Sunday, September 18, 2022

One Key Trait That Molds A Successful Cyber Employee: No Certs Or Degrees Needed

 


I’ve got to tell you one thing.  Despite the COVID-19 pandemic and the recent surges in the level of inflation, one would think that the American economy would literally have to pot by now.  But it hasn’t.  It seems like we keep on marching right along, with great jobs numbers and lower unemployment claims week after week.  True, there have been some ups and downs, but the overall trend appears to be solid. 

I wish I could say the same about the Cybersecurity Industry.  There are sill tons of jobs to be filled, and despite the demand for workers, nobody can seem to fill this gap.  It should be easy, right, with something that is so red hot?  But unfortunately, it is not.  There are reasons for this, but what people are now starting to realize is that hiring managers in Cyber are being just too damned picky.

For example, a candidate has to have X number of years in this and that, they have to have a college degree, but worst of all, they have to have all of these certs, which really make no sense to me.  To a certain degree, I can see the value of a cert or even certs in Cyber.  After all, once you have found an area in Cyber that you want to focus on, there is nothing wrong thinking about getting a cert to help you advance in your career.

But unfortunately, many people that I know of in Cyber love to show off with all of their arrogance their certs.  Heck, there is one person I know who has more certs that could fill the entire alphabet 3x time over. True, it looks quite impressive at first glance, but after a while, it fades away.  In the end, you even start saying to yourself “Who really cares?”  In all honesty, I have tried to go on for some key certs.

I remember back in the day of the .com craze, the MCSE from Microsoft was the craze.  It literally became the gold bar standard for the world of IT.  But what has happened to it now?  It has faded in the dust.  But I did try to take the exam, only failing the first one miserably (and there were 7 of them in total you had to take in order to get the full cert). 

Then came along the CISSP, which is now the gold standard for the Cyber world.  I never really took the exam, but I took some of the practice exams, and never did well in them either.  From what I hear, it is about as bad as taking the bar exam.  So, I gave up the idea of getting a cert in Cyber until I decided to take the Security+ cert.  I started studying with my full heart, and eve did fairly decent on the practice exams. 

But just a couple of weeks ago, I found out that the ISC2 is offering an entry level in Cyber, which is called the “Certificate in Cybersecurity”.  So, I now have shifted direction for the last time, and have even signed up to take the cert exam.  But I go in knowing the fact that this is merely an entry level cert, it will not have the glamor that the CISSP has.  But that’s fine by me.

I am only taking it as a point of validation for others who see my credentials.  Yes, I have written a ton of books, eBooks, whitepapers, articles, blogs, etc. on Cyber, but this cert will at least be some yardstick to show to others that yes, I do know to varying degrees what I am talking about. 

And that is how hiring managers and even candidates should view a cert. It is by no means and end all nor should be a break all.  A cert is just that:  It is a benchmark that will separate your from others in pool of candidates.

In other words, it will help you to get that interview, but not necessarily that job.  How you do in the interview will of course be the ultimate determinant in that.  Now comes another important point:  Should hire somebody based upon the fact that they have a college degree or even an advanced degree in Cyber?  The bottom-line answer is no.  It’s just like getting a cert.  Having a college or advanced degree shows that you have been dedicated to reach a certain educational level, but it does not mean that that person will make a great Cyber employee either. 

Because of this, there are now cries in the Cyber industry that hiring managers should drop the college requirement also.  But to be honest,  I am mixed on this one.  I think at minimum, a candidate should have an associates degree.  This will show some degree of trainability, which will be very important should this person be hired.

Third, there are also cries in the Cyber industry that hiring managers should stop the cookie cutter approach to hiring a manager. I can vouch for this myself.  I have applied to numerous tech writing jobs in the past, and in fact, it was down to two candidates, me and the other person.  But the other person got the job instead, because either they were more skilled in one writing technology, or they had a little bit more experience.

I thought that this was totally ridiculous, I mean if a person has been writing for 14+ years, that experience should count.  I mean if you know how to write and know an industry quite well, those skills for the most part, should be transferable. 

This the same for the Cyber industry.  So what if a person does not Pen Testing experience?  If they know a programming language like Python, and seem to be analytical in their approach, they should be given a chance.

What I am trying to get at is look outside of the world of Cyber.  In fact, why not have a job posting that lists no specific requirements, and from there, see the candidate pool you get.  You will probably get responses from different majors, but that is actually great. 

Keep in mind that one does not have to have a STEM degree to have an analytical mind.  Even a liberal arts major can bring that to the table, with all of the reading and writing that they have to do.

My Thoughts On This:

The Cyber worker shortage is only going to get worse before it gets any better.  It’s all going to become dependent on the hiring managers.  As I have mentioned, there are a great pool of candidates out there . . you just need to look beyond that JD and see for yourself. 

But there is one trait that will be common amongst all Cyber workers, and this should be the number one qualification that you should be on the lookout for:  self-motivation and persistence.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...