What COmpanies are doing wrong?

Warning I am not a pro Writer.

So the Boss asked me to write an article on what companies are doing wrong in the Job market and what they should they be doing.

So being the person I am I just decided to ask the community. What better questions to ask to Job seekers themselves and I figured that what Job Seekers see is something completely different from what recruiters and corporations actually see.

Job seekers are the fuel to your machine, your working bees the ones that you should not overlook, it takes a certain amount of skill to identify skill, unfortunately most of the time that’s not how it goes, Here is what some of the Job seekers had to say about what is going on:

According to the Davocalist: “ I don’t mind expressing myself. I think that companies should cater more to the fact that there is a such thing as work life balance. An example would be that I person married with a family obviously would not have as much time to volunteer on after hours projects than a person with less obligations. In my opinion they should not be held to the same expectations. “

From Screptillian: “ To score contracts with the Feds you have to have A DoD 570 (670?) compliant certification. Security+ is on that list but so is: CASP+, CySA+, Pentest+, etc. There is absolutely no reason why anyone should have to get a lower tier certification unless the company has worded it’s contracts so poorly that the Security+ can’t be compromised on (which is also a big red flag)”

According to AnarchySnoop: “ 5-10 years in a particular job might infer seniority, but not competence. The corollary may also suggest that 0 years in a job infers a lack of knowledge of subject matter. Just because I’m not a cyber sec pro, doesn’t mean I know nothing and have no frame of reference to begin with.”

“ I see these ridiculous requirements act as barriers to a job, which may immediately disqualification the best person for the job, who won’t be hired, because of ridiculous requirements.”

“ Anyone else blank on the basic question in an interview. Every time it feels like the mofos are trying to catch me out. Encapsulation, Inheritance and Abstraction or Design Patterns are all simple concepts in programming, but put me under pressure to describe them, it’s for the interviewers, it’s like talking to a coma patient because I’m awful for drawing a blank.”

“ I remember hearing about how one dude had his interview terminated. He had the balls to ask if some current employees would like to discuss their experience working for the employer. Frankly, he dodged a bullet.”

“ Nice to have a face to face with other employees though. No linkedin messages, no evidence of them talking shit about the company. If you don’t censor your employees, they’ll tell the truth.”

According to Xanacod: “ I don’t mind at all, will love to share my opinion regarding that aspect of the job market . In my opinion, I think that there is so much emphasis on certification still rather than what a person can actually do. We all know that certification is a way of telling the world that I have passed a certain stage in the industry but not all of us can afford to get that certification, shouldn’t there be opportunities given to people that aren’t certified so as to test their skill?? Is what matters not the ability to get the job done?? Or is it just a bunch of papers?? In a nutshell, I think certification proves little compared to skill so let there be equal opportunity to all candidates aiming for a particular job. This is exactly why Cyber Defense Services will continue to have the best talents on the industry because they have seen far beyond many fortune 500 companies. “

According to Screptillian:

“ I have a laundry list.

TL;DR: You need to show passion in the interviews. Retort: Your passion is shown through the qualifications that you’ve pursued and achieved. You shouldn’t have to prove it as long as your qualifications are listed on your resume. If you weren’t passionate about it you wouldn’t be in this industry in the first place.

1. Advertising a job position as fully remote with any expectation of the employee coming on site.

2. “10+ years experience with x technology” where x technology has only been out for 2 years

3. College Degree requirements. I work with college kids and the resounding message is that college doesn’t prepare you with anything close to what is required to know in any position of IT.

4. Not factoring in home lab experience. Experience is experience and it shouldn’t matter where you got it from.

5. “Entry-Level” but requiring 3+ years of experience in the job posting.

6. Sending out old job descriptions and not reading their own job descriptions before sending them out. (I just had a case of this)

7. Lack of communication with interviewee. Why am I waiting weeks for you to tell me if I made it to the second round or not? You should be able to deduce if you want to talk to me more during if not shortly after the first interview.

8. Hiring for longevity vs immediate impact. If your turnover is high on a bi-yearly basis you’ve got an issue, but if your turnover is high on a yearly basis that shows that your people are gaining relevant skills and levelling up. Your place of work isn’t special, in business you’re all stepping stones.

9. HR doing the initial interview screenings alone. 9/10 times when I ask a question in direct correlation with the overall duties of the position, expectations, etc. HR doesn’t know. Good example: On-Call rotations.

10. Hiring while expecting training to happen solely on the employees dime+/time.”

According to Mios: “ Perhaps is not only companies that should think when it comes to CyberSecurity jobs. Often I get people coming over to be interviewed who are not obvious SMEs of what is needed but are still called in. In 99% of the cases I fail to see a spark in their eyes nor an attitude that says I’ve spent tons of time to develop myself as that is what is needed for a job that you want to get but are not quite there yet. I do agree with others that some companies are oblivious into thinking that there is unlimited amount of cybersecurity people on the market when it fact there isn’t. So there should be more programs of training and some concepts where people can be actually pushed to reach the needed levels.”

“ Passion is not something you can see from a CV. It is something that people have or don’t. Everyone can write anything in a CV, dumping random certifications, exams, or even lie in them. My point was when people are called in on an interview when you see them lacking the skills you see what kind of person they are, their attitude, professionalism, if they said we want to be pentesters – what have they done to progress in pentesting etc. Most people tumble when you ask that question. Some people just like in IT enter the cybersecurity world just as a switch, perhaps once an IT now a cybersec. It doesn’t automatically mean passion.”

From Screptillian: “ So perhaps the question is no longer “Are you passionate?” but rather “How can we verify that you’re passionate?”. I agree that there should be a stronger qualifications vetting process than what is currently in place. “

“ Reviews of company’s on job boards and LinkedIn are a gold mine for career growth. “

According to Queenie: “ Well I think employers should put their offer salary in the job ad. Saves everyone’s time and unnecessary cat and mouse scenario like salary negotiations. Also they should not promise a job offer that will never come.”

“ experience number 2. I have this company promising me a job offer last nov 2021 and I haven’t seen even the shadow of the offer till now. Though I no longer consider them. Today is 10 March 2022”

Some of this stuff is what the community is feeling and some companies are taking advantage of what other companies are doing.

When you turn around a candidate for misspellings on a resume or for interviewing at the beach you are completely missing the skills of the candidate, at Cyber Defense Services https://discord.gg/5NbU774h we take advantage of that. Our Talent pool is very big! I meant probably one of the best in the business.We have an amazing team and a lot of people. My self I went through the whole job seeking thing. I do have the qualifications but I am not the best one when it comes to interviewing so it is what it is, some of the greatest talent are never going to be good at interviews and are never going to be great with certifications. My point is you need to change your ways to look for candidates. I am not a recruiter but I am an out of the box thinker. I don’t need a resume to figured out if someone is good at what they do. Take for example larry getz I put him against someone to run any organization.

Some of the Organizations are missing the point that you have a lot of veterans and minorities that are probably one of the best of the best in the industry and can probably save millions to bigger organizations.

Cyber Security is a field that it is a constant learning thing, so keep in mind companies also want the best of the best for them, of course they want to make money and the fact is that they are looking for the best talent, how can you prove this? well talk to them, monitor on Linkedin, figured out what recruiters are asking. But like Screptillian says: “ Reviews of company’s on job boards and LinkedIn are a gold mine for career growth. “ keep learning this is something different from what I am used to write but overall learn every day.

For some of you that are looking for mentors here are a few that I know are awesome Nato Riley, Ken Underhill, Mohammed Saquid, Pratibha Dey, Mike Jones, Kevin Thomas, ManojKummar, Kim Kennedy, Saman Fatima, Chris Glanden, Simon Linstead, Larry Getz, Zachary M., they are outstanding people to connect with or follow, The Team from Cloud Underground is awesome too, they are the best!!. So many people that are awesome in the industry that I am just forgetting right now but they do make a difference.

Very Respectfully,

Santi