There are a lot of bad cybersecurity job postings. Some are comically bad, like the ones that list a Certified Information System Security Professional (CISSP) certification—an advanced certification requiring 5-years industry experience—as a requirement for an entry-level position. Some are frustratingly bad, like the positions that are right up your alley, but have a laundry list of qualifications that don’t match your experience and seem irrelevant. Either way, bad job postings serve as a barrier to getting good people into cybersecurity roles. You can have good jobs with bad postings.
How Bad Posting Get Written
There is a simple reason these bad cybersecurity job postings exist. No one is teaching cybersecurity hiring managers how to write thoughtful job postings to attract a diverse pool of applicants.
Let’s consider job postings from the perspective of a first-time hiring manager. Someone leaves your team, so you submit a backfill request with HR. As part of that process HR asks you to provide the job description. The easiest thing for the hiring manager is to update the previous job description.
Two things can go wrong. First, the hiring manager doesn’t feel empowered to rewrite the description. The previous requirements must be there for a reason, right? So the hiring manager only adds job qualifications and the posting just gets longer. Second, the hiring manager treats the qualifications like a wish list, rather than minimum qualifications. This can result in a list of qualifications, which is not commensurate with the title or planned compensation.
Either way, you end up with a job posting that has a bunch of job qualifications that appear to be required, but really aren’t. Unfortunately, that inhibits people from applying and is particularly bad for building diverse cybersecurity teams. If the HR recruiter doesn’t specialize in cybersecurity recruiting, they may not be effective in advising hiring managers to prevent these subpar job postings.
Impact to Job Hunters
It’s well documented that job postings with a long list of unrealistic qualifications have a negative impact on gender diversity of the applicants. This is an issue for the cybersecurity industry (and really, the corporate world in general) to deal with. Perhaps you’ll be part of the solution, when you advance to positions of cybersecurity leadership.
In the meantime, don’t be dissuaded by lengthy job descriptions, if you don’t meet 100% of the qualifications. After all, there’s plenty of people applying, who only meet 80% of them. Bad job postings were written that way, because hiring managers haven’t been trained to write better ones. Don’t let the gap in their managerial training prevent you from pursuing otherwise good jobs.