- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Online security job leads
Security job seekers have many ways to find job leads. Peer networks and social media are potential resources, especially for those who still think the best jobs are not in the public domain. For the sheer volume of apparently potential opportunities, though, it is hard to ignore job boards.
Job boards are predominantly generalist. This means you must weed through millions of listings unrelated to your security skill sets. Niche market boards exist, though. For instance, our friends at Security Jobs Network have been aggregating professional-level security jobs for more than 20 years.
SJN reports that, in addition to mid-level security roles, there is a marked increase in public listings of senior- and executive-level security and risk management positions. Salaries and comp packages for these jobs are routinely in the hundreds of thousands of dollars. What is diving this proliferation of security job listings?
One factor is organizations no longer need to pay high advertising fees to gain exposure to their target candidates. There are thousands of online listing sites open to global audiences, including the career sections of most company websites. Hiring and recruitment firms can generate responses for their openings this way, often at little to no cost.
Candidates can easily attach their profile or resume to a job on a board or company site instantly. This generates the large volume of applicants companies initially think they want. The number of responses might also be the statistic some talent acquisition (TA) practitioners are measured against.
It sounds great for both the hiring company and the job seeker. However, the resulting experience for both is often anything but great.
The top complaint we hear from security jobs seekers is not getting a response after applying to a job they believe they are the perfect match for. The top complaint we hear from companies looking to hire security professionals is they cannot find — or respond to — top talent given the deluge of applications they have received.
The chaotic nature of internet job posting has set up hiring challenges not readily clear to job seekers:
- HR and/or TA staff have been reduced, but the volume of openings across organizations has increased. Recruiters often have multiple roles they manage and simply do not have the bandwidth to review every candidate. Additionally, they may not understand each of the organization’s functional areas and those roles they are recruiting for.
- A company’s internal recruiting management system may be integrated into one of the major job boards as outsourced public posting. These are often complex set-ups and not necessarily configured with the candidate’s experience in mind. Knowledge about how these systems work is an ongoing challenge for companies, made more difficult if the organization has a high TA turnover rate.
- A corporation’s internal policies may dictate positions are always listed publicly, even if the intent is to only consider internal candidates first.
- Sometimes jobs are posted only for a day or two to enable a small number of previously sourced candidates to input their details into the company’s internal system. A variation of this is some intake systems either close a job or stop accepting new applicants after a certain number of applications. In either of these scenarios, not everyone who applies will be reviewed.
- Corporate policy may be for recruiters to simply collect resumes and notify the hiring manager they are available for review on the company’s internal collection system. Many of these systems are not intuitive. As a practitioner, can you imagine how you would carve time from your day to review hundreds of applicant names? Some systems allow you to open only one record at a time to display limited information. From that snapshot, you will then have to decide if you want to open the related resume.
- Social media sites and job boards often derive income from advertising. Many also troll and scape job listings from company career websites, recruiter sites and each other. Jobs get redated, reposted and reused. The goal is to drive user traffic, but the practice creates misinformation on a massive scale.
Well-prepared security job seekers invest time in self-assessment, resume development, branding and interview preparation. All while performing their day jobs. Their hope is to be fairly evaluated for the jobs they apply for. Unfortunately, that is often not the case, to the detriment of both the hiring company and the job seeker.