Nov 12, 2020
All links and images for this episode can be found on CISO
Naomi Buckwalter, director of information security at Energage
analyzed one thousand random information security job posts on
LinkedIn. The most notable trend she found was that 43% of the
posts had CISSP and 5-year experience requirements for entry level
positions. Are companies trying to lowball cybersecurity
professionals, or do they simply not know what an entry level
cybersecurity job is.
Check out this
post for the basis for our conversation on this week’s
episode which features me, David
producer of CISO Series, co-host Allan
Alford (@allanalfordintx), and our
guest is Joseph
Carrigan (@JTCarrigan), senior security
engineer at Johns Hopkins University
Information Security Institute, and co-host Hacking
Thanks to this week's podcast sponsor, Keyavi
Our Keyavi breaks new ground by making data itself
intelligent and self-aware, so that it stays under its owner’s
control and protects itself immediately, no matter where it is or
who is attempting access. Keyavi is led by a team of renowned data
security, encryption, and cyber forensics experts. See for yourself
On this episode of Defense in Depth, you’ll learn:
- There has been an ongoing trend for companies to post "entry
level but experience required" job listings for cybersecurity
- This is self-defeating for companies because the positions
don't get filled. And for true entry level people, they get
discouraged. They feel it's impossible to get into the industry.
This can drive them away from cybersecurity which hurts the entire
- Others would argue that we shouldn't even have this
conversation because there is no such thing as an entry level
position. Like there are no entry-level doctors. You must have some
type of training or experience to do this job.
- There's no doubt that CISOs fight more for headcount than they
do overall dollars. And if they get a limited headcount, they're
going to want to get as much talent as they possibly can with that
limited number of positions they can fill.
- Security is a layer on top of IT, engineering, or development.
For that reason it can be seen as mid-level experience or above,
simply because security is a specialization.
- Is this behavior of shooting so high for an entry-level
cybersecurity role causing the cybersecurity skills gap?
- Best way to prove your value to a hiring cybersecurity
professional is to setup your own home lab.
- The skill that is hard to put on a resume or to explain in a
job listing is non-linear thinking. But that's essentially what
you're looking for with an entry-level cybersecurity hire.