cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Early_Adopter
Community Champion

More research on landing a role in cybersecurity and Google Pushing

Of the back of some more counting by computer, Google are pushing their cybersecurity certification, it’s a little bit of a puff piece, but they are emphasising numbers of graduates, placing them and seemingly a job board called CareerCircle in the US.

 

https://www.cnbc.com/2023/11/24/companies-have-an-incredible-need-for-this-in-demand-skill-says-goog...

 

https://cybersecurityventures.com/jobs/

 

https://www.careercircle.com/blog/post/why-you-should-earn-a-google-career-certificate 

 

 

 

4 Replies
JoePete
Advocate I

" .... says Lisa Gevelber, Google’s chief marketing officer for the Americas"

 

Herein lies the issue with a lot of the people preaching about the security industry: they don't actually work in this industry. Lisa Gevelber is a branding and marketing expert (very successful at it) but where is the hands-on industry experience?

 

Cybersecurity jobs are hard to fill because they aren't what gets marketed and branded to people. The problem I observe is turnover, not the creation of new jobs. A lot of that happens before they even get into security. Entry level tech people get burned out. So we in the security realm have lost our main feeder of good problem-solving tech people. Part of the problem though is this continual branding and marketing of security as entry level. If we really want to fill the jobs gap, encourage people to get into IT, and give the people in those jobs the opportunity to problem-solve, fail, and figure it out. Those are the ones that eventually become talented security folks. We don't get good at this because we never made a mistake; most of us work off the scar tissue of experience when we direct others as the right way of doing things and the pitfalls of choosing other paths.

 

You need that base of experience and knowledge in security. Otherwise, it's like hiring people who don't know how to drive to be traffic cops.

Early_Adopter
Community Champion

Salient points - what is probably needed are apprenticeships of some sort, IT training with security paths when appropriate.

I think having Google’s Americas Marketing Leader push is huge, and not to be underestimated. Also google seem to be following first Cisco, then Microsoft, then Amazon in being very serious about training, entry level seekers take note these behemoths along with Amazon have huge partner channels - select you ecosystem and heads down.

There is one thing I do notice about folk going for these certs vs how it was when I swapped Army for IT, then quickly security. People didn’t really ask about getting jobs in cyber so much as you showed an interest and started working on things it IT switches, routers, desktops, server, DHCP, DNS - you weren’t doing it because you though you could get paid six figures, you were having fun. As computers became more disposable and less repairable there was less of that and the feeder of joyful hands on people dried up. General point to societies fix things rather than throw them away to get ahead in tech.

Hands on, to get on!
JoePete
Advocate I


@Early_Adopter wrote:
There is one thing I do notice about folk going for these certs vs how it was when I swapped Army for IT, then quickly security. People didn’t really ask about getting jobs in cyber so much as you showed an interest and started working on things

Exactly. One could argue that the growth of security as an industry is due to the widespread tendency of individuals to run with technology rather than walk. Couple that with the tech industry's propensity to incorrectly knot our shoes or even tie them together, and the next thing we know is security jobs are growing faster than IT ones (that makes no sense at all).

 

It's a false bifurcation to say there is IT over there and then over on the other side is security. That's as silly as building a restaurant with both a kitchen and a customer service office to handle all the complaints about the bad food. Meanwhile, we see increasing burnout, frustration, and turnover n both IT and security. I think that reflects a disconnect between the certifiers, trainers, and others selling professional pathways and the actual work environments.

Early_Adopter
Community Champion

I’d say it’s certainly interesting - from a security standpoint folk at the creation end of software have very little idea about who uses it and how and vice versa. Even to the point we’re someone building things doesn’t know that if the code is present the CVE isn’t a false positive just because you feel you don’t use it/ have a compensating control. DevOps hasn’t helped nearly as much as people think and we now have a priesthood of Site Reliability Engineers talking about error budgets and chaos testing, whilst also not really getting it at least from one perspective… they’ll all have equally valid viewpoints and this dichotomy does wear people out. The tools enforcement functions mean you can’t just whitelist in the vulnerability scanner - it’s probably buried in three layers of other apps UI and access control( invariably creds behind a CyberArk, Humanities least user friendly PAM solution(apart from the others))…. So you don’t ship but that was lucky because if you had of done the Red Team would have got you…

On one side I don’t need to fix that… on the other you won’t be able to deploy if you don’t because it’s high and it just went 30 days… so you need a waiver from the guy who just want on holiday. “New Jobs Please!”

I think ISC2’s strength is in its question writers, rather than the organisation itself - just need to look at public facing systems issues with elections, CPEs, free exam faults etc - however I think most entry level training needs simulation/hands on/labwork. CC is too pumped/marketed in my opinion and CISPPIENESS isn’t going to rub off - especially as CISSP is seemingly loosing clout and not so surprising as the concentrations are now standalone certifications - maybe it’s for the best/time will tell. The big question I have is who will be the CC’s version of Das Furby to ridicule and bully? So anyway CC is probably useful, but candidates are beckoned in by the free offer and the attractive salaries(not realising that to your point you really need to have the first steps in IT).

CompTIA I think is sitting pretty as they just have a Vulcan death grip on early years (in IT as well). Pretty complete with more hands on skills.

ISACA looks more attractive every month - Privacy Engineering was a coup for them(poor IAPP) ISC2 were nowhere near that or just basic privacyOps. I think as I’m probably five or six year of retirement I shan't bother but it’s tempting.

IAPP returned the favour with an AI Governance cert - take that ISACA/ISC2!I hold more certifications with them than anyone else and always fun. Membership fee’s are high - especially versus ISC2 now they’ve proved AMFs for members are perfectly workable at fifty USD!

So guess who wrote this:

“ How can you start your career in cybersecurity? Working cybersecurity professionals agree, certification is the most important way for career pursuers to enter the field. But with so many cybersecurity certifications out there, how do you choose the one that will help you break into the field and help lead you to long-term career success?‘🧐

As a Working Cybersecurity Professional I’m almost certain that anyone thinking about breaking into the field will be better served by experience in a job in IT than a certification. ISC2 is known for having experience requirements apart from CC…

I think big vendors are well placed to move in on the hands on training, and they have labs…everyone needs labs, plenty of labs.

Lastly there’s to your point too much selling of career paths - though I’m tempted to post an email address in a thread, wander into a discord server and maybe ask for my free go on the CC exam so I can start anew… 😛