Meet the researcher who wants employers to write better infosec help wanted ads

Share Post:

Originally Posted on SC Media : Spot the problem: A job description posts that requires five years experience on software brought to market last year. Or it calls for expertise on every system developed since the Apollo program. 

Dozens of help wanted ads are shared and ridiculed among experienced pros looking for new gigs and novices looking to start careers in an industry notorious for a workforce gap. Alyssa Miller, a security advocate at Snyk and a longtime hacker and researcher, wants to save employers the embarrassment. She’s researching the phenomenon and what to do about it, even soliciting ads that “suck” for study here.

SC Media spoke to her about all the ways ads go bad, and what to do about it. 

When you say you’re looking for ads that ‘suck,’ what exactly does that mean?

You’ve got tons of people trying to get into the field who can’t. You’ve got companies who say they’re looking for skilled people but can’t find them. And you’ve got experienced people who are in the job market and can’t find jobs. 

At the beginning of the year I did two surveys with about 1,500 people – one for people who were experienced and one for people who were newer. What I found was a significant number of people looking for a new job for six months to a year or even longer. One of the things coming up I see a lot is that job descriptions are awful. 

You see “10 years of Kubernetes experience” when Kubernetes has only been around seven years. You see entry-level positions that require three to five years of experience. Or you see internships that require a CISSP, which you can’t get without five years of experience. There’s a lot of different patterns out there. I’m trying to identify what it is people are perceiving as bad job descriptions, analyze those job descriptions and come up with strategies for what needs to be done differently. [This is better than] a bunch of people saying that recruiters and hiring managers are lazy or don’t know what they’re doing. None of that’s helpful. 

It seems like, by listing unrealistic or impossible standards, you would be asking applicants to self-select as the type of person who would lie to you about being qualified. 

Read more on SC Media

Stay Connected

More CyberChats

Implementing a Zero Trust Architecture

Conventional network security has focused on perimeter defenses, but many organizations no longer have a clearly-defined perimeter. To protect a modern digital enterprise, organizations need a comprehensive strategy for secure “anytime, anywhere” access to their corporate resources (e.g., applications, legacy

This website uses cookies to ensure you get the best experience on our website.