Thomas Richard’s Post

In the realm of cybersecurity hiring, the numbers don't lie. With a staggering 23% of the demand for skilled cybersecurity professionals left unmet, organizations face a critical shortage. If you are a CIO, CISO or other hiring manager, this should concern you. To add to your hiring difficulties, when your company decides to add *two years of experience* for entry-level positions, you will be exasperating the skills shortages in your own organization. Whether you want to believe it or not, when your competitor pays a fair salary, they will get the best of the best Cyber professionals. ➡ At entry-level, because they are paying the market salary and hire new graduates. ➡ AND the best of the best with 2+ years experience because they are not offering an entry-level salary. They offer market level for the experience. As we enter 2024, the cybersecurity hiring landscape reveals two key gaps: ❗ A Shortage of Cybersecurity Professionals: Cybersecurity certification providers, ISC2, estimates that there are 1.5 million cybersecurity workers in North America, with a shortfall of 522,000 workers, which results in only 74% of demand being met. This is in line with Lightcast's research which shows a 72% satisfaction of demand for cybersecurity professionals. ❗ Hiring Expectations Gap: Job seekers say that companies have unreasonable education, experience, and salary expectations, and I agree. For example, the vast majority of job postings — about 85% — call for at least a bachelor's degree in computer science, cybersecurity, or other technical discipline, when historically only about 60% to 70% of cybersecurity workers have a college degree. Now, even though your company may be well-informed on the current shortages and offer fair market salaries. they still could face difficulties in hiring. To address shortages, you can invest in reskilling, providing mentorship, and inclusive hiring practices. INCLUSIVE hiring practices mean getting rid of the requirement for a Bachelor's Degree. When you invest in training and hire smart... You will be able to hire right. Are you struggling to fill any of your open GRC or Cybersecurity positions? Send a message now and let's take care of that. www.edgextalent.com #CyberJobs #SkillShortage #CISO #EdgeXTalent

Update on the cyber security jobs market + tips for your search… Things ain’t easy for candidates out there as it stands and here’s why: - Most well known brands are overwhelmed with inbound applications. I spoke to a good experienced internal recruiter last week who told me her & the team have stopped using any form of inbound application channels as they cannot physically handle the workload. They’ve resorted to a more proactive outbound approach targeting candidates. - Whilst most known, experienced, and good specialist agency side recruiters are still kept busy we’re working on very specific assignments when partnering with client organisations. These talent pools are often still tight within specific subsections of the security market meaning we can’t help the masses only the few. What’s caused this storm across the security jobs market? - Meta, Amazon, and other big tech have kicked out huge amounts of talent onto the market via layoffs. Combine this with the fact it’s never been easier to apply for a job (AI, automation etc) we have a perfect storm on our hands & companies are literally getting bombarded with a continuous onslaught of applicants. Are there any positives for candidates? - Yep! Personally I’m noticing an uptick in demand on the client side of the recruitment equation right now which I firmly believe will trickle down to the wider market soon. Keep in mind the recruitment game has been cyclical since the beginning of time. One year clients are in control & the next it’s a candidate led market again… What advice & tips do I have for candidates? - Personalisation is key on a consistent basis. Don’t apply for 200 - 300 roles in a generic way you’ll be lucky to get a reply, apply for 10 in a hyper personalised fashion. Map out the decision makers within the organisation, research these people prior to ‘hitting them up’. Even folks reading this will ignore this advice, if you follow it you’ll stand out. - Be real with yourself. A career in cyber security within the US means you’ll have a salary way WAY into 6 figures given time, options to work remotely, major levels of stimulation, a huge sense of purpose. Essentially you’ll be living your best life, living the dream so to speak. So, this is never going to be easy & to be quite frank it shouldn’t be. - Have a plan, keep your cool, stay persistent, and stick with it. This is a test to see how badly you want this career. Pass the test, cultivate a strong mindset that will carry you through the tough times, & enjoy this journey! Providing you don’t quit you will reach your desired destination. Believe it or not this is all meant to be good fun! You got this & patience is a virtue... If you’re in process with me I will be getting back to you. I always get back to everyone that is but for all the above reasons things are slightly slower. I hope this up to the minute market info helps you.

Are you a Talent Recruiter or IT/Cyber Security Manager drowning in resumes? We get it. Finding the perfect tech talent is a constant battle. That's where the Cyber Combine can help! Cyber Combine is a FREE talent scouting platform that connects top companies with pre-vetted, highly skilled cybersecurity and IT professionals. Here's how it works for you: 💥 Tell us your hiring needs. (Job descriptions, skills, experience level) 💥 We curate a pool of qualified candidates based on your requirements. 💥 You connect and interview the top matches. Save countless hours filtering resumes! Benefits for YOU: 🔥 Faster Time-to-Hire: We source pre-vetted candidates ready for immediate interviews. 🔥 Reduced Recruiting Costs: No expensive headhunters or agency fees. 🔥 Top-Tier Talent: Access a network of highly skilled cybersecurity and IT professionals. Cyber Combine is 100% FREE for Talent Recruiters and IT/Cyber Managers! Ready to build your dream tech team? Comment below or send us a DM to get started! #cybersecurity #itjobs #talentrecruitment #cybersecurityjobs #itcareers #freerecruiting #cybersecurityprofessionals

Real cyber security job market information… When the headhunter gets headhunted this a good sign for the wider market. Why? The larger agencies are smart and with ‘heavy hitting’ balance sheets they can easily afford to staff up with experienced recruiters right about 6-12 months prior to market bouncing back. In 2022 these messages used to hit my DMs daily but I haven’t had one for a while… What does this mean for you as a cyber security professional if you’re looking at a move or a new role? It means the market is firmly on it’s way back. Remember these larger agencies spend a boat load of cash when it comes to reviewing the recruitment market and to be quite frank their bloody good at it… This message landed just yesterday I’ll keep the security community updated as the temperature of the rec2rec (recruitment term meaning recruiters that only recruit recruiters) market continues to rise! Stay strong, many will quit and opportunities will come your way! As a small specialist we’re feeling nice market vibes now - more good things are coming for everyone guys and girls! PS of course I don't mind the polite persistence, quite simply you can't reach your potential in life without this! 😍

🔒 Cybersecurity Hiring Needs a Reality Check 🚀 The cybersecurity job market is booming, and with every new report, we hear about the increasing demand for cybersecurity professionals. But here’s the thing—the hiring approach is broken, and we need to talk about it. Too often, job postings in cybersecurity are filled with unrealistic requirements: multiple years of experience for entry-level roles, an alphabet soup of certifications, and demands that can alienate otherwise capable, passionate candidates. We say there's a skills gap, but are we truly opening doors for new talent, or are we building walls? To bridge the gap, we need to: 1. Rethink Entry-Level Roles: Entry-level should mean entry-level. If we want to grow the talent pool, we have to start by lowering the barriers to entry—not raising them. 2. Emphasize Skills Over Certifications: Certifications are valuable, but they shouldn't be the only ticket to a cybersecurity career. Let’s focus more on practical skills, hands-on training, and real-world problem-solving capabilities. 3. Create Pathways for Non-Traditional Candidates: Cybersecurity needs diverse perspectives. Not everyone has a traditional IT background, and that’s okay. Many successful cybersecurity professionals come from completely different fields—let's recognize that potential! Until we change the way we hire, the cybersecurity skills gap will persist. It’s time to be part of the solution by creating opportunities that make sense for the challenges we face today. The future of cybersecurity depends on how we invest in talent now. Let’s open more doors, make roles truly accessible, and reimagine what hiring in cybersecurity looks like. What are your thoughts? How can we collectively improve hiring practices in cybersecurity? 💬🔍✨ #Cybersecurity #HiringPractices #Skillsgap #DiversityInTech #EntryLevel #CybersecurityCareers #RealChange #InclusiveHiring

🚀 𝐋𝐞𝐚𝐫𝐧 𝐀𝐛𝐨𝐮𝐭 𝐓𝐡𝐞 𝐑𝐞𝐜𝐫𝐮𝐢𝐭𝐞𝐫𝐬 𝐀𝐧𝐝 𝐇𝐢𝐫𝐢𝐧𝐠 𝐌𝐚𝐧𝐚𝐠𝐞𝐫𝐬 Researching recruiters and hiring managers can give you an edge in your job application. Here’s how to do it effectively and professionally: 🌐 𝐔𝐬𝐞 𝐓𝐡𝐞 𝐂𝐨𝐦𝐩𝐚𝐧𝐲 𝐖𝐞𝐛𝐬𝐢𝐭𝐞: Start with the company’s website. Look for an “About Us” or “Team” section to find profiles of recruiters and hiring managers. Understanding their roles can help tailor your approach. 🔍 𝐋𝐢𝐧𝐤𝐞𝐝𝐈𝐧: Leverage LinkedIn to gather more detailed information. View their profiles to learn about their career history, achievements, and posts. Look for mutual connections who can provide introductions or insights. 📚 𝐎𝐭𝐡𝐞𝐫 𝐒𝐨𝐮𝐫𝐜𝐞𝐬: Utilize professional networking sites, industry forums, and company review websites. These platforms can offer additional context about the recruiters' and hiring managers' professional backgrounds and the company culture. 💡 𝐁𝐞 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐢𝐜: Use this information to personalize your communications. Mention relevant topics or mutual interests to build rapport. However, avoid overstepping; maintain professionalism and respect their privacy. Remember, your goal is to understand their background and approach, not to invade their privacy. A well-informed approach can help you make a stronger impression and stand out in the hiring process. ✴ Cybersecurity Jobs: MyTurn.Careers 𝐒𝐮𝐛𝐬𝐜𝐫𝐢𝐛𝐞 to Hiring in Cybersecurity: https://lnkd.in/eAHTARbS #cybersecurity #jobsearch #careeradvancement #networking #professionaldevelopment #it #cyberjobs #hiringtips

What are "Ghost Jobs" and how do they impact Cybersecurity Professionals? As cybersecurity professionals, we’re no strangers to challenges in the job market, but the trend of "ghost jobs" is a new hurdle that’s creating waves—and not the good kind. ❓ What are ghost jobs? For those unfamiliar, ghost jobs refer to job listings that companies post even when they have no intention of filling the roles. A survey by Clarify Capital revealed that nearly half of hiring managers keep these postings up to appear to be hiring, as a motivator for current employees, or to create the illusion of growth. ❓Why is this especially harmful in cybersecurity? 🥇 Wasted Time & Resources: For job seekers, ghost listings waste valuable time and energy—time that could have been spent on viable opportunities. Cybersecurity pros invest hours perfecting resumes and preparing for technical screenings, only to realize the job doesn’t actually exist. 🥈 False Industry Signals: Job market trends shape career paths, and cybersecurity is no exception. Data from Cyberseek shows a reverse pyramid of demand in the industry, with far fewer entry-level roles than mid or advanced positions. "Ghost jobs" further skew perceptions, making it look like there are more opportunities than there actually are. 🥉 Impact on Entry-Level Prospects: For newcomers, ghost listings create false hope. Given that 46% of cybersecurity analyst listings in the UK were reportedly never meant to be filled, recent grads or early career professionals are left feeling more frustrated and confused. With automation and AI shifting expectations, many of these listings only deepen the gap between what’s advertised and what’s achievable. Everybody should be advocating for more transparency and honest hiring practices. The cybersecurity field is crucial, and we need to build it on real, reliable foundations. Have you applied to "Ghost jobs" before? What are your thoughts? Let me know in the comments! 👇 #Cybersecurity #GhostJobs #Hiring

📢 Cyber market picking up?! Having lots of positive conversations & meetings about hiring plans now and in the coming weeks/months. Recruiting will still be tough, sifting through the noise to find good cyber talent will be the test... 🔎 Clients/Hiring Managers - budgets are tight for agency spend BUT good recruiters will be able to get the best people in front of you quickly. Saving time working through hundreds of applicants, avoiding 15-20 screening interviews and going straight to the best 3-5 people out there. The value is in speed to market and access to the best talent in a market flooded with candidates. 🔎 Candidates - don't be put off by seeing a high number of applicants to a role, if you think you match up & like the role – send your CV! Often in tech, about 70-80% of applicants aren’t right relevant they’re just sending their CV in hope. You could be the one that agent/company needs. Try to stand out from the crowd, apply & send a personalised follow up message on LinkedIn to the job poster.   Any other tips in today’s market? Share them below. #hiring #cyber #recruiting

What's the CISO market like Joe? Hmmm... There are two sides to this question, which is why I struggle to answer it. The simple answer is, I'm not sure. On the one hand, I see a lot of people looking for work, and the same problems remain; -Archaic hiring. -Awful job descriptions. -Poor salaries. -Lengthy processes. -No opportunity. But, on the other hand, I speak with people who have lots of opportunities, lots of interviews and are getting offers for high-profile roles. I had a client secure a job within 2-3 weeks after being made redundant. It is the same with recruiters; I speak to some who are inundated with work and some who are struggling. You see the market through your own lens. This is why it is difficult to form an opinion on something that varies so much between individuals. What are your thoughts on the current cyber security job market?