Hi Everyone
I have been in the field for over 25 years and been a CISSP for most of that time. I am working with my son who finally took my advice to get into the field. He has been diligently training himself and he plans to get the Entry Certification we offer. My concern is every entry level role he applies for is asking for 3 to 5 years of experience and he can't get past the HR screening.
I am working hard to get him onto one of the companies I have worked for in the past but it is taking time. I thought I would bring this up here because I attended the ISC2 Congress (remotely) from Vegas and one of the driving themes was a shortage of Cyber people. Well I have one with about 12 to 18 months experience who is chomping at the bit to get back into the game and he just can't find a landing spot. He worked for a Crypto Currency Network previously so he has some interesting experience.
How are others dealing with getting their mentees started in our discipline?
Thanks for any advice or help here
Best
Phil Lospalluto
I am interested in finding out the outcome and others advice also. I am new and starting to study for my certification with no experience.
Interesting. Thank you for putting this out there.
I suspect that the Cybersecurity shortage is a bit overexaggerated. I got retrenched at the beginning of the year. With a bachelor's degree in IT (with distinction, the Latin is apparently offensive...) from a reputable university and an SSCP, a few other certifications AND experience as an information security analyst, I have yet to get a job again. I apply for cybersecurity jobs daily. All of the positions require a degree and experience. Occasionally, they will demand a CISSP or CISM.
I have seen entry-level positions that list the CISSP in the job spec, which shows that the recruiters have no idea what that certification means.
Given my experience over the last month, I fail to see how someone with no university degree and only a CC certification will get anywhere in this industry. I have not seen a single job spec asking for any other certification other than CISSP/CISA/CISM. Make no mistake, this is not an attack against (ISC)^2, I think the CC cert is a great idea. The cyber security industry itself just needs to buy in as well for it to work.
Where to from here? As for myself, I'm considering starting again from scratch and going into software development and then pivoting into DevSecOps. Saving up to do the CISSP is also on my list. I love cybersecurity, it is without a doubt my passion in life.
I hope this helps anyone else out there make an informed decision, and manage expectations. Perhaps someone at (ISC)^2 with direct ties to recruiters can make them aware of the fact that the CISSP certification is not something that belongs on an entry-level job spec.
@Anton_Dawson I think that you've done the right thing by being employed in IT, however people unusually move across within their organization, so a lot depends on whether they have spaces to fill, and human factors definitely come into it.
Most IT roles have security functions, so try to do more of those and you can apply outside your current organization for sure. You won't be storming heaven with just an ISC2 CC just yet though, yes, the exam can be free minus the AMFs and the time, however it's a bit of a loss leader at the moment, ISC2 are trying to get uptake and then there might be pull through in hiring, but it doesn't come with endorsed experience so CompTIA Security+ is much more effective there due to it's longevity and knowledge folk have of it in the market - if you search for it worldwide in jobs in linked in you'll get just over a million hits, whilst SSCP will come in at 3-5K. CC will give you 15K but it's a common acronym, so if you go specifically for "Certified in Cybersecurity" your down to hundreds. It will get better once the forlorn hope takes the gates and HR start to know about it, but I don't think it will ever catch up. I did Secruity+ in 2004 and got my first job in Security a year later, I didn't do CISSP till 5-6 years after that. If you can add it then you'll get through more filters at entry level.
Happy to have a chat and see if there's any specific advice I could provide - but if you read enough job adverts, tailor your resume and target what they ask for then you should break in relatively quickly, but do be prepared to move around.
As an aside on those vacant cyber heroes...
With all these well-paying unfilled cybersecurity jobs knocking around it's a good job ISC2 has identified this, is actively telling people and has developed a low-cost certification with a fifty dollar PUPY subscription... 🙂
Wanted: Millions of cybersecurity pros. Rate: Whatever you want | CNN Business
I'm always minded of the 'no, sure, set your own hours, be your own boss, work from home, 3-5 hours a week - you just need a bank account and internet connection...can't really tell you what it is... Okay it's money mule..." by these types of marketing campaigns. It's not that there's an equivalence, but its similar in that there's something generic that seems better than what you have now and then along comes something just in time that helps you to do it and there is a discount.
Joking(half) aside over time CC will improve it's recognition and even get some traction, but it lacks an experience component and there's already something in the market that addresses this need.