Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning, everybody and welcome to the show. I wanted to tackle um an interesting topic and it's a bit of a challenge and I'm seeing this from the outside, but where this is coming from is from all the questions, all the stories I've been hearing from you. So please keep those coming.
What I want to tackle in this episode of Mornings with Mark is getting past hr when you're trying to get started in cybersecurity and I debate of whether to phrase it like that getting past hr it should really be collaborating with. Hr but essentially we, I want to talk about getting past that initial hurdle.
Now, remember I've been in the field a really long time. So my experiences aren't nearly as fresh. But what I'm pulling these, um this advice from this commentary from is all the stories that I've been hearing from you folks and I'm hearing, you know, several a day.
Um And I, I try, I do read them all and almost that um I don't get back to everybody all the time because they try to answer you here on the show or through other medium. Um But I I think it's critical to share some of the experiences.
I think one of the biggest frustrations that I'm hearing from everybody is on one hand, you're hearing that there's this massive gap for people with cybersecurity skills. And then um that's contrasted and sort of conflicting with the fact that it's really, really hard to get started.
And I think there's a few reasons for that and I think it's gonna take a lot of effort on a lot of people's parts to shift that culture. So the one thing that's really running against, um a lot of people trying to get into the field is that companies are desperate for talent and they need that talent to be productive.
Game. One, that's hard. If you're just getting started, you may not be able to jump into a new team, a new environment and actually deliver right out of the game. Um In fact, you're probably not going to be. And if that's the expectation you're going to be set up for failure and that's not a win for you or for the organization.
And what companies need to shift is uh understand that they may not be able to get talent right in the door, that's going to be productive day one. But they can get people who are eager to learn, who have a really good head space around them, really good work ethic um that will come up to speed quickly and that's a shift because the hr requirements on the requisitions on the job postings are like, oh, well, I need 2 to 5 years experience or I need this certification or that certification and people who are just starting might not have that they're more than capable of achieving that.
They just need to be invested in it. I think that's really the fundamental problem. I keep hearing that time and time again. I had somebody shared a story with me the other day, but the fact that, you know, they've got a number of certifications with no experience, but they can't get a job.
Um, you know, and that is unfortunate because obviously they've gone through the effort of educating themselves with coming up to speed, but they don't have that um directly relevant experience on the resume. So they're not getting the opportunities. They're just being blocked by the gatekeepers because H R's job is to make sure that they're pushing qualified candidates to the hiring managers.
Now, don't get me started on how we hire an it because I think it's fundamentally flawed in a lot of ways and it's a really hard, hard problem. Right. Hr is, is a fantastic discipline. They solve a huge amount of problems. But at the end of the day, engineers trying to hire other engineers makes it really difficult because um just the culture is not super supportive and we need to look at hiring differently, especially if we want to tackle this skin gap.
We need to be able to take a chance on people and not every time it itself will work out every single time. But as a company, you need to turn around and say, hey, I can hire Mark. He's eager, he's got the right attitude. He understands the principles of security as far as having that broad perspective, needing to learn constantly, um, and being able to evaluate risk and contacts.
Um, and we can train him on all the rest of the stuff and we can help him understand that because there's a, there's a desire there. He, he has a passion for this. Um That's the kind of candidate that you can find. The problem is making that argument as the candidate getting past the automated screens, getting past the initial junior hr person that don't meet that requirement, that's a must have you're out of the competition.
So here's where you need to get a little crafty. Um This is where you need to start reaching out. This is where you need to start building a network of contacts so that you can get that personal recommendation because you as a complete stranger might not be able to get over that wall, you might not be able to make it in past that screen.
But if you talk to somebody who's already at that company or who knows somebody at that company, you can get that personal recommendation in. And I know that's challenging for some, but I think that's strong opportunity and the way to get that is to get out and socialize.
That's hard for a lot of us. We need to put ourselves out there. But this is where free events like Bides really come into play. A lot of security practitioners really enjoy going to Bide because it's no BS, it's no vendor pitches, it's all just sharing our learnings, right?
So it's a good social community around there. Check out your local meetups, be active on social media as a social engagement. So interacting with people talking on GI on linkedin groups, get yourself out there and make the contacts because unfortunately, we're not going to be able to change that reality of how big organizations and even medium and small organizations hire as far as that first filter because if they get 100 applicants for one job, they're going to have to filter that down quick.
They can't interview 100 people. So the way they're going to start doing that is just you don't meet this requirement, you don't need that requirement, blah, blah, blah, blah, blah. And if you're just starting out, you're not going to meet those requirements, but you could very easily with a little bit of investment.
So this is where that social aspect comes in getting that recommendation, getting that help from somebody else in the community and within the cybersecurity community, it's a pretty strong community. It's a community that tries to look out for one another. Now, there's a lot of problems like any community, but when it comes to filling the skills gap, we're all going to be better off.
We're all swamped. There's tons of jobs to go around. We just need to make sure that we can start to get eager candidates, candidates to follow those corporate that we've talked about on the show before. Um, into the right ones. I don't have all the answers.
Um I don't, um you know, not everybody's gonna be able to use this advice. It's just a bit of perspective that I've seen being able to pull out from the stories that you guys are sharing with me and please continue to share them with me.
I'm at marknca online, hit me up in the comments down below or as always by email me@markn.ca. I do read absolutely everything. It's just the volume is crazy, which is a good thing. Um So I try to answer big fact like this, but let me know what your experiences are.
Have you had success in getting a recommendation to get around some, uh you know, first line filters in the hr process. Um Are you seeing that is this, you know, does this ring true to you that you're getting blocked on some basic things that they want?
X and you don't have it. So you're not even getting an opportunity to plead your case have you figured out a more creative way to get around it? Um Maybe a pitch video, maybe a quick website resume. Um with a pitch video saying like, hey, here's why I'm eager.
Here's what, here's what I can do for you. Give me a shot. I may not check all the boxes, but I definitely can get the job done. I don't know. Let me know. Um let's keep this conversation going because I think it's absolutely critical. Um because we have this massive skills gap, we need more people and we need more people focusing on cybersecurity.
And as always, you've heard me rant about it before we need to teach other people within it how to implement security and to live and breathe it in the fabric of what they're building and in their operations. So lots to go around. I hope you're set up for a fantastic day.
I will catch you on the show tomorrow and I will talk to you online throughout the day. Take care.
