It’s that time again. Moaning about the cybersec “shortage”.

it’s-that-time-again-moaning-about-the-cybersec-“shortage”.

Everyone knows !

Silver

Does anyone have a link with evidence to there being a shortage?

I have sprayed about 250 applications only changing the title to match, with highly targeted applications to about 60 companies.

I've had about a dozen interviews but they were long shots (blizzard, Playstation, reddit, WWE, etc..)

I'm tired.

A little about me:

13 years experience.

CISSP.

CCNA.

SEC+

NET+

A+

JUNIPER+

Currently pursuing OSCP

BSIT.

TS Clearance.

Extensive DoD, finance, Healthcare experience.

Edit: redacted resume

https://imgur.com/a/WTzPYfw

Log in or sign up to leave a comment

level 1

Does anyone have a link with evidence to there being a shortage

I get on average 10 to 15 messages a WEEK on LinkedIn from recruiters. It should be extremely easy for you to get a job with that kind of experience, I'd be happy to check out your anonymized resume if you want me to see if there's anything obviously wrong with it. I'm gonna be very blunt, but if you have 13 years of experience and your CISSP but still can't get a job right now, you are definitely doing something wrong.

level 2

Have to agree here. What you've posted here says "I'm a solid gold employee. How much are you willing to pay me." NOT "Hello? Does anyone need a security guy?" *cricket chirp*.

CISSP + TS should get your foot in any door you look at. You're either looking for something hyper-niche or there's a resume issue holding you back. ClearanceJobs.com should be tripping all over themselves to talk to you.

level 2

LinkedIn is key. You can even hire a professional service to optimize your page and make a solid resume. Put those certs on your page and you should be coming up on many recruiters searches

level 2

My path was helpdesk> desktop> SOC > sysadmin> cloud engineer

Ever since the SOC job, I've been getting hit on LinkedIn for security jobs. I haven't actually worked directly in Security for a few years now.

And most of my hits aren't even for eyes on glass SOC jobs. It's been for security admin/engineer, GRC, netsec, etc

I have aws certs, comptia cysa+, net+, sec+, two vendor specific security certs for EDR/NGAV platforms

level 2

Just because you received offers does not mean you will get a job at this company, recruiters have a plan to fulfill and invite potential employees, so they write to everyone. I'm not saying you're not worthy of the job or anything, just the fact 🙂

level 1

It’s a difficult jump from a senior IT role to a senior Security role. Entry level positions are available but only a few senior Cyber roles, they’re new and usually filled internally.

I work for a mssp and we only do Security and Backups, I took a cut from my sys admin job to get started in security as it was exciting and I knew my ceiling was higher. What we see daily is the internal “security” guy is a promoted system or network admin, still reporting to the same director. Right now only your large corporate companies have separated IT and Security services. Or municipalities that are proactive on the mandates coming from the government.

A handful are willing to invest in it, most want the bare minimum to keep their cyber insurance, others are just starting to pay attention to the need and trying to get in the budget. The rest think they have it under control with their onsite backups and outdated firewalls 🙂 and think they are too small for threat actors to “target” them.

level 2

Don't get me started on cyber insurance...

level 1

I'm a hiring manager for a consulting firm and I can provide some feedback that may be helpful. A large portion of your resume is network focused, where most organisations are moving away from a perimeter based approach. SASE is really taking over in the market.

Also all of our network resources are working infrastructure as code to automate network configuration with tools like Terraform and Ansible.

Also, this is a common pitfall I see in many resumes is that people simply list skills. They don't articulate what they've done and accomplished with those skills.

Let me give you a specific example because you're almost there. For example you talk about deploying Tenable for vulnerability management. What was the result? Did you get the organization from a 180 patch cycle to a 90 day patch cycle? Did you reduce the vulnerabilities by 90% according to Shodan?

I can tell you there the lack of cyber security resources because people aren't training, and skills required for info sec have changed significantly since Covid and work from home.

Don't get discouraged, update your resume to talk about the projects you've worked on using your skills and the outcome of those projects.

Kind regards

level 2

100% this. I can speak from the other side of this too. I have a background and resume full of technical abilities, but only until I changed my resume to reflect my accomplishments, I started getting interviews for manager+ positions. Another way to think about it - these are usually not technical people hiring you (your boss). When they say want a manager/director/ciso they want a people leader not necessarily a technical leader (in most cases). Think of it like a basketball team, would you take your best point guard and make them the coach? Or would you leave them on the court to score points…

level 2

I’m a hiring manager at an engineering house and had similar observations. First impression is that candidate feels like daily grind sysadmin and compliance manager trying to use senior management/ exec wording in an almost amateur manner than doesn’t sell the scope or transformation : vision. Definitely a doer but not necessarily with the tech stack I’m looking for. Makes claims about company wide or global impacts but that doesn’t really sell the scale in terms of dollars, sites, users, or hosts so I can put it in perspective.

level 1

Sweet fried bacon-wrapped oreos!! :O If you're the kind of resume I'm competing with at entry level I'm giving up right now!

level 2

I'm not entry level home slizzle. My target is manager, senior manager, director, or CISO.

level 2

You will cost less and have age on your side - not in an ageist way, just that if you are in a specialist field it is far easier to recruit someone younger who knows nothing than to have someone from say FAANG come into a financial setting and make choices that might be suitable at amazon but are wildly unsuitable in stock trading for example.

Don't give up!

level 2

You'll be fine. Current and previous companies won't even look at experienced people resume for our entry-level roles. Either there is a big red flag in why they would apply or they want more than entry-level salary. There's enough demand mid-senior that you shouldn't be competing anyways for entry. You just got to compete with all those entry level people...which is a lot. Try to get a referral to get past the HR evil magic box of who gets to interview.

level 2

Where from this did you get entry level?

Finally, may I add that camDown and I can tell your smart friends would feel the same.