Cybersecurity Does Not Have a Skill Shortage Gap (It's a Hiring Gap)

Подписаться 204 тыс.

Просмотров 11 тыс.

50% 1

⏰ Timestamps:
0:00 - Introduction
1:25 - Reason 1 - Hiring Expectations vs Reality
3:52 - Reason 2 - Cybersecurity != Entry-level
5:55- Reason 3 - Cybersecurity's Talent Gap
7:19 - How can we fix this?
8:27 - Conclusion
🔗 Links:
- / is-there-really-an-inf...
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
💻 Cybersecurity PC Build Parts
[Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: amzn.to/3OlTTUK
[Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: amzn.to/3OE0bkd
[AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: amzn.to/3DEUUT9
[Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: amzn.to/3Ol9La8
[RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: amzn.to/3OlsgeM
[HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: amzn.to/3DFdc6K
[SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: amzn.to/3KpTnnQ
[Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: amzn.to/44Rjaxf
[Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: amzn.to/478wC1r
[Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: amzn.to/44R4myD

Опубликовано:

1 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 74

@redbanz2228 Месяц назад

This is one of the difficult things for me when it comes to getting an entry-level position. Having a four-year degree in cyber security and over 10+ certifications all of which are sought after. On top of that I’m in the top 1% on try hack me, HOWEVER I can’t get hired because I have no real world experience and no hands on training which is what HR/recruiters want as well. I can display my knowledge to HR but they won’t understand unless I’m talking to someone within the IT or Cybersecurity department of that business/company but that hasn’t happened with me yet.

@axelcodr Месяц назад

Thanks for the feedback and sorry for your experience even though you are top notch! Top 1% is crazy! I am only half through, finished degree but with no experience (and no extra degrees) it's really hard to find something. I'm looking since mid 2023. (sys admin/devops/networking)

@metasploitness1927 Месяц назад

Maybe consider stop getting certs and starting on the bottom of IT (Helpdesk). This is what most people dont get. Cybersecurity is not a entry level field. You NEED experience if not in Cyber at least in something adjacent (SysAdm, NetEng, Cloud Analyst...)

@joelrobert4053 Месяц назад

You should go to IT conferences and network with people as nowadays its about who you know

@keiinunreal5717 Месяц назад

What’s the 10+ certs you have?

@qwaql7138 Месяц назад

Did you have an internship? In person or online college?

@freedomordeath1805 Месяц назад

Gatekeeping issue is major. hopefully one day you can look into that, cyber security is filled with gatekeepers and the ppl in this industry gate-keep info who don’t want to see you succeed.

@berry292 Месяц назад

Preach brother.

@Neiroe Месяц назад

Sad thing is, afaik, pretty much every industry has this problem with the disconnect between recruiters and applicants.

@casuallybad Месяц назад

Which is actually trivial to solve, IF the employers are willing to spend resources in training. (they're not) Example: Provide the training for people to move to a new career. For "free". BUT, the person receiving the training signs a contract saying they have to stay at that job, say, for 3 years or refund the company. There, problem solved.

@toonflix3757 Месяц назад

so true even in other countries in it industry its so freaking hard to.find jobs because of the jobhunters and job seekers gap.

@4115steve Месяц назад

I admire the humility in your videos, it's good to see that you're more concerned with helping people than making ad money off them with click bait

@IONKANE Месяц назад

I have been working an IT helpdesk job for 2 years now (relaying infrastucture erros/alerts to corresponding engineers, opening incident tickets etc.). I do not solve the issue, maybe sometimes participate in the process. So the experience I get out of this position is mostly interaction with the different technologies on the infrastructure. I have a lab setup (firewall + VMs "SOC at home") to get hands-on experience, have completed Google's cybersecurity certificate and now working on taking the RHCSA exam. A SOC lv1 position should be easily acquired (generally speaking) but I do not want to transition from a shift job to another just to get into Cybersecurity. Since my "carrer goal" is to be an Incident Responder, I do believe a few years of experience as a (Linux) SysAdmin would be way more valuable in the long run than working as a SOC lv1 -> SOC lv2 analyst. Any thoughts?

@dolejh Месяц назад

As I CISO - I will tell you the largest issue. People are coming out of college, with a few certs and are green, with no networking or system skills and expecting 100k plus. If you don’t know networking - you can’t be good at security. The problem is the expectation of candidates. I would rather take a 10 year network engineer that costs me 20k less.

@thatotladi4271 Месяц назад

But not every candidate wants 100k some of us are just hungry to learn and for some reason everybody wants experience . How do we deal with this

@ultravioletiris6241 Месяц назад

This doesn’t at all describe everyone. Your argument is just a cop out. Edit: Btw if this really is the quality of EVERY candidate you come across, it actually speaks to you and your company’s lack of ability in sourcing talent. You should probably git gud

@JonUF02 Месяц назад

I came here to say basically the same exact thing as a CiSSP and seasoned cyber Architect. There is no such thing as an entry-level cybersecurity job other than maybe a beginner SOC analyst. To be good at security you need a wide array of experience in all aspects of IT, but network engineers with strong firewall or SDN tools experience that can visualize packets moving through a network and troubleshoot at that level make the best security engineers. Studying books and gaining certs helps, but there is no substitute for years of real world hands on experience. I worked in a NOC some years ago in my career, they would hire anyone with a CCNA, then I had to teach them what a network closest looked like and how cross connects work, etc.

@Glenningway 6 дней назад

Best I can do is do some firewall tweaking and getting switches to talk to each other, other times it's incident response if someone clicks on a fake email, updating workstations and other devices, or going in Mimecast and vetting mail on hold. Not many opportunities out here that can get me out of multi-hat support. It's what's been the common job out here. We do have SIEM that is Sentinel One, though much of that is automated. It's a nice monitoring/management tool though.

@MichaelWenzel-je9wz 2 дня назад

As someone who has become increasingly interested in cyber security and pursuing schooling for it next year it is quite interesting to see where others are at. At 25 yrs old and work experience and a TS-SCI clearance i find that i think if you obtain a relevant or helpful work experience it can help push your resume further and more effectively!

@johnczech7074 Месяц назад

Thank you Grant . Great content, as always!!

@zedsec Месяц назад

Another massive issue is companies just lying in the interview process. "Oh there's lots of opportunities for advancement" then you get there and there's nothing of the sort even looking years in the future. "Oh, we pay for any training you want" companies mentioning even SANS training is on the table and then won't even improve a £280 fundamental training certification.

@Carsia Месяц назад

Seems like all of the jobs are for senior roles. That’s where the shortage lies. I always say there aren’t (m)any “entry level” cybersecurity roles where people can get that experience. The requirements for those senior roles are a lot, so we HAVE to start networking and getting to know somebody who knows somebody. lol. That’s how I got my job. Word of mouth. Pretty much hired on the spot and been here almost 2.5 years now.

@toonflix3757 Месяц назад

that kinda sucks for a lot of us. basically having a backup or knowing someone has the higher chance to get the job.

@collinsinfosec Месяц назад

I have discovered the same as well for senior roles.

@CertificationTerminal Месяц назад

Good info. Thanks.

@theandroidsdarkside Месяц назад

I think it is on company’s duty to consider candidates over the degrees or certifications obtained. It’s true that certifications work as a rapid filter to let certain people in, but it’s also necessary for people with technical knowledge to involve into the HR area and interviewing candidates with technical interviews. As psychology student who has knowledge in recruitment, I think HR people (from a psychological pov) should focus on the human aspects required for the job vacancy (personality, life style, cognitive ability, etc.), and let specialist do the rest of the technical interview to the candidate.

@vectoralphaAI Месяц назад

Its all the companies fault. Back in the day companies used to offer training, they dont do that anymore.

@kitsch590 Месяц назад

Grant, how hard is it to get into cybersecurity (ethical hacking, etc) without a degree in IT? There are a lot of online courses that promise you can transition from a different career, complete a course and pass the certificate and land one of those jobs. For instance, the CEH and also Google has their own certificate.

@zedsec Месяц назад

100%, sometimes they're using an old listing, one from another adjacent team. Something will say it's a main focus and you'll mention it in the interview and they'll go "oh? We don't use that". Other times they're wanting in-depth knowledge in every single area. I've always believed "just apply anyway" but as I'm trying to move up into a more senior role I'm getting intimidated by what a lot of people are advertising for.

@ultravioletiris6241 Месяц назад

These companies are just hurting themselves in the long run. The messed up part is how infosec as an overall industry is milking money off of job seekers rather than contribute to improving hiring conditions.

@mahmutIsHere Месяц назад

Man your videos motivate us to grind in this real life world 😊 Thanks

@collinsinfosec Месяц назад

Happy to help!

@freedomordeath1805 Месяц назад

Grant , your not the only cynical / pessimistic person in this space, I am as well you are not alone

@joelrobert4053 Месяц назад

This is more like an experience gap

@rinaenemabaka8840 Месяц назад

i'm about to finish high school this year and i have been researching about cybersecurity jobs because that's all i can think about doing after high school and that's why i see these articles that make me even more interested in this field. i'm still confused on which uni course i should pursue. Should i pursue a information Technology? Do i need to be good at math in order to IT in uni and that make it into Cybersecurity after having some experience in IT? I am from South Africa by the way

@Dankduckk Месяц назад

IT degree would be a good route bc u can always get the certs later and u can move around different fields. It also requires less math than CS.

@joelrobert4053 Месяц назад

I suck at math and recently became a security analyst at my company

@JustinJ. Месяц назад

The big IT companies in SA offer graduate programs, start applying now and you will get educated for free

@collinsinfosec Месяц назад

You do not need to be good at math, unless you want to specialize in the cryptography space or perhaps software engineering with an emphasis in security.

@skyhappy Месяц назад

Get a job, then do online uni like WGU for the degree paper. You will learn very little during the degree. So minimize time spent on it. Take a year break to self learn and find a sysadmin or security job.

@VIVEVIEV Месяц назад

1:09 amoungus

@dennisreynolds9202 Месяц назад

I'm building my own skill

@marilynpridgen9517 Месяц назад

There is no real shortage in cyber security professionals but what there is is racism and that they do not want to hire black people so you have all these black people graduating from higher education institutions qualified with the certifications not being hired especially for supervisory positions that are open for long periods of time so you may have a point and what you’re saying I’m not saying you don’t have a point but what about the thousands of black individuals that are not being high because of the color of their skin.

@joelrobert4053 29 дней назад

What are you talking about? I’m black and just got hired as a security engineer. I think you mean black people expect to make $100k+ without having no experience in security

@kreativeforce532 Месяц назад

wtf so would a 20yr degree qualify job seekers? If a bachelors isn't good enough why do certificates which take far less time exist? If a bachelors isn't good enough then there should not be federally funded loans to put people into debt to get the bachelors. This whole video reeks of gatekeeping and moving the goalpost.

@rajneelkaran8849 Месяц назад

Almost everyone wants to be in cyber security, I had a conversation with a marketing specialist who jumped roles, she used the work relaxing and cyber security in the same sentence, She also has a lot of confidence and higher level process mapping skills. I'm not sure yet but is she going to survive in the cyber security field, will keep you up to date.