In my opinion I believe there is definitely some age discrimination in cyber sec just like every other work sector. How rampant it is, I cannot say for sure.
One would think a company would want a good mix of us older grizzled veterans of IT/cyber and those just entering the work force. This would allow us to pass on our extensive knowledge that only years of work can provide to those who can carry on when we retire.
I've seen both sides where certain companies want to hire just those fresh out of college and other companies value the experience us older folks can provide.
So with the right company career opportunities are there. You may need to be patient to find them.
One thing to take into consideration is that some of the older cyber workforce grew up as the discipline matured. The first reactions to cyber protection was "NO!" and regulation with strict compliance. As the discipline grew and matured we realized that we needed to think about being flexible as well as secure.
Being one of the younger older cyber professionals myself I have seen many of my counterparts still clinging to that old mindset of "No" and remain rigid in their cyber decisions. I have seen it affect their careers more than just their age does. So if you are at the upper age range, make sure you are flexible enough to change with the times. Also I have seen some, but not all, of the older workforce being reluctant to learn new skills. I have seen that kill careers as well.
SO my advice to you is not to look at your age as the limiting factor but make sure that you are not rigid in your approaches, you are not unwilling to learn, that you are picking up new skills and certifications, and that you practice interviewing well. I am not saying age discrimination doesn't exist, just make sure it isn't something else first.
I once ran a resume writing business that specialized in government resumes. I had a client who was a protected minority come to me and say this " I don't know why I'm coming to see you, my resume is making it past the computer filters and I am making the selection lists and I'm not getting hired, but a friend recommended you to me." She explained that she had already filed a racial discrimination suit against the person who was selecting the other people but not her. I took one look at her resume and couldn't believe it. She had over 160 spelling, grammatical, and other errors. I printed it out and took a red pen and circled all of the errors. She was making it past the computer because the computer was just looking for keywords, which she had managed to spell correctly, but the resume was a mess. I called her back in and showed her her resume and said "This is why you aren't getting hired!!!" Now you just called the selecting official a racist without having evidence to back it up. If I were you I would go in and revoke my claim against him, apologize profusely and let me fix your resume. I said "He might never want to hire you because of this!" This was at the largest employer in the region so it is not like she had a lot of other areas that paid as well to choose from.
I point this situation out so that if you are thinking of filing an age discrimination suit against someone, make sure your situation is correct and you have all the facts. I also want you to make sure that you are presenting yourself as the best candidate that you can be. I interview well but don't always get every job I interview for because I know sometimes I might not have all of the qualifications the company is looking for and sometimes there are more qualified candidates. I do worry about age discrimination as I get older and yes it probably will happen. I can't change that but I can change my qualifications so that it will be hard to pass me by.
For my nickel, I believe Cybersecurity is a little more forgiving on age than some other professions. Totally agree about marketing...they want "young, fresh" ideas.....not like old folk ever have those.....;)
Fortunately for those of us in Security, we have to come up with new and sometimes innovative ways to handle things (sometimes daily), this can be due to lack of funds, lack of tools, lack of talented folks.....and many more reasons.
(ISC)2 has many programs to help folks leaving the military transition into Security (I am not sure what ISACA or other organizations do or have but am sure they have something). In addition, unlike marketing, there is a reported short fall of folks in the Security industry and the pipe of young folks coming up may not meet the demands.
Thanks and great story! For sure, it's important to look at the person in the mirror before looking elsewhere. That's always hard to do even when you know it's what you have to do. And putting your best foot forward is super important. I have not considered taking any legal action, it's more just a general question I had about the cybersecurity profession, which is what I was I did in my previous career before marketing. I've actually had a number of interviews for marketing management roles but my impression is the shelf life of a marketer is a bit less than other fields so I thought I'd come over here and kick the tires a bit. I'm looking to actively manage my last 20 years of work (or so) and would like to put myself in the best position possible.
I agree with you on continuous learning. The cliche that the only constant is change is true for a very good reason!
Thanks! Your perspective aligns with my observations. Prior to marketing management, I worked at a large national bank in their audit department. Prior to that I worked in IT Audit and did some pen-testing (we called it 'hacking' back then) at a big 4 accounting firm. I held both CISA and CISSP designations, which I regret letting lapse. I can sit for and regain the CISSP, which I'm considering doing.
I think marketing, in particular, is prone to challenges with age. Particularly on the social media front, which has become a HUGE communication channel for consumer-facing businesses, which is where I've worked and where I started a business (a distribution craft brewery).
I think that Cybersecurity shares some of the challenges of marketing in that technology is always changing. However, my impression is that because it does not sit at the crossroads of both technology and pop culture that it's a bit less prone to age challenges. I believe there is something very appealing to a lot of people to work on a creative campaign and see it come to life on a screen somewhere. I also believe there is something very appealing about creating a new product/brand and seeing it come to life. Same thing with software development. Actually, pretty much anywhere there is a creative creator aspect, I believe that it can be challenging to continue to stay involved as a person gets a bit older. Not impossible, but a lot more challenging. The way I've seen people stay involved are starting their own businesses or getting promoted into senior management. And those more senior management marketing roles are the ones I am now interviewing for. They aren't impossible to get but I'm considering that corporate America isn't a very friendly place in general and should I get shown the door at say 55 there is a strong possibility my career could be over.
So, I'm pausing a bit and looking at what skills I have and the fact I'd like to really stretch my working years. I know I wouldn't be going into senior management role in cybersecurity at this point but if I were on the path I think it would be a more stable path than marketing. I've seen too many people really struggle, painfully, to stay relevant in marketing. And these are people with degrees from top tier business schools. It can be rough out there. Not to say that cybersecurity isn't competitive but I don't think it's competitive in the same way that marketing is as a person gets older. Or, at least that's what I want to believe lol.