The Problem With Infosec Recruitment

In general most people like being employed and do not like being unemployed, but hardly anyone likes looking for work.

The Problem With Infosec Recruitment

In general most people like being employed and do not like being unemployed, but when it comes to looking for work, hardly anyone likes job hunting no matter what industry they work in. This is especially true in the infosec industry where there is allegedly a huge skills shortage, but from the conversation I have had with job seekers it is not at all easy to find the right job, whatever level of seniority you have.

When you are first starting out in the infosec space it can be difficult to know which route to take or where to start. It can be difficult to work out the different domains and niches and to further confuse matters infosec professionals take lots of different routes to get to the jobs they are currently in, there is no clear pathway. There is lots of noise, clutter and confusion in infosec recruitment, you have to sift through hundreds of job posts on lots of different websites to find something suitable and it is very easy to read a job post and not really know what the job is about.

Job descriptions list lots of different skills but weight them equally making it difficult to tell if you have the right skills and experience levels for the job. Infosec is notorious for being vague with job descriptions and demanding more professional experience than the roles actually require. Nobody wants to hire beginners and train them, everyone requires 10yrs experience and complains about a skills shortage.

Most of the recruiters that you talk to will have no idea about specific jobs or what they entail, but they will have a checklist of keywords to tick off. Recruitment is the one industry where people (the recruiters) vet other peoples (the candidates) skill sets for a job that they have never done and do not really understand. Because of this the recruiters are reliant on keywords and checklists to find the right candidates.

Because websites make it so easy to apply to jobs, often in just two clicks, employers, recruiters and HR departments are inundated with resumes and forced to use keyword analysis tools in order to separate the qualified from the unqualified. If you do not have the right keywords in your resume you will not even get called in for the interview and the system will automatically reject your application.

This is obviously unfair to qualified candidates who do not know how to game the system, but also because keyword analysis is fundamentally flawed, it fails to recognize the subtle differences in job roles or in the context behind each keyword. Keyword analysis systems cannot tell you what a cybersecurity analyst is, if he or she works in a SOC, in access management, application security, DLP, or governance, risk and compliance. When understanding jobs context is everything.

Human resources departments and hiring managers are notoriously silent when it comes to giving feedback to candidates, or even just updating them. Often the reason given is the potential legal risk of communicating with unsuccessful candidates, many companies are scared you will sue them for not hiring them if they say the wrong thing so they keep quiet. As a candidate, this means that you may be interviewed in person and then never hear from the company again.

All of this leaves candidates feeling confused, frustrated and lost in the highly fragmented infosec job landscape. Unless you have the right network, the right connections and experienced colleagues to advise you finding a job that is right for you and your individual circumstances can often feel like it is impossible. If you are still employed while looking for your next job, you simply do not have the time to sort through the thousands of poorly written job pages out there, it’s a full time job.

This is why I am excited about my friends company, They are building a cybersecurity job recommendation service that leverages natural language processing to help their users cut through noise in the infosec job market and get to the signal.  As a deeply curious technologist focused on cybersecurity I tend to seek out new technologies, especially the interesting ones that try to solve a real problem.

I know lots of entrepreneurs and get to talk to them about their technology and the problems they are trying to solve , but my friends over at are the only people I have met who are trying to solve the infosec recruitment problem.

They trained their platform using hundreds of thousands of jobs and developed machine learning algorithms to extract the contextual and semantic analysis in order to properly understand how a job is relevant to you as a candidate and your skill sets (rather than just display jobs pulled from a simple keyword analysis).

You can use their platform to find the jobs which are most suitable for you and which most match your individual experience, technical qualifications and other criteria, ranking them on a percentage scale so you can sort by the beat matches.

It cuts down on clutter and the number of job descriptions that you have to sort through in order to find ones that are relevant to you. It also helps you improve your resume and chances of passing through the keyword analysis process and getting to the hiring manager by suggesting keywords you may be missing which you could add to your resume in order to get through to the interview. It gives you a fighting chance against the keyword analysis tools HR departments use and improves your odds.

They even have a Chrome extension which lets you use the job description analysis tools on third party job sites, ranking jobs which most closely match your needs and helping you better prepare your job applications to submit.

It is a new platform and one that they are continuously evolving, but it is the only job platform I have ever seen that actually interests me and that I think is solving a real problem. As job seeker I can clearly see the value in only seeing job descriptions that are contextually relevant to my specific skills and nothing else. I can clearly see value in a platform which helps me prepare my resume in a way which maximizes my chances of success. I love the idea that you can quickly analyze a job description and tell which keywords need to be added in order to make it through keyword analysis.

Most of all I really like the idea that the challenges we face in infosec recruitment can be overcome with good technology, in my view, the main problem is one of understanding. If job seekers cannot understand job descriptions and recruiters cannot understand the context of the jobs or your individual skills, then keyword analysis alone will not help you understand how you can hire the best candidates.

My friends at are trying to cut through the noise to tune into the signal, a fantastic thing for job seekers trying to navigate the infosec recruitment maze.

** For transparency purposes neither Secjuice nor the author was paid to publish this article, but the writer is guilty of helping his friends and their early-stage startups get some visibility in the absence of a marketing budget. **