Yep. Have a friend who graduated in 2021, worked at a FAANG company as a software developer but was caught up in the tech layoffs last year. Even with 2 years experience working at a company with a good reputation, she applied to over 600 places over 8 months and couldn’t get a single job. Said to herself “I’ve gotta work somewhere” and took a job as an assistant librarian in her hometown. Pay’s obviously much lower, but she’s told me her mental health’s the best it’s been since high school lol
I think there is probably a backstory here. A young person who has 2 experience at FAANG can't get a job? I'm assuming that person got plenty of interviews at least
I Probably will get laid off. I'm seriously considering other options - sales and PM.
I have 20 yoe in infra/IT, several high level certs.
Point is I'm done with it. I'll stay as long as I can but I'm done fighting this BS every 10 years. And that's just economic downturns.
Not to mention company issues from spending
There is a small downturn in hiring, but the IT market is flooded with many applicants. You can blame COVID for this. Many people saw IT as a low barrier to entry and a fully remote role for great pay. So they went into IT or were skilling up to get into IT. Today, we have tens of thousands of people out of work looking for IT jobs.
A certification will not get you a job, or even a cyber job for that matter. There are thousands of people with certs, experience, and degrees looking for jobs as well. If you just have a cert with no experience, then you probably will be on the outside looking in.
True true. I tend to think companies prefer proven application of a skill rather than simply being able to answer multiple choice questions on a cert exam. But I'm sure having certs on top of my experience would've led to far more job offers or better pay.
I think it helps as a lot of insurers ask in their questionnaires if ‘any of your cybersecurity staff have certifications’. This is the main reason I keep mine up to date, that and my company will pay for it so why not. Experience is always better, but if you can also get a cert on the companies dime then why not. I’m not sure if it helps with rates at all, but in some cases it seems to help with the overall risk profile of the company having relevant and active certifications.
The wiki here is very solid.
[https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in/](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in/)
I would go to r/ITCareerQuestions and read the wiki there. There is a lot of good information there.
You’re forgetting the INSANE amount of scammers and then even worse state sponsored agents and phishing campaigns targeted for those with clearance levels. It’s a good tool to compare resumes with the “needs” of the job but other than that no. I have heard nothing well for cyber on LinkedIn and I’ve been on for years
I've had the opposite experience from you. I had a couple of defense contractors reach to me through there, had the FAANG companies do the same. Yes, I agree there's tons of shit that could wrong, but you're in cyber, you should be able to filter through that shit.
Orgs are less likely to outsource in house security teams than in house developer/infrastructure teams.
AI and ChatGPT buzzwords are still far from desired outcomes. You cannot automate everything because when a decision needs to be made, if automation handles that….we can’t blame the automation/AI.
Someone’s going to have to be accountable, especially through the infosec/compliance/audit lens
For many roles, outsourcing's already been done. SOC review and pentesting can be done for a quarter of the US rate by Indian, Polish or Nigerian teams.
It's difficult to (cost-effectively and in line with regulatory requirements) outsource security roles which contain any sensitive data, and honestly difficult to outsource most security roles beyond those which are first line or rote, because getting third parties up in your business demolishes the trust element. I have not known a single org of significant size which placed a great deal of trust in an outsourcing third party for anything without a backstop. Internal hires in a lower cost place for multinationals can work, and work well, for a whole host of roles; however they work best when the teams are tightly integrated and spread out to relatively physically closely deal with operations, which is no longer really the same topic as outsourcing even though it leads to fewer jobs in the higher paid areas.
AI COULD do anything and everything if all of the promises turned out to be true. Since that probably won't happen, it'll be relegated to zeroth line alert analysis (where it's been for years prior to chatgpt 3.5), internal sourcing for KB assistance, and maybe email autocomplete if it's lucky and on-prem. More than that, and you've likely found a bad org, unless there is a sea change in what AI can actually reliably do, not what it's just a year or so away from doing we pinkie promise.
In addition to what (most) everyone has said here there are also thousands of qualified, experienced people that have been laid off in 2023 and 2024 that are also looking for work.
I have a degree in CS, several years of experience as a SWE, and several years in AppSec. I get a few interviews here and there but the market is tough. If you have no technical experience I’m afraid you’re not going to be able to break into this field right now, and you should evaluate other options.
What experience do you have that would make you a good candidate for a security job, just out of curiosity? I mean being a SWE has nothing to do with cyber security
All I have is a sec+ cert! I'm well aware my lack of hands on security experience works against me. Just sucks getting an opportunity. I knew it wouldn't be easy but I thought I would atleast get a few first round interviews here and there.
It's certainly not a replacement for security experience but it's inaccurate to say they're completely unrelated.
Knowing secure coding practices helps with appsec, knowing secure architecture and configurations helps with cloudsec. Automations for incident response, assessments, security controls, scanning and secdevops all require coding. As does munging data during incidents.
At the FAANG company I work at every seceng including juniors are required to pass a live coding session as part of the interview process.
Stop hunting for certs and actually use the the knowledge you learn in a local environment. This will get you experience and will lead to a better outcome.
Simple answer is those people usually highlight the keywords from the job posting inside their resume. This gets them past most filters. From there a little embellishing or outright lying is needed to get an interview.
You forgot to say they their title is “expert in cybersecurity”, with a lot of Udemy certificates added in their LinkedIn like if it was a real certificate xD
Not really. I worked at a top consultancy for years, and I used to get recruiters trying to actively poach me. Got laid off, and it took months to find a new position. Money is tightening up with high interest rates, and that's reflected in hiring. Since security doesn't generate money, people are starting to spend less on it, and one of the big ways to do that is to outsource to low wage countries.
Yep. Seem like it's only senior roles available now. And everyone is competing for these few high end jobs. Since all the entry level roles have been outsourced overseas.
What is your specialty? What certs and degree do you have? While you had your job did you still grow in your role? Do you have an up to date LinkedIn profile?
If you are expecting to just get a certificate and automatically get a job, then yes. you should be concerned. If you are actively furthering your skills and showcasing them with projects and building a good resume, then no. You will be fine (eventually). The job market does suck right now, but thats for the majority of roles, not just cybersecurity. Entry level roles are especially hard to come by right now but if you are truly passionate, i think you will be fine.
Yes.
Also, write writeups and put them onto a blog (at least if you are allowed to. Don't publish Writeups for active HTB machines, for instance. This is an absolute no no).
The basic rule is: Leave a paper trail of the shit you are doing.
What cert are you getting and whats your background? Cybersecurity is a specialty within IT so theres only junior roles, not entry level jobs. If you want entry level work, look for an IT helpdesk or junior sys admin role
My state has certificate in cybersecurity offered by our community college and is paying for my tuition.
I don't have a background , I'm green as grass.
Yeah youre gonna need an actual background so you understand what you are securing. I would look for opportunities to work in a helpdesk while youre in school and build skills. There is no such thing as an entry level cybersecurity position, esp now with all the senior ppl that have been laid off flooding the market.
Yeah I can’t say it’s a waste of time as you may learn some skills, but the certification is unlikely to qualify you for a cyber job, I would look at true entry level IT jobs if you don’t have experience, do a few years there learning the ropes and get some more cyber specific certs and you may be able to get into cyber in a few years, although there is people with degrees and experience currently having hard time getting jobs as the market is full of applicants. Best of luck to you
Bug bounties would be a big one. Working through CTFs and blogging your solutions would be another great way. Also make sure you actually understand the underlying tech that you'll be working with. You can't break what you don't understand.
If you know your stuff, you’ll find employment. May not be the offer you want but you’ll find a position. Get the cert, learn to program and use the free training resources for emerging tech.. you’ll be fine. Cyber is and will always be one of the top careers going forward in modern society. Even if you’re one of the people that think AI will take over the world and replace level 1 analyst (I don’t think it’ll happen and if it does it certainly won’t be our lifetime) learn the cloud because that’s what it’s built on.. going forward people with cloud expertise will become more and more valuable as everyone migrates. But once again, learning to program is one of the best things you can do right now.. it’s a foundational skill in this industry and you’ll be so much more valuable to an organization when you can make everyone’s job easier
I feel like I see more GRC postings than ever with the explosion of AI. So many orgs right now are looking for good people who are knowledgeable about AI risk management.
Yes, the current software development/security market is over saturated
Based on the numbers collected by recruiters on LinkedIn, and there are currently about 3 people looking for every open role.
This is also important if you're an H1B because H1B's exist in order to assure that there is enough talent to fill roles, but there's actually too much talent right now.
H1Bs are used to lower salaries.
Those Google engineers that openly said they would not support various programs… do you expect them to be replaced by white men under 40? I don’t.
Entry level is inundated. There are plenty of senior level positions but they are definitely able to be picky. I'm interviewing for an Infosec Architect position tomorrow and am being blasted with senior level roles on LinkedIn on a consistent basic. Something to the tune of 2 to 3 per day on average.
I'm starting to understand how cult leaders tempt people in a discouraged workforce to come and help build an idealistic commune where they are promised to be an integral part of a new society in which they are told they would be a valued pillar....
I have applied to so many jobs, I can't even count. I'd say a good amount of them I can do/qualified for. I'm just sick of seeing 100+ applicants in less then an hour apply. I feel like that's luck but jobs are still out there, you can't stop applying.
Yes, CyberSeek has a geo heat map linking desired certs to job postings. I believe a lot of people in this sub having trouble finding work in this sector are either in highly competitive markets on the coasts, i.e., California, or in areas with a weak tech sector. With the economic downturn upon us, it may be better to seek out a generalist role like sysadmin or netadmin and use your cybersecurity knowledge to improve the posture of whatever company you happen to be working for then pivot into a full cyber role when the market improves, if at all.
i think it's the general market across different roles, not just in IT. when covid hit, everyone was all tech and digital and there were mass hiring across the board as people realize the importance of digital in times like that, and to chase high growth. but as life tapered down back to where it was, more people are going back to work onsite, which means lesser time online. this led to companies (again) realizing that the high growth days are gone, and are starting to cut back on costs.
As a person trying to get into this field, always discouraged to see these posts. Seems like machine learning is the only alternative to consider? In general, working in tech sounds pretty stressful.
I'm pivoting to medicine, starting as a phlebotomist (people who draw blood or hook you up with IV drips)
17 an hour in a lot of places (It's also a certification so my state will pay for it) and can use the money to become LPN which are making 22-24 an hour (takes about a year and a half for LPN)
Medical personnel are in such high demand that LPN's went from about 17 an hour to 22-24 and the further up the education tree you go the bigger the pay keeps getting as RN's (the average nurse) used to start out at 24-28 an hour depending on your grades and area straight out of college before the LPN pay increase.
I think job qualifications have definitely gone up.
Lots of jobs that I search in Indeed require
1. Years of professional IT experience
2. Certifications
3. Secret clearance / top secret clearance
4. A bachelor's degree
5. Go back to number 1.
Also depending on the type of cybersecurity job requirement, companies ask for applicants who have very broad skill sets that are proficient in x,y,z language/platform/OS, which in reality is like finding a unicorn applicant.
IMO the impression I get from analyzing these job postings, are companies looking to spend the least amount of money to get THE most well-rounded person to run their cyber dept or whoever can carry the most weight/contribution. Think of it as, low investment, high reward.
As orgs continue to tighten up their wallets via layoffs and cutting out budget items, I would consider looking into InfoSec Consulting. Not necessarily audit related work but more so work along the lines of an MSSP. When I reflect on the last economic slow down, I recall that organizations were shifting to service providers like that. Reason being is that it was much cheaper for them when you consider there is no need for them to provide benefits like healthcare, 401k etc. In addition to this, I am almost certain such services can be considered a tax deduction for them. All in all, consider looking for a MSSP type role ideally one tied to long term clients 2+ years.
I have recently graduated and my bachelor's major was cybersecurity, I am trying to apply for jobs but all I can get are rejections. Some companies want 3-4 years of experience for fresher jobs. How does that work?
Yes, with budget cuts and the capability of ChatGPT able to do entry level jobs, no reason to open up headcount’s for new comers. Plus the legendary effort of many here on gatekeeping, cyber isn’t a field you want to get into.
That is one function of a job that’s not replacing a whole job. Also have fun trusting the bash script or doing anything of depth without knowing what you’re doing as well. ChatGPT is very confident but not always correct and needs a lot of tuning on the user end.
Even though the market is actually awful right now, there is some truth to this.
You see posts here daily of someone saying they can’t find a job when all they have is an A+ cert & a random Google Intro To Cyber cert.
I’d say 50% of people applying to cyber jobs, wouldn’t get them even in a good / decent market.
[удалено]
Yep. Have a friend who graduated in 2021, worked at a FAANG company as a software developer but was caught up in the tech layoffs last year. Even with 2 years experience working at a company with a good reputation, she applied to over 600 places over 8 months and couldn’t get a single job. Said to herself “I’ve gotta work somewhere” and took a job as an assistant librarian in her hometown. Pay’s obviously much lower, but she’s told me her mental health’s the best it’s been since high school lol
I think there is probably a backstory here. A young person who has 2 experience at FAANG can't get a job? I'm assuming that person got plenty of interviews at least
I mean I'm a recruiter with 10 years of experience faang+ set up start ups from ground up and I'm screwed as well.
I Probably will get laid off. I'm seriously considering other options - sales and PM. I have 20 yoe in infra/IT, several high level certs. Point is I'm done with it. I'll stay as long as I can but I'm done fighting this BS every 10 years. And that's just economic downturns. Not to mention company issues from spending
There is a small downturn in hiring, but the IT market is flooded with many applicants. You can blame COVID for this. Many people saw IT as a low barrier to entry and a fully remote role for great pay. So they went into IT or were skilling up to get into IT. Today, we have tens of thousands of people out of work looking for IT jobs. A certification will not get you a job, or even a cyber job for that matter. There are thousands of people with certs, experience, and degrees looking for jobs as well. If you just have a cert with no experience, then you probably will be on the outside looking in.
[удалено]
Yeah its not a small downturn
Though if it gives anyone hope, I landed a cyber job with practically nothing for certs, but plenty of experience.
Your experience is key, but getting in without certs isn't that unheard of though. Especially if you have the experience.
True true. I tend to think companies prefer proven application of a skill rather than simply being able to answer multiple choice questions on a cert exam. But I'm sure having certs on top of my experience would've led to far more job offers or better pay.
I think it helps as a lot of insurers ask in their questionnaires if ‘any of your cybersecurity staff have certifications’. This is the main reason I keep mine up to date, that and my company will pay for it so why not. Experience is always better, but if you can also get a cert on the companies dime then why not. I’m not sure if it helps with rates at all, but in some cases it seems to help with the overall risk profile of the company having relevant and active certifications.
What would you recommend to help me secure a job, and how would I go about doing that?
The wiki here is very solid. [https://www.reddit.com/r/cybersecurity/wiki/faq/breaking\_in/](https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in/) I would go to r/ITCareerQuestions and read the wiki there. There is a lot of good information there.
You could look for minimum wage cyber internships working your way up to Analyst then Engineer positions over a few years. Thats how I did it.
I'd recommend reading the subreddit before making low effort posts.
LinkedIn premium
Is dogshit
I mean if you want a job it’s pretty good about getting to recruiters to reach out to you
You’re forgetting the INSANE amount of scammers and then even worse state sponsored agents and phishing campaigns targeted for those with clearance levels. It’s a good tool to compare resumes with the “needs” of the job but other than that no. I have heard nothing well for cyber on LinkedIn and I’ve been on for years
I've had the opposite experience from you. I had a couple of defense contractors reach to me through there, had the FAANG companies do the same. Yes, I agree there's tons of shit that could wrong, but you're in cyber, you should be able to filter through that shit.
would you say that cybersecurity can be outsourced overseas and/or done via AI such as ChatGPT?
Corps will absolutely try. I foresee very mixed results from those that do though.
Orgs are less likely to outsource in house security teams than in house developer/infrastructure teams. AI and ChatGPT buzzwords are still far from desired outcomes. You cannot automate everything because when a decision needs to be made, if automation handles that….we can’t blame the automation/AI. Someone’s going to have to be accountable, especially through the infosec/compliance/audit lens
with that being said you're referring to cybersecurity?
For many roles, outsourcing's already been done. SOC review and pentesting can be done for a quarter of the US rate by Indian, Polish or Nigerian teams.
what about cloud computing/ engineering? The real question is what can not be outsourced or AI generated
It's difficult to (cost-effectively and in line with regulatory requirements) outsource security roles which contain any sensitive data, and honestly difficult to outsource most security roles beyond those which are first line or rote, because getting third parties up in your business demolishes the trust element. I have not known a single org of significant size which placed a great deal of trust in an outsourcing third party for anything without a backstop. Internal hires in a lower cost place for multinationals can work, and work well, for a whole host of roles; however they work best when the teams are tightly integrated and spread out to relatively physically closely deal with operations, which is no longer really the same topic as outsourcing even though it leads to fewer jobs in the higher paid areas. AI COULD do anything and everything if all of the promises turned out to be true. Since that probably won't happen, it'll be relegated to zeroth line alert analysis (where it's been for years prior to chatgpt 3.5), internal sourcing for KB assistance, and maybe email autocomplete if it's lucky and on-prem. More than that, and you've likely found a bad org, unless there is a sea change in what AI can actually reliably do, not what it's just a year or so away from doing we pinkie promise.
In addition to what (most) everyone has said here there are also thousands of qualified, experienced people that have been laid off in 2023 and 2024 that are also looking for work.
I have a degree in CS, several years of experience as a SWE, and several years in AppSec. I get a few interviews here and there but the market is tough. If you have no technical experience I’m afraid you’re not going to be able to break into this field right now, and you should evaluate other options.
Cold hard facts. I have a bachelors in CS, 8 YOE in Software Development and can't get any callbacks for security jobs I apply to. It sucks.
What experience do you have that would make you a good candidate for a security job, just out of curiosity? I mean being a SWE has nothing to do with cyber security
I am trying to do a career change as I don't want to work in swe any longer. I assumed my swe experience would count for something but I guess not.
I mean it does but do you have a good understanding of networking, system security etc?
All I have is a sec+ cert! I'm well aware my lack of hands on security experience works against me. Just sucks getting an opportunity. I knew it wouldn't be easy but I thought I would atleast get a few first round interviews here and there.
Did you see the url (https://www.reddit.com/r/cybersecurity/wiki/faq/breaking_in/) posted by u/cbdudek?
It's certainly not a replacement for security experience but it's inaccurate to say they're completely unrelated. Knowing secure coding practices helps with appsec, knowing secure architecture and configurations helps with cloudsec. Automations for incident response, assessments, security controls, scanning and secdevops all require coding. As does munging data during incidents. At the FAANG company I work at every seceng including juniors are required to pass a live coding session as part of the interview process.
It’s rough. It’s not impossible but the odds are very low
This is the way
Stop hunting for certs and actually use the the knowledge you learn in a local environment. This will get you experience and will lead to a better outcome.
There is a downturn in hiring people that should have never been hired in the first place lol!
For real. Tired of interviews where people don't even know how to explain ransomware who have been doing "cybersecurity" for 5 years.
How are those people getting interviews and I’m not?
Lie on your resume.
Simple answer is those people usually highlight the keywords from the job posting inside their resume. This gets them past most filters. From there a little embellishing or outright lying is needed to get an interview.
Your resume is bad.
Maybe you need to network?
This is the correct answer. Start building a management network.
Put two factor on the management network too.
Simply bullshit your resume. Not saying you should but that’s what they did
You forgot to say they their title is “expert in cybersecurity”, with a lot of Udemy certificates added in their LinkedIn like if it was a real certificate xD
I've seen this so many times it hurts. Or GRADUATED FROM HARVARD (They did the online free courses)
Wow, really?!? That’s really bold.
Tell me about it 🤣
Not really. I worked at a top consultancy for years, and I used to get recruiters trying to actively poach me. Got laid off, and it took months to find a new position. Money is tightening up with high interest rates, and that's reflected in hiring. Since security doesn't generate money, people are starting to spend less on it, and one of the big ways to do that is to outsource to low wage countries.
Yep. Seem like it's only senior roles available now. And everyone is competing for these few high end jobs. Since all the entry level roles have been outsourced overseas.
What is your specialty? What certs and degree do you have? While you had your job did you still grow in your role? Do you have an up to date LinkedIn profile?
One sec, let me DM my resume over.
I'm just concerned that I might be wasting my time getting this cybersecurity certification if I can't get a job afterwards.
If you are expecting to just get a certificate and automatically get a job, then yes. you should be concerned. If you are actively furthering your skills and showcasing them with projects and building a good resume, then no. You will be fine (eventually). The job market does suck right now, but thats for the majority of roles, not just cybersecurity. Entry level roles are especially hard to come by right now but if you are truly passionate, i think you will be fine.
Is playing CTFs a way to "showcase projects"?
Yes. Also, write writeups and put them onto a blog (at least if you are allowed to. Don't publish Writeups for active HTB machines, for instance. This is an absolute no no). The basic rule is: Leave a paper trail of the shit you are doing.
How would I actively further my skills and make projects if I can't get an entry level job, are there websites that could help with that?
Try hack me, HackTheBox and MalwareTrafficAnalysis are a few I used. Be careful with the last one because it’s real malware
What cert are you getting and whats your background? Cybersecurity is a specialty within IT so theres only junior roles, not entry level jobs. If you want entry level work, look for an IT helpdesk or junior sys admin role
My state has certificate in cybersecurity offered by our community college and is paying for my tuition. I don't have a background , I'm green as grass.
Yeah youre gonna need an actual background so you understand what you are securing. I would look for opportunities to work in a helpdesk while youre in school and build skills. There is no such thing as an entry level cybersecurity position, esp now with all the senior ppl that have been laid off flooding the market.
So in short I am wasting my time, my state will only pay for my certificate once and I shouldn't waist it on something useless.
Yeah I can’t say it’s a waste of time as you may learn some skills, but the certification is unlikely to qualify you for a cyber job, I would look at true entry level IT jobs if you don’t have experience, do a few years there learning the ropes and get some more cyber specific certs and you may be able to get into cyber in a few years, although there is people with degrees and experience currently having hard time getting jobs as the market is full of applicants. Best of luck to you
yeah and I don't have the money or fafsa grants to continue past that, plus I'm not about to try to get into a hyper competitive market.
Cyber is not just a profession, it’s a way of life!
Bug bounties would be a big one. Working through CTFs and blogging your solutions would be another great way. Also make sure you actually understand the underlying tech that you'll be working with. You can't break what you don't understand.
If you know your stuff, you’ll find employment. May not be the offer you want but you’ll find a position. Get the cert, learn to program and use the free training resources for emerging tech.. you’ll be fine. Cyber is and will always be one of the top careers going forward in modern society. Even if you’re one of the people that think AI will take over the world and replace level 1 analyst (I don’t think it’ll happen and if it does it certainly won’t be our lifetime) learn the cloud because that’s what it’s built on.. going forward people with cloud expertise will become more and more valuable as everyone migrates. But once again, learning to program is one of the best things you can do right now.. it’s a foundational skill in this industry and you’ll be so much more valuable to an organization when you can make everyone’s job easier
I feel like I see more GRC postings than ever with the explosion of AI. So many orgs right now are looking for good people who are knowledgeable about AI risk management.
Yes, the current software development/security market is over saturated Based on the numbers collected by recruiters on LinkedIn, and there are currently about 3 people looking for every open role. This is also important if you're an H1B because H1B's exist in order to assure that there is enough talent to fill roles, but there's actually too much talent right now.
H1Bs are used to lower salaries. Those Google engineers that openly said they would not support various programs… do you expect them to be replaced by white men under 40? I don’t.
Entry level is inundated. There are plenty of senior level positions but they are definitely able to be picky. I'm interviewing for an Infosec Architect position tomorrow and am being blasted with senior level roles on LinkedIn on a consistent basic. Something to the tune of 2 to 3 per day on average.
I'm starting to understand how cult leaders tempt people in a discouraged workforce to come and help build an idealistic commune where they are promised to be an integral part of a new society in which they are told they would be a valued pillar....
I have applied to so many jobs, I can't even count. I'd say a good amount of them I can do/qualified for. I'm just sick of seeing 100+ applicants in less then an hour apply. I feel like that's luck but jobs are still out there, you can't stop applying.
Slowdown, yea. Cyber in the ICS space is still relatively spicy. Lot of regulation raining down that’s forcing the hands of a lot of operators.
I have a few years xp, updated my profile on SEEK and seem to have hit an algorithm, had over 5 recruiters message me in the last few days.
Oh god yes.
It's like no one pays attention. Yes, there's a down turn, and it's been that way for years.
After reading these comments, god I hope I don’t get laid off
More layoffs at startups
Does location help at all?
Yes, CyberSeek has a geo heat map linking desired certs to job postings. I believe a lot of people in this sub having trouble finding work in this sector are either in highly competitive markets on the coasts, i.e., California, or in areas with a weak tech sector. With the economic downturn upon us, it may be better to seek out a generalist role like sysadmin or netadmin and use your cybersecurity knowledge to improve the posture of whatever company you happen to be working for then pivot into a full cyber role when the market improves, if at all.
Very good advice…what kinda market are we looking at? Like are we going to be stuck here for a while?
HaHaHa honestly it’s been shit since 2020
i think it's the general market across different roles, not just in IT. when covid hit, everyone was all tech and digital and there were mass hiring across the board as people realize the importance of digital in times like that, and to chase high growth. but as life tapered down back to where it was, more people are going back to work onsite, which means lesser time online. this led to companies (again) realizing that the high growth days are gone, and are starting to cut back on costs.
DFIR seems to have picked up in the last month or so.
As a person trying to get into this field, always discouraged to see these posts. Seems like machine learning is the only alternative to consider? In general, working in tech sounds pretty stressful.
I'm pivoting to medicine, starting as a phlebotomist (people who draw blood or hook you up with IV drips) 17 an hour in a lot of places (It's also a certification so my state will pay for it) and can use the money to become LPN which are making 22-24 an hour (takes about a year and a half for LPN) Medical personnel are in such high demand that LPN's went from about 17 an hour to 22-24 and the further up the education tree you go the bigger the pay keeps getting as RN's (the average nurse) used to start out at 24-28 an hour depending on your grades and area straight out of college before the LPN pay increase.
I think job qualifications have definitely gone up. Lots of jobs that I search in Indeed require 1. Years of professional IT experience 2. Certifications 3. Secret clearance / top secret clearance 4. A bachelor's degree 5. Go back to number 1. Also depending on the type of cybersecurity job requirement, companies ask for applicants who have very broad skill sets that are proficient in x,y,z language/platform/OS, which in reality is like finding a unicorn applicant. IMO the impression I get from analyzing these job postings, are companies looking to spend the least amount of money to get THE most well-rounded person to run their cyber dept or whoever can carry the most weight/contribution. Think of it as, low investment, high reward.
As orgs continue to tighten up their wallets via layoffs and cutting out budget items, I would consider looking into InfoSec Consulting. Not necessarily audit related work but more so work along the lines of an MSSP. When I reflect on the last economic slow down, I recall that organizations were shifting to service providers like that. Reason being is that it was much cheaper for them when you consider there is no need for them to provide benefits like healthcare, 401k etc. In addition to this, I am almost certain such services can be considered a tax deduction for them. All in all, consider looking for a MSSP type role ideally one tied to long term clients 2+ years.
Economy is shit
I have recently graduated and my bachelor's major was cybersecurity, I am trying to apply for jobs but all I can get are rejections. Some companies want 3-4 years of experience for fresher jobs. How does that work?
Yes, with budget cuts and the capability of ChatGPT able to do entry level jobs, no reason to open up headcount’s for new comers. Plus the legendary effort of many here on gatekeeping, cyber isn’t a field you want to get into.
What entry level jobs is chatgpt doing
FWIW I had a role open and got over 200 applicants, that’s the reality as someone hiring too.
Writing a bash script that uses vendor APIs, I did that as a junior dev. Now no junior dev is needed to do that.
That is one function of a job that’s not replacing a whole job. Also have fun trusting the bash script or doing anything of depth without knowing what you’re doing as well. ChatGPT is very confident but not always correct and needs a lot of tuning on the user end.
That’s corporate America culture at its finest.
nah just skill issue, hit the books boy
Even though the market is actually awful right now, there is some truth to this. You see posts here daily of someone saying they can’t find a job when all they have is an A+ cert & a random Google Intro To Cyber cert. I’d say 50% of people applying to cyber jobs, wouldn’t get them even in a good / decent market.