I’ve got to tell you one thing. Despite the COVID-19 pandemic and the recent
surges in the level of inflation, one would think that the American economy
would literally have to pot by now. But
it hasn’t. It seems like we keep on
marching right along, with great jobs numbers and lower unemployment claims
week after week. True, there have been
some ups and downs, but the overall trend appears to be solid.
I wish I could say the same about the Cybersecurity Industry. There are sill tons of jobs to be filled, and
despite the demand for workers, nobody can seem to fill this gap. It should be easy, right, with something that
is so red hot? But unfortunately, it is
not. There are reasons for this, but
what people are now starting to realize is that hiring managers in Cyber are
being just too damned picky.
For example, a candidate has to have X number of years in this
and that, they have to have a college degree, but worst of all, they have to
have all of these certs, which really make no sense to me. To a certain degree, I can see the value of a
cert or even certs in Cyber. After all,
once you have found an area in Cyber that you want to focus on, there is nothing
wrong thinking about getting a cert to help you advance in your career.
But unfortunately, many people that I know of in Cyber love
to show off with all of their arrogance their certs. Heck, there is one person I know who has more
certs that could fill the entire alphabet 3x time over. True, it looks quite
impressive at first glance, but after a while, it fades away. In the end, you even start saying to yourself
“Who really cares?” In all honesty, I
have tried to go on for some key certs.
I remember back in the day of the .com craze, the MCSE from
Microsoft was the craze. It literally
became the gold bar standard for the world of IT. But what has happened to it now? It has faded in the dust. But I did try to take the exam, only failing the
first one miserably (and there were 7 of them in total you had to take in order
to get the full cert).
Then came along the CISSP, which is now the gold standard
for the Cyber world. I never really took
the exam, but I took some of the practice exams, and never did well in them
either. From what I hear, it is about as
bad as taking the bar exam. So, I gave
up the idea of getting a cert in Cyber until I decided to take the Security+
cert. I started studying with my full
heart, and eve did fairly decent on the practice exams.
But just a couple of weeks ago, I found out that the ISC2 is
offering an entry level in Cyber, which is called the “Certificate in
Cybersecurity”. So, I now have shifted
direction for the last time, and have even signed up to take the cert
exam. But I go in knowing the fact that this
is merely an entry level cert, it will not have the glamor that the CISSP
has. But that’s fine by me.
I am only taking it as a point of validation for others who
see my credentials. Yes, I have written
a ton of books, eBooks, whitepapers, articles, blogs, etc. on Cyber, but this
cert will at least be some yardstick to show to others that yes, I do know to
varying degrees what I am talking about.
And that is how hiring managers and even candidates should view
a cert. It is by no means and end all nor should be a break all. A cert is just that: It is a benchmark that will separate your
from others in pool of candidates.
In other words, it will help you to get that interview, but
not necessarily that job. How you do in the
interview will of course be the ultimate determinant in that. Now comes another important point: Should hire somebody based upon the fact that
they have a college degree or even an advanced degree in Cyber? The bottom-line answer is no. It’s just like getting a cert. Having a college or advanced degree shows that
you have been dedicated to reach a certain educational level, but it does not
mean that that person will make a great Cyber employee either.
Because of this, there are now cries in the Cyber industry that
hiring managers should drop the college requirement also. But to be honest, I am mixed on this one. I think at minimum, a candidate should have
an associates degree. This will show
some degree of trainability, which will be very important should this person be
hired.
Third, there are also cries in the Cyber industry that
hiring managers should stop the cookie cutter approach to hiring a manager. I
can vouch for this myself. I have
applied to numerous tech writing jobs in the past, and in fact, it was down to
two candidates, me and the other person.
But the other person got the job instead, because either they were more skilled
in one writing technology, or they had a little bit more experience.
I thought that this was totally ridiculous, I mean if a person
has been writing for 14+ years, that experience should count. I mean if you know how to write and know an
industry quite well, those skills for the most part, should be transferable.
This the same for the Cyber industry. So what if a person does not Pen Testing
experience? If they know a programming language
like Python, and seem to be analytical in their approach, they should be given
a chance.
What I am trying to get at is look outside of the world of
Cyber. In fact, why not have a job
posting that lists no specific requirements, and from there, see the candidate
pool you get. You will probably get
responses from different majors, but that is actually great.
Keep in mind that one does not have to have a STEM degree to
have an analytical mind. Even a liberal
arts major can bring that to the table, with all of the reading and writing that
they have to do.
My Thoughts On This:
The Cyber worker shortage is only going to get worse before
it gets any better. It’s all going to become
dependent on the hiring managers. As I
have mentioned, there are a great pool of candidates out there . . you just
need to look beyond that JD and see for yourself.
But there is one trait that will be common amongst all Cyber
workers, and this should be the number one qualification that you should be on
the lookout for: self-motivation and
persistence.
No comments:
Post a Comment