惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
T
Threat Research - Cisco Blogs
GbyAI
GbyAI
Y
Y Combinator Blog
美团技术团队
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
S
SegmentFault 最新的问题
IT之家
IT之家
Recent Announcements
Recent Announcements
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
T
The Blog of Author Tim Ferriss
Martin Fowler
Martin Fowler
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
U
Unit 42
WordPress大学
WordPress大学
博客园 - Franky
L
LangChain Blog
人人都是产品经理
人人都是产品经理
小众软件
小众软件
博客园 - 叶小钗
罗磊的独立博客
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
雷峰网
雷峰网
腾讯CDC
Google DeepMind News
Google DeepMind News
博客园 - 三生石上(FineUI控件)
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Help Net Security
Help Net Security
C
Check Point Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
N
News and Events Feed by Topic
V2EX - 技术
V2EX - 技术
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
博客园 - 聂微东
A
Arctic Wolf
H
Heimdal Security Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
The Exploit Database - CXSecurity.com
C
Cyber Attacks, Cyber Crime and Cyber Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Google DeepMind News
Google DeepMind News

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
Employers are demanding too much from junior cyber recruits
Connor Jones Connor Jones · 2025-06-13 · via The Register - Security: CSO

CSO

Wanted: Junior cybersecurity staff with 10 years' experience and a PhD

Infosec employers demanding too much from early-career recruits, says ISC2

Cybersecurity hiring managers need a reality check when it comes to hiring junior staff, with job adverts littered with unfair expectations that are hampering recruitment efforts, says industry training and cert issuer ISC2.

According to the organization's latest hiring trends study, entry-level and junior job descriptions contain requirements that "are often difficult or impossible for these professionals to meet."

"This can create a catch-22 – where employers struggle to find qualified candidates and early-career talent is locked out of opportunities that could help them build that very experience," it added. 

"Hiring managers should consider reevaluating their job descriptions and other hiring mechanisms to reflect the true nature of the role, making the distinction between 'nice-to-have' and 'must-have' qualifications clear."

The study showed that more than a third of hiring managers expected early-stage hires to already have advanced certifications such as a CISSP, CISA, or CISM – achievements Dan Houser, a former ISC2 chair now at Oracle, said were unlikely or unfeasible at this level. "This has been a problem for some time, and it seems the battle continues."

The report also stated that the most pressing skills gaps in the workforce can be filled by early-career cyber professionals who are simply given some on-the-job training coupled with clear development support from their employer.

Aside from employers with unrealistic expectations, job seekers should also be prepared to demonstrate their skills in teamwork, problem-solving, and analytical thinking – the three most in-demand (technical and non-technical) skills in all job descriptions.

Only in India are employers valuing technical know-how more highly than interpersonal skills at this level, with cloud security and data security seen as the two most in-demand specialisms in the country, and generally across the world, too.

A lot has been said about the value of diversity in cybersecurity, both in terms of neurology and education, and those with backgrounds outside of technology or science should not give up hope of entering the industry.

ISC2 said around a quarter of hiring managers who recruit from education programs were able to find valuable cyber talent in those who studied fields outside of cybersecurity, computer science, and IT.

It's true that technical education, previous experiences, and/or the expected basic certs will give candidates a leg-up on the competition for entry-level roles.

According to the research, 90 percent of hiring managers would only consider candidates with previous IT work experience, and 89 percent said the same about holding entry-level certs.

However, the study noted that successful recruits were also sourced internally from departments such as finance and even non-STEM fields like communications, HR, customer service, and marketing to bring fresh ideas to the table.

So, if a candidate in the comms team starts thinking about a career switch, the way to maximize the chances of securing a job would be to work toward a Security+ cert, which is generally one of, if not the first qualification an aspiring IT pro should pursue.

It's also one of the most in-demand certs employers are looking out for when assessing entry-level or junior candidates, second only to the CASP+, which is a far more advanced qualification.

"This trend indicates the value that professionals from non-IT backgrounds can bring to the field, offering fresh perspectives, business acumen, technical and non-technical (soft) skills, and innovative thinking to the cybersecurity team," the report stated.

"Hiring strategies that include sourcing candidates from alternative pathways – such as internships, apprenticeships, and non-traditional educational or training backgrounds – can also help strengthen talent pipelines and foster a new generation of cybersecurity professionals from which hiring managers can draw.

"It is more important than ever for organizations to have these tools in place to stay ahead in a profession that demands continuous learning and adaptation."

Job market

Once considered an empty chasm of talent, waiting to be filled, some experts now say cybersecurity has very little demand for generalists.

Industry hiring has been in flux for some years now. From the COVID-19 days of mass recruitment to the economic pressures of the past 18 months making many positions redundant, what used to be a sure-fire bet for a stable career suddenly doesn't seem so safe.

Mary McHale, a careers advisor for UC Berkeley's Master's in Cybersecurity, told The Register that industry players are now looking for specialists in certain sub-fields of cybersecurity.

Recent layoffs have left the job market oversaturated, and with AI products now easily handling basic security tasks like event monitoring, employers are increasingly seeking unique talent, especially in oversight and governance.

While the private sector may not have many problems with hiring top cyber talent at the moment, the same can't be said for the public sector, at least in the UK, where robust pension packages don't make up for the comparatively lackluster salaries. ®