
    
    What? Surely, all the commentards here read UF! It's a perfect reflection of working in IT! It's a must-read!
    
    Oh wait, it's actually been dead since 2010 and deleted from the internet in 2022.
    
    God damn it. RIP Illiad. I hope he's doing ok, wherever he is.
    
    5 0 Reply
    1. Monday 30th June 2025 11:17 GMT Peter Gathercole
      
      Re: Its always
      
      Comics are still visible on Archive.org, I believe.
      
      One of the problems with long term web comics like this is trying to remain original without repetition. I think it's axiomatic that unless you're writing about something current, and thus allow repetition when life repeats, web comics will always have a limited life conditioned by the imagination and life experiences of the author.
      
      At least Randall Munroe is still going with xkcd.
      
      0 0 Reply
  2. This post has been deleted by its author
3. Sunday 15th June 2025 22:30 GMT MachDiamond
  
  Re: Its always
  
  " ideally aged 21 or less"
  
  Unless there is some legal requirement for a minimum age, you couldn't put that in. What you can put in is the job requires occasional or frequent travel at the last minute. Somebody with a spouse or young family would have a hard time with that. You would likely get more fresh-outs that are single and don't have after-work responsibilities.
  
  0 0 Reply
Friday 13th June 2025 14:02 GMT abend0c4

Unfair expectations

Potential employers seem to try it on all the time. But if they're failing to recruit, presumably all those highly-paid HR "professionals" are there to align their candidate requirements with market reality. Or is that an unfair expectation too?

8 0 Reply
1. Friday 13th June 2025 14:27 GMT steelpillow
  
  Re: Unfair expectations
  
  Definitely unfair to expect HR staff to do a good job of HR. By failing to recruit, they make the case for more HR staff - an empire under them and a comfortable pension. Oh, and guess who wrote the ticksheet? HR!
  
  17 0 Reply
Friday 13th June 2025 14:18 GMT Tron

Time was...

...techies were not known primarily for their 'interpersonal skills'. This used to be a sector where you would treasure your ever-so-slightly aspie Linux geeks, even if they want to work at home, in glorious isolation, communicating only with the mothership in Klingon.

But now (outside India) they are seeking clubbable folk with interpersonal skills who yearn to work in teams, excavating the nether regions of server code in a spirit of caring, sharing togetherness. Oh brave new world!

27 0 Reply
1. Friday 13th June 2025 14:27 GMT Doctor Syntax
  
  Re: Time was...
  
  Interface layer needed.
  
  9 1 Reply
2. Friday 13th June 2025 14:48 GMT cookieMonster
  
  Re: Time was...
  
  Oh god, the horror.
  
  So glad I’m no longer in this field.
  
  5 0 Reply
3. Friday 13th June 2025 15:00 GMT elsergiovolador
  
  Re: Time was...
  
  Under UK law, autism is a protected disability - so rejecting someone with ASD for lacking vague “interpersonal skills” that aren’t essential to the job can be grounds for disability discrimination under the Equality Act 2010.
  
  But let’s be honest: corporations don’t want the best minds - they want compliant personalities who smile in meetings, nod through nonsense, and tick HR’s “team player” box. It’s not about ability, it’s about cultural obedience. If you’re brilliant but don’t perform the corporate social ritual, you're out. Because nothing threatens mediocrity like competence without deference.
  
  20 0 Reply
  1. Saturday 14th June 2025 06:39 GMT Anonymous Coward
    
    Re: Time was...
    
    Yup, I'm working in a project where they demanded it be written in [new technology]
    
    However, our 2 experts in [new technology] are rather abrasive, because a) they're somewhat autistic, b) quite direct and forthright, calling a spade a spade, and c) they're run ragged because they're experts in several new technologies.
    
    Guess who got kicked off the team?
    
    And guess how surprised management is, now that the project is completely stalled?
    
    Anon for obv reasons.
    
    15 1 Reply
    1. Saturday 14th June 2025 08:52 GMT Anonymous Coward
      
      Re: Time was...
      
      they demanded it be written in [new technology]
      
      Not the dreaded Fe₂O₃?
      
      4 0 Reply
      1. Monday 30th June 2025 11:20 GMT Peter Gathercole
        
        Re: Time was...
        
        I read that and thought Iron Oxide. Then it clicked....
        
        0 0 Reply
  2. Sunday 15th June 2025 22:36 GMT MachDiamond
    
    Re: Time was...
    
    "Under UK law, autism is a protected disability - so rejecting someone with ASD for lacking vague “interpersonal skills” that aren’t essential to the job can be grounds for disability discrimination under the Equality Act 2010."
    
    That just means the company can't come straight out and tell an applicant they aren't candidate for that reason. That could be a reason why there can be odd requirements that are listed in the job posting. While they might accept somebody that doesn't tick all the boxes (but was smart enough to claim they did), they can down check anybody they don't like for not being suitable based on one of them.
    
    0 0 Reply
4. Friday 13th June 2025 18:14 GMT GoneFission
  
  Re: Time was...
  
  There used to be a time where you could write your own salary if you had full-stack experience with a side of web dev. Now you need to be a sysadmin, network admin, cybersecurity expert, fluent programmer in at least C++, Python, Rust and Assembly, authored major contributions to a minimum of 4 popular open-source repositories and have received several laureate awards for public speaking on top of at least 2 TedTalks (no TedX please) to even begin the application phase for a $15 an hour part-time role.
  
  Then you get turned down because they hired the owner's nephew instead, who once looked at a computer, but they're paying him $90k a year to start
  
  15 0 Reply
  1. Sunday 15th June 2025 22:46 GMT MachDiamond
    
    Re: Time was...
    
    "Then you get turned down because they hired the owner's nephew instead, who once looked at a computer, but they're paying him $90k a year to start"
    
    The last one I had like that, the manager of the program retired as he kept getting lumbered with dead weight. He really wanted to hire me for an aircraft support position and got some execs wife's sister or something that would show up in heels and couldn't marshal aircraft on the apron. The core of the job being hired for was data entry, but the boss really wanted me since I could be used all over the hanger as the job didn't take much time everyday, but needed to be done everyday. When I interviewed, we went out for a nice dinner (he was a friend of a friend), and talked about the job and how it would morph into more of an mechanic's assistant and test tech for the aircraft but he couldn't hire for that and getting me in via the data entry gig would give me a lot of on-the-job training doing that role. Mind you, this is a huge government contracting corporation, not some mom/pop store. Initially, the money was ok and after changing title, it would be quite nice.
    
    3 0 Reply
Friday 13th June 2025 14:51 GMT Ashentaine

I have to wonder

...if at least some of those jobs are ones that were already filled internally but due to regulations they're required to post a public listing, and so set ridiculous or conflicting requirements to keep anyone but the pre-chosen individual from applying.

10 0 Reply
1. Friday 13th June 2025 15:06 GMT ecofeco
  
  Re: I have to wonder
  
  You bet a fair percentage are, for sure.
  
  Compliance theater.
  
  6 0 Reply
2. Friday 13th June 2025 23:09 GMT Anonymous Coward
  
  Re: I have to wonder
  
  I've also seen where corporate HR put boilerplate requirements into all job requirements, whether they were appropriate or not. The requirement to be able to calculate real estate commissions, for an HVAC tech, comes to mind.
  
  5 1 Reply
3. Saturday 14th June 2025 17:02 GMT Sudosu
  
  Re: I have to wonder
  
  Ah, the ole publish the current guy's resume as the job posting trick.
  
  Blah,blah, blah and you must look exactly like this fellow and be married to his wife.
  
  6 0 Reply
  1. Saturday 14th June 2025 21:27 GMT John Brown (no body)
    
    Re: I have to wonder
    
    "Blah,blah, blah and you must look exactly like this fellow and be married to his wife."
    
    ..and now my twin brother no longer speaks to me :-(
    
    8 0 Reply
  2. Sunday 15th June 2025 12:33 GMT Caver_Dave
    
    Re: I have to wonder
    
    I've been on the positive side of that, with my CV being used as the template, via a manager I used to work with who really wanted me at this newish company he worked for.
    
    Submitted my CV to the HR dept. who also it turned out was the owner of the SME.
    
    Rang after a week and was told I was rejected as I had no profile on "flavour of the week" social media and so they didn't know what sort of person I was.
    
    I didn't complain as that told me enough about the company to know that I did not want to work there!
    
    7 0 Reply
    1. Sunday 15th June 2025 22:48 GMT MachDiamond
      
      Re: I have to wonder
      
      "Rang after a week and was told I was rejected as I had no profile on "flavour of the week" social media and so they didn't know what sort of person I was."
      
      They actually contacted you? Amazing. It was rare that I'd ever get as much as a "we received your application" form letter.
      
      4 0 Reply
4. Sunday 15th June 2025 08:37 GMT Anonymous Coward
  
  Re: I have to wonder
  
  That happened to me (posting anonymously for obvious reasons) I had been contracting and had to be let go due to company rule on contractors weren’t allowed to more than 2 years. They wanted me back and wrote a job spec that matched me and I have been working as a permanent member for 2 years now.
  
  5 1 Reply
5. Monday 16th June 2025 09:28 GMT Anonymous Coward
  
  Re: I have to wonder
  
  That and H1-Bs.
  
  0 2 Reply
Friday 13th June 2025 14:53 GMT elsergiovolador

Crisis

The cybersecurity hiring crisis - where companies want junior staff with senior certs, five years of experience, a spotless record, and the willingness to work for public-sector wages because "pensions". Newsflash: pensions are a 1980s relic. By the time most people cash them out, they'll be half-crippled from stress, redundant by automation, or dead. What exactly is the personal upside here?

Cybersecurity isn’t just a job - it’s a constant arms race. To stay sharp, you pay out of pocket for certs, run your own infrastructure, rent boxes for testing, keep up with threat intel, toolchains, legislation, and whatever AI-generated malware just dropped. Meanwhile, companies treat talent like disposable assets, with layoffs every quarter and HR still wondering why no one’s loyal.

The only reason you still get applicants is because some people genuinely love the work - and they have to eat. But don't mistake desperation for pipeline health. If you’re not paying for training, stability, or respect, don’t be shocked when your “junior hire” ghosts after six months or couldn’t spot a backdoor in a broom closet. You built this problem. You're just mad it's costing you now.

22 0 Reply
1. Friday 13th June 2025 15:02 GMT Pascal Monett
  
  Re: Crisis
  
  I have to say that I agree with absolutely everything in your post.
  
  Although I am getting close to pensionable age, so I'd rather it wait a bit longer to become a true relic.
  
  6 0 Reply
2. Sunday 15th June 2025 22:57 GMT MachDiamond
  
  Re: Crisis
  
  "Newsflash: pensions are a 1980s relic."
  
  They used to be a way for people that weren't all that responsible to have retirement savings done for them. The money would come out of each check with/without matching money and be invested in a steady fund that returns a reasonable interest over time. These days, the managers of the pensions are trying to make a killing when somebody isn't raiding the pension fund to pay for something at the company.
  
  When I was young, I signed up for an annuity/life insurance that was paid from my semi-weekly payroll. It's still ticking away many years later. The company I was with when that was started is long gone and I haven't paid in for ages. I've instead put money into buying a home (paid) and not carrying long term debt. There's no point in earning 5% and paying 22%. Even with today's home loan rates, it makes sense to buy, if possible. The retirement savings interest and the mortgage interest might be a wash (if lucky), but the home/land appreciates in value over time for a net win.
  
  After seeing how many pension funds are in lots of trouble, I'm glad I don't have money sunk in one that may not be there when I am eligible to collect.
  
  0 0 Reply
Friday 13th June 2025 14:59 GMT Anonymous Coward

It's no better at senior levels

I spent a few years as security lead for a product that I'd worked on as a developer. I knew the product, the team (dev & QA), had a good idea of where security issues might turn up. It was an interesting and fun job, even the visit to the SVP's staff meeting for a mea culpa after I (and fortunately not a customer) found a serious security issue in a new version that required a stop-ship & new release.

Then came promotion to security head for the wider organisation. I was a sort of policeman for products and teams that I barely knew, and who didn't like an outsider telling them how to 'do' security. I had the experience, but nor the formal qualifications, and getting those was tedious and uninteresting. Some of the products were appalling, some were very solid and secure, but neither liked an 'outsider' supervising them. Soul-destroying work, even with the teams I knew and liked. I stuck it for a couple of years & then left for something that allowed me to look forward to going to work again.

16 1 Reply
1. Friday 13th June 2025 15:09 GMT ecofeco
  
  Re: It's no better at senior levels
  
  Yep, once the silos form, it's all over but the shouting.
  
  7 0 Reply
Friday 13th June 2025 15:00 GMT ecofeco

Competive pay for experience

Offering 60K US and wondering why they got hacked, but for sure they know who to scapegoat.

80K if you're lucky. And no, that is still NOT a lot of money these days.

10 0 Reply
1. Friday 13th June 2025 15:04 GMT elsergiovolador
  
  Re: Competive pay for experience
  
  You could make much more as a sparkie. No CVEs, no threat intel feeds, no 3am breach notifications - just stay vaguely up to date on building regs and show up with tools. Can’t work from home, sure, but you also don’t get blamed when a FTSE 100 gets popped because someone reused "Analbeads2023!” as a password.
  
  9 0 Reply
  1. Friday 13th June 2025 15:11 GMT ecofeco
    
    Re: Competive pay for experience
    
    Yeah, in theory and for sure less stress, but wages are not keeping up in the USA, but actively going down across ALL professions.
    
    0 0 Reply
    1. Saturday 14th June 2025 02:40 GMT Anonymous Coward
      
      Re: Competive pay for experience
      
      ... unless you are CEO.
      
      2 1 Reply
  2. Saturday 14th June 2025 17:15 GMT Sudosu
    
    Re: Competive pay for experience
    
    I've done both and reflecting on it, I should have stayed a working electrician.
    
    My conduit work was beautiful, functional art. I was really good at it and proud of what I built. Much of it will be around long after I'm gone.
    
    Computers used to be fun, and I have a great affinity for them, but it turned into a career of meetings...I got fat :) and cynical because work was rarely about goals, just politics. Who can care about that for any length of time?
    
    Every manager, PM and BA are all IT legends in their own minds, I never saw that as an electrician.
    
    Once you get a trade ticket you can start your own company and make very good money, just like IT.
    
    4 0 Reply
    1. Sunday 15th June 2025 16:03 GMT elsergiovolador
      
      Re: Competive pay for experience
      
      just like IT.
      
      Just be aware that in the UK, worker owned companies are heavily restricted when it comes to making profit. It is all stacked in favour of big corporations exempt from the legislation (IR35).
      
      1 0 Reply
      1. Sunday 15th June 2025 18:57 GMT Giles C
        
        Re: Competive pay for experience
        
        That is only if you are contracting.
        
        The previous poster was talking about a trade as I read it plumber, electrician, gas engineer etc. most of the those I know are self employed doing domestic work, no IR35 there, mind you if you don’t have the customers you won’t earn much. But there are other ways of working besides contracting for big companies.
        
        1 0 Reply
      2. Thursday 19th June 2025 19:24 GMT Sudosu
        
        Re: Competive pay for experience
        
        Yeah, this is in Canada, so it is somewhat less restrictive.
        
        Our last prime minister intimated that all small business owners were tax cheats, which was concerning after seeing what happened in the UK with your IR35 problems, but nothing really changed.
        
        You can pretty much stick a magnet with your brand on the side of your vehicle or put an add in the classifieds, and POOF! you are a business.
        
        You have to file the additional stuff with your taxes and collect GST\PST\HST (our sales taxes) as required so there is some gov paperwork to be done but it can be pretty minimal for a one person show.
        
        If you represent as a trade you have to have a Journeyman ticket though or you can get in trouble and/or sued.
        
        0 0 Reply
  3. Sunday 15th June 2025 23:00 GMT MachDiamond
    
    Re: Competive pay for experience
    
    "You could make much more as a sparkie."
    
    You can make twice that unblocking people's loos after hours. Tell them you charge $200/hr plus they have to make you a meal and the only question asked will be how fast you can be over. People will light a candle and pay $100/hr for an electrician to come over between 9-5.
    
    1 0 Reply
    1. Thursday 19th June 2025 19:35 GMT Sudosu
      
      Re: Competive pay for experience
      
      You are not wrong!
      
      Had a friend who had to get an emergency call from a plumber: 3 hour minimum charge $120 an hour...and it took them 1/2 hour to fix the issue.
      
      Someone made some $$$.
      
      0 0 Reply
Friday 13th June 2025 15:04 GMT Neil Barnes

When I started work, back in the dawn of prehistory

Companies provided training. They had enough smarts to realise that engineers didn't hatch from the egg knowing all they would ever need to know, and that if they provided training not only would they get competent engineers (or weed out the incompetent early) but they would be trained in the way that the company did things and so could be reasonably expected to work in the same way as their colleagues.

The company I chose basically did a three-year on-the-job degree level education with both workplace and formal classroom work; the other companies that offered me work had similar schemes. Even thirty years later, they still offered training although by then it had mutated to the level that if you left within a certain time period, there was a compensatory financial penalty.

Expecting someone else to provide the training for your staff is just plain foolish.

17 0 Reply
1. Friday 13th June 2025 15:16 GMT ecofeco
  
  Re: When I started work, back in the dawn of prehistory
  
  Are you saying 28 year old CEOs might not have a clue about things in general?
  
  Someone should tell Meta they might have recently overpaid for one.
  
  Nah, on second thought, let them burn their money.
  
  10 0 Reply
2. Friday 13th June 2025 21:10 GMT Terry 6
  
  Re: When I started work, back in the dawn of prehistory
  
  This is a problem half a century in the making. When I was at high school ( that long ago) most of the older kids who left would go to one of the local big companies ( e.g. ICI or Ferranti) and be given training, or put through engineering courses, even degrees. By the time my year group got to that stage this had started to dry up. For a pair of reasons. One group of companies decided to stop that investment and poach time served engineers from The Place Down The Road. Then, inevitably, The Places Down The Road stopped training people because it was pointless. They didn't stay.
  
  Underlying this was the Beancounter mentality of circa 1975. On the one hand not wanting to pay the training costs to grow their own people, because it was cheaper to pay a little extra to poach experienced trained staff. On the other hand not wanting to pay enough to retain them once they'd been trained..
  
  6 0 Reply
3. Sunday 15th June 2025 08:45 GMT Giles C
  
  Re: When I started work, back in the dawn of prehistory
  
  The idea that because we (the employer) paid for a one day course in prehistory demands the right to force you into servitude for a millennium needs to be killed off completely.
  
  Where I work we get training (sometimes too much) on new products, and it you want to get trained on an item it will be granted as long as it is relevant - they won’t pay network engineers to do underwater basket weaving for example.
  
  They understand that we need to use new products and more importantly know how to use it properly. We are installing a new monitoring solution and everyone using the product did a two day course to make setting it up easier and we knew how to get it running.
  
  3 0 Reply
Friday 13th June 2025 17:32 GMT Groo The Wanderer - A Canuck

I'm one poor SOB in retirement, but I don't regret leaving the industry behind one little bit. The fun got replaced by irritating and irrelevant demands two decades ago

8 0 Reply
1. Friday 13th June 2025 20:03 GMT Anonymous Coward
  
  They haven't stopped, either...
  
  5 0 Reply
Friday 13th June 2025 18:23 GMT JLV

Among other requirements, the successful candidate will demonstrate 15+ years experience hardening LLM-based customer facing systems against hostile prompt injections.

7 0 Reply
1. Friday 13th June 2025 19:22 GMT Neil Barnes
  
  Sadly not new: I remember seeing adverts requiring ten years of W2k experience four or five years after its release...
  
  6 0 Reply
Saturday 14th June 2025 08:08 GMT Persona

Do they want to learn?

When recruiting I would never place much value on the candidate holding any certifications. Security experience would be a plus but not necessary. Instead I wanted a technical background that was at the upper end of what could be expected for someone with their level of experience. Most importantly I wanted people who not only could lean a lot quickly, but wanted to learn. I found people with a burning desire to learn to be the most valuable hires.

1 0 Reply
Saturday 14th June 2025 09:08 GMT Anonymous Coward

"even non-STEM fields"

successful recruits were also sourced internally from departments such as finance and even non-STEM fields like communications, HR, customer service, and marketing to bring fresh ideas to the table.

My experience of corporate ITSec would suggest RADA was the main recruiting ground for those security thespians. Don't suppose HR checked their Equity membership.

The question is fundamentally "Do you want secure systems or just the appearance of security?"

From the trail of increasingly unforgivable failures stretching back decades the answer is clearly the latter.

If you want more on-the-job frustration than one life can reasonably bear then this is the gig for you. Late employees of CISA would likely hasten to concur.

1 1 Reply
1. Sunday 15th June 2025 18:59 GMT Giles C
  
  Re: "even non-STEM fields"
  
  Is that why we refer to them as bad actors - sorry.
  
  3 0 Reply
Saturday 14th June 2025 17:19 GMT Sudosu

"security thespians"

I'm going to use that one, have a beer.

2 0 Reply
Sunday 15th June 2025 02:43 GMT Winkypop

The recruitment process

It’s as much about you selecting them as it is about them selecting you.

0 0 Reply
Sunday 15th June 2025 10:27 GMT Anonymous Coward

risk aversion

This sentence 'However, the study noted that successful recruits were also sourced internally from departments such as finance and even non-STEM fields like communications, HR, customer service, and marketing to bring fresh ideas to the table.' is telling.

Because the one thing that happens when hiring becomes a task in and of itself, is that risk management becomes a dominating criterion.

Especially in cyber, because security is invisible to begin with.

It's still better to hire someone who does not meaningfully contribute, but is 'safe', than it is to have 1-2 out of 10 of your good candidates fail.

It's a sign the company in question has too much of a buffer to tolerate that kind of inefficiency.

And let's be honest, very few companies care about security, nor do the vast majority of customers.

This is the same mindset that pervaded engineering before major dam disasters made it mandatory that only certified, and critically, independent, engineers could desing and oversee critical infrastructure.

But that will not happen for software, because the damage is also mostly invisible, except to those whose lives are ruined, but they don't post anymore on social media, so even more invisible.

0 0 Reply
Monday 16th June 2025 09:27 GMT Cerebus TA

No longer even slightly amusing

The industry is rapidly heading back into the 'joke' territory it has taken years to get our profession out of.

For example my eldest has a Masters Degree in Cyber Security and has grown up around Cyber Security and IT in general, but he can't even get a job on a basic help desk!

1 0 Reply
Monday 16th June 2025 14:53 GMT Electronics'R'Us

Silly job descriptions

As noted by others, this has been going on for a long time.

I recall seeing a job advertised on LI (I know, I know) for an electronics engineer.

They stated 'Typically 2 to 5 years of experience' so not quite entry level but not far above it.

They wanted:

Degree in electronics. [6]

Expert in analog and digital design [1]

Design for EMC [2]

Experienced with high end CAD tools [3]

Mixed signal design layout expertise [4]

High speed digital design [5]

among other things.

1. I have yet to meet a graduate from any university with any real knowledge of analog design and that is true of at least the last 30 years. It takes typically a couple of years of solid mentoring (if it even exists) or the grad studying it for said amount of time (or more typically 4 to 5 years) and actually building the circuits because it can advance their career , so they would need their own at least basic lab equipment. There is also a whole lot more to digital design than it seems at first glance. Sometimes the person who did not go to university has a better grasp depending on the career path.

2. This is still one of the darker arts although there is a lot of science but every design is different and has to be assessed with an experienced eye. To get good at this takes several years in its own right.

3. Depends on where they were previously; these tools are expensive although there are open source alternatives; those alternatives don't come with support, though, which most companies need or want. Even the relatively low end of the market (Altium) runs to almost £10k per seat per year. They all do (roughly) the same thing but each has its quirks, so there is always a learning curve.

4. Hahahahahahaha. This is possibly the most difficult of skills and can take literally decades to fully master.

5. For this, one needs to understand a lot of things from all the above and transmission line theory at a minimum. I started in RF so it really wasn't that big a deal for me.

6. Slight afterthought; some of the best engineers don't have one.

The real applicant for such a position would be very senior (probably a principal level) and would laugh at the offered salary.

0 0 Reply
Monday 16th June 2025 16:52 GMT BPontius

You made your bed!

To all companies that demand these unreasonable qualifications for "junior" positions, do the world a favor.

STOP COMPLAINING ABOUT THE LACK OF IT STAFF!!!!

You made your bed, you lie in it.

3 0 Reply
1. Thursday 26th June 2025 15:15 GMT MuleD
  
  Re: You made your bed!
  
  Amen....brother. and even though I have always been on the defender side of the fence I have little sympathy for those who get compromised. I (and those like me) can and have told you how not to become victims.. You made the choice to not listen to what the the experts are telling you so enjoy that dumpster fire some some crew just set ablaze in your network....I FUCKING TOLD YOU SO !!!!! --- Mule
  
  0 0 Reply
Thursday 26th June 2025 14:53 GMT MuleD

A word from the top

I have been at this Cyber Security thing for 25+ years. Started on the help desk and am retiring as a CISO. I have all the CERTS, years of experience (technical and policy) and an advanced degree. This whole topic is BULLSHIT and I have been shouting it for years.... There are no "entry" level positions in defensive cyber security. To be a qualified cyber security engineer you need to have a deep understanding of an assload of IT. Would you go and see an "entry level" Cancer Doctor or take your billion dollar corporate merger to an "entry level" lawyer. The counter to all of this is that the COMPANY NEEDS TO BE WILLING TO PAY FOR WHAT THEY EXPECT.

0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Topics

Special Features

Vendor Voice

Resources

COMMENTS

Security+

Re: Security+

Re: Security+

Re: Security+

Re: Security+

Let's be clear

Re: Let's be clear

Re: Let's be clear

Re: Let's be clear

Re: Let's be clear

Re: Let's be clear

Re: Let's be clear

Re: Let's be clear

Its always

Re: Its always

Re: and that disqualifies you immediately

Re: Its always

Re: Its always

Re: Its always

Re: Its always

Unfair expectations

Re: Unfair expectations

Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

Re: Time was...

I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Re: I have to wonder

Crisis

Re: Crisis

Re: Crisis

It's no better at senior levels

Re: It's no better at senior levels

Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

Re: Competive pay for experience

When I started work, back in the dawn of prehistory

Re: When I started work, back in the dawn of prehistory

Re: When I started work, back in the dawn of prehistory

Re: When I started work, back in the dawn of prehistory

Do they want to learn?

"even non-STEM fields"

Re: "even non-STEM fields"

The recruitment process

risk aversion

No longer even slightly amusing

Silly job descriptions

You made your bed!

Re: You made your bed!

A word from the top

POST COMMENT House rules

Enter your comment

Add an icon

Other stories you might like

Russia, hotbed of cybercrime, says nyet to ethical hacking bill