Cybersecurity Mentors Podcast
In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.
Cybersecurity Mentors Podcast
Navigating today's job market with Kelly Belding
This episode delves into the current state of the cybersecurity job market and offers essential strategies for breaking into the industry. Kelly Belding, an experienced IT recruiter, discusses hiring trends, the importance of relevant skills and certifications, and the significant role of networking for career advancement.
• Overview of the changing IT job market dynamics
• Discussion on entry-level versus mid-senior level positions
• Importance of skill sets and certifications in job applications
• Insights on current salary expectations for new graduates
• Networking's vital role in securing job opportunities
• The impact of AI on hiring practices and operational roles
Could you teach me First learn stand, then learn fly. Nature ruled on your son, not the mind.
Speaker 2:I know what you're trying to do.
Speaker 3:I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.
Speaker 1:What is the most inspiring thing I ever said to you Don't be an idiot Changed my life. Welcome back to the Cybersecurity Mentors Podcast. Today we have a special guest, kelly Belding, a seasoned IT and cybersecurity recruiter. She has helped countless professionals land jobs in tech and today she'll be sharing some insights on the job market, trends, salaries and just breaking into the industry. So welcome, kelly.
Speaker 3:Thanks, Steve. Thank you for that glowing introduction.
Speaker 2:You're welcome, kelly. We've got lots of people that have these same questions that we've asked you, that I know they'll be excited to hear your insights and the same things that we hear I'm sure you hear too, right, but you're there on the front lines with people that are trying to get and land jobs in different ways, so it'll be great to go through this today, thank you.
Speaker 3:Yeah, yeah, I'm looking forward to it. I know it's definitely a challenging market, so any way that I can help love to talk through anything that we're seeing.
Speaker 2:Yeah, just tell us a little bit about you. Know how you got to where you are?
Speaker 3:Yeah, well, I live in Tampa, florida now with my husband and two dogs, but actually went to Clemson and lived in Greenville after I graduated. So I was in Greenville for about seven years and I think that's where I met both of you guys through networking, because it is a really small IT community in Greenville and I found here in Tampa even the bigger cities. It's a really small IT community. So I work for Tech Systems.
Speaker 3:I don't know if people aren't familiar. We're a technology services company. We're global but we've got offices in every major city here in the US and we do a whole gamut of services but our number one and what we're known for is our talent services, so staffing and recruiting and helping people find roles and helping our customers get work done. So I've worked with tech for almost 10 years now, which is crazy. I interned with Tech Sister Company when I was in college and got into recruiting that way. But I went to college, was a business major, had no idea what I wanted to do, but through the internship found I was pretty good at the recruiting and in that industry so ended up doing that full time when I graduated. So really enjoyed the IT space a lot more than the construction and industry. So, um, there was never a boring day, but the IT space has been really cool, so so yeah.
Speaker 2:Yeah, well, I have a quick story how my first interaction with tech systems, and this is forever ago, but really literally my very well my second job in IT.
Speaker 2:I showed up I don't know how I heard about tech systems and they were looking for contractors to do this is Y2K, so they were looking for contractors to come in and take out old PCs. I think they were wiping them. I think they used Y2K, as a lot of people did, to spend a lot of money on new hardware. This was at Jacobs Engineering in Greenville. It was cool to work at that place as an engineering company. Literally I was a grunt. I went out and got machines, brought them back and all this stuff and we would help wipe them and stuff like that. But it really was one of the next things that got me the snowball to the next experience, because my next job was at the city of greenville and it was also with tech systems, because that was like a two-month thing but, it but was one of those things you know.
Speaker 2:I don't know how tech systems is now, but it was like there's a lot that happens whether or not you can get the get hired by the company right. So there's some some you know stuff that you got to work out for the contract. But I worked there for x amount of time and hoping that I was going to get hired full-time with them and luckily it worked out that I was able to transition. But I remember. One of the things I remember is I remember arguing with the guy to get an extra dollar an hour at texas. I was like listen, come on man, you give me an extra dollar an hour at Texas. I was like listen, come on man, you give me an extra dollar because I know how much they're charging, you know whatever they're getting paid. I'm like you give me an extra dollar.
Speaker 2:And he finally, you know, caved in, but I mean that really helped me, I mean big time, because I didn't have any experience Right, and I think that's what, as we're going to talk through some of these things like sometimes you got to do these things, sometimes you got to be willing. If you want to get into the industry, you got to be willing to do the tough job and it wasn't that hard, but it was the ground level.
Speaker 3:It was beginning.
Speaker 2:No, it was beginner level so. But you know, you keep building on that, and build on that, and build on that and one day you see some right, yeah, more is true, so hey keep moving.
Speaker 1:That's a great story. Yeah. So if you could describe the IT job market in one word, what would it be?
Speaker 2:Maybe it's temperature.
Speaker 3:I would say over the last four years or five years, so since 2020,. The word I would use to describe it is a roller coaster.
Speaker 1:All right.
Speaker 3:Because each year has been unprecedented. There's always something like no one could have predicted such a spike in salaries.
Speaker 1:A couple of years ago and where we are today.
Speaker 3:Now the market has completely flipped. So I think I think roller coaster, um, it's a good word maybe people will feel a little less crazy for having to ride it yeah because it is. It's been crazy for everyone.
Speaker 2:Yeah Well, and how have things shifted? You know, looking back at 2024, what did that shift look like? I mean, it looks like maybe on the roller coaster kind of going down from a employee standpoint, from where it was up right where it was an employee market.
Speaker 3:Yeah. So it's crazy, it it though just outside of other skill sets, because it unemployment has actually stayed fairly low, I think I would say probably back about a year ago it was probably around two percent and now it's like four percent, I think. I think IT unemployment, thankfully, but even in security specifically, there's still such a discrepancy in the jobs that are open and the skill sets that are available. So, like you talk about, like you have to be willing to take maybe not the job that you want right off the get, have to be willing to take maybe not the job that you want right off the get.
Speaker 2:um, because people still need senior level resources, but the only way to get people experience is to get the jobs maybe that are a little bit more entry level, yeah so well, if you think about the, the kind of ratio of what you guys look to fill, what would you say? The entry level versus senior versus mid, like? What does that kind of pie chart look like?
Speaker 3:I would say about 70% are mid to senior level, Mid to senior okay, technical requests.
Speaker 2:Yeah, so you know that 30%. There's a lot of people that are fighting for that 30% yeah.
Speaker 1:Yeah.
Speaker 3:Yeah, you know that 30%.
Speaker 2:There's a lot of people that are fighting for that 30%.
Speaker 3:Yeah, yeah, yeah, yeah, and but it's still. It's like you look at the data, as I was kind of prepping for for this chat, the there's the number one thing on like CISO and CIO's minds and of course y'all can tell me cause you are those but is how to upskill and reskill, like the teams you have right now, and to fill talent gaps. But it's also a balance of companies having, you know, budget and headcount and the ability to actually bring these people on. So a lot of companies are investing in upskilling their current workforce versus bringing in new people who have the skill sets, which is good if you can get in somewhere. But again, yeah, that's the challenge.
Speaker 1:Got to get in, so basically investing in their current staff to bring them up to the level that they require right.
Speaker 2:Mm-hmm.
Speaker 1:Okay.
Speaker 3:Yeah.
Speaker 1:So does that include training certificates? You name it.
Speaker 3:Yep Training on new technologies, new platforms, new frameworks specific to the security space um, like the zero trust frameworks and everything like that. Um, it's more around training on what's changed. Um, and then, too, you throw AI in the mix.
Speaker 2:Yeah. Yeah, and what to expect and yeah, AI is a hot word right now yeah, we had to say it yeah oh yeah, you have to put it in there, yeah what about um remote versus on-site, like how does that look for you, for you guys? What are you seeing there?
Speaker 3:yeah, we I was talking to some of my recruiting partners because we have a lot of all of our customers are returning to office have some sort of an rto um rollout effective this year. Most of them um yeah. So I think, whereas this time two years ago, weekly we would see 50 new roles, 80 of them will be remote. That is totally flipped. I think we'll see one remote role a week and then 50 of them are some sort of hybrid on-site scenario, especially the full-time. If, like you want, you talked about like, hey, the contract, contract to hire um, if you want to go permanent, a lot of times it's hey, we have contract, you can be remote, but we're gonna need you here, if sure, you want to convert, so gotcha so does that mean that a lot of the remote positions that are now shifting to be on site could potentially be open?
Speaker 3:yes okay, yeah, yeah, like I work with some companies here, um, manufacturing companies, and they just rolled out a 401 schedule and there's some especially in the cloud space, a lot of people don't want to be. I mean, you can do your job from home, but yeah, um, so they don't want to go in the cloud space.
Speaker 1:A lot of people don't want to be.
Speaker 3:I mean, you can do your job from home, right, yeah, so they don't want to go in the office and they're like, well, you know, that's the company policy from leadership. So it's either that, or then they're coming to us like, hey, I think we're going to need to find someone local and then start facing all the other remote folks. I can't speak for every company, but it is opening it up a little bit.
Speaker 2:That's interesting. So if somebody was very flexible and they're like, whatever, I just got to get somewhere and get a job, are there hot areas on location? Is it the big cities? Is it the Atlantas, those kind of big cities, that people okay, if you're open to it, then moving closer to those cities if you want to work and land something or get a job, what does that look like?
Speaker 3:Yeah, I would say for specific industries is how it's going to dictate that a little bit more. So, like financial services, new York, texas, those are definitely the hot commodity markets. I would say I think it's the places probably that people don't want to move to, that would really love to have people. So I don't want to trash any cities.
Speaker 1:We know exactly what you mean. We post positions here at Clemson, south Carolina, a small town, college town, and you know we're happy with like 20, 30 applicants. And we posted a position not too long ago and got almost like 168 applicants and we were like what's going on? Did we like mess up on the pay, like do people think they're going to be making bank here? But it was. It looked like it was a remote position. So we had a lot of people apply but it wasn't. It was hybrid. Um, but that was the main reason. After we kind of went through the resumes and just talking to people, we brought it down from 168 to almost around 30 people because everybody else thought it was remote so we had to disqualify those from the get-go yeah, yeah, that's the challenge and we have that conversation all the time.
Speaker 3:I'd have to be all caps. This is yeah. Who doesn't want to move to Clemson, you know that's right.
Speaker 2:Yeah, that's right. We like it. Yeah, Um so, on the salary, you mentioned salaries a bit like what, what does that look like? You know, have the salaries? Have they shifted? You know for what they, what companies were offering for entry level versus those experienced positions? Are they staying about the same? Like, what does that look like?
Speaker 3:Unfortunately, with the inflation, salaries have not taken that same direction.
Speaker 3:So I think over the last couple years we have seen the salaries level out a little bit, um versus like the huge spike a couple years ago, um the post-covid I mean salaries were were crazy, um, but I think that's part of it too is just when you're getting into the market being open from a rate perspective, um, because that's the hardest thing, I think, especially with, like, new grads or entry level. Unfortunately, the salaries are not what you think they're gonna be what you think they're gonna be. Yeah, yeah so um, I was just trying to pull up yeah, could you give us some examples of maybe some salaries?
Speaker 3:So, but they are. The data does say that IT salaries are up 23% over the last 36 months, but I think that's really reflective of some of the more in-demand skill sets. So AI, data security, is one. I think the the projected top skill set for the next 10 years are information security analysts. They're expecting those increase in requirements for companies to grow like 30 percent over the next 10 years for information security, and I think the next one was ai and it was like 20 something percent. So I do think security is an industry to still focus on.
Speaker 2:But combine the two AI and security. There you go, and then you're really into that, yeah.
Speaker 3:Yeah, but. But yeah, I think entry level security um around salary wise, 50 to 55K would be really good and a good starting point, but I know that's not always. I don't know what y'all think about that.
Speaker 2:No, I mean, that's about where I would say we think about our entry-level positions. That's about where I would say we think about our entry-level positions. I think, like you said, it's a. I mean we had people, we had students that graduated and they're making six figures Now. That was a couple years ago. Yeah, I don't know what they're. I know some of the students that are. They're having a hard time right. They're looking Now. They might be particular or specific about what they're looking for and an area they're looking in, but they're not getting all the calls back that they would before.
Speaker 2:Right, you know like bunches and bunches of interviews and they've got experience, they've been working with us, right. So they're not totally entry level, but I would be. I think, the next round and actually this semester we've got a lot of students that are graduating, so I would be curious to see what salaries. I usually ask them, just not because I'm nosy, because I'm curious what the market looks like, what they may get offered, and just see what that looks like.
Speaker 2:But a lot of them they've interned at several companies, not just us, so it's it's not necessarily entry, entry level Right, but it still is a good measure of like, okay, student coming out of college with some experience and they see what that looks like.
Speaker 3:Yeah, yeah, two, I would say like for a sock role or because I know it's what a lot of your students have experienced and being open from a shift perspective is important too. I know we don't want to work nights, but that's the in demand. We get a lot of requests for that because it's harder for companies to find.
Speaker 2:Yeah and I and actually I've, I think I mentioned this to you I've been kind of recommending knock, sock type jobs or knock jobs even if you don't have just to get in the door number one and get some experience, because those jobs they rotate, because they're off shift and they're weird hours and things like that, and so people don't stay in that role that long.
Speaker 2:Um, so I do think, yeah, I think, if you're open to just get something, just so you can get the experience right the catch 22, then maybe you're going to get that, because people don't want to do it. You don't have to do it forever.
Speaker 1:Right.
Speaker 2:You know, do it six months a year, two years, whatever, but then you've got something to bank on. To move to the next position, Do it with the like you're looking ahead. Okay, I'm going to do this, but I'm already working to the next thing.
Speaker 3:Yeah, I know our generation struggles with instant gratification because we're so used to getting everything immediately. So it is a lot of just adjusting your mindset on. Okay, I can do this now. You can do anything for a year, right, for a year right um with the, to your point, the end goal in mind.
Speaker 3:So yeah yeah, I feel like a lot of come or people are get a little nervous when it comes to like recruiting companies or contracting, like to your original story, um, but that is one of the best ways to get in with companies, because a lot of the bigger companies work with like a tech systems for a lot of contractors because they have like higher volume needs. But the bigger company, the more opportunity.
Speaker 3:So if you can get in, and even in security starting out in a knock roll or, you know, desktop help desk like. If you can get in for one of those roles like, the opportunities from that are huge. And then the networking within the company.
Speaker 2:Right yeah, get in and get after it, show that you're like wow, this person is amazing. Right, don't just get in and be like okay, I'm in.
Speaker 3:Yeah.
Speaker 2:You got to show out Be intentional yeah for sure.
Speaker 1:Well, that matches with what you said earlier about companies investing internally on their people to get them into those positions that they need. Them into those positions that they need. So yeah, like we're saying here, get in the door, bust your behind uh, you know, get noticed, and then they will invest in you and move you around where where they need you or where you even want to go, if you make the right connections within that company. So so yeah, it all kind of matches. So that's good.
Speaker 2:Yeah, for sure um, for those contract roles, do you also? Do you have contract positions for, like sock work? But it's weird hours like what does that look like?
Speaker 3:that's stuff that you guys do try to fill yeah yeah, we work with a lot of companies that want, you know, follow the sun type of support but sock a lot of times you do want that to be in the states, whereas knock a lot of times might be offshore, or something like that sure so, yeah, a lot of our companies we work with will come to us, um, and ask us to own a sock, almost, and so we'll have like 10 plus contractors on one engagement, um, just on different shifts.
Speaker 2:Okay gotcha. Yeah, I was going to ask you about that with the international right Because you know that's an option and I didn't know if they would just yeah, we're going to send this to another country India, philippines or whatever but it does, I guess. What's that back and forth Like? Do you see, companies mostly want to keep security working in the States.
Speaker 3:from what you've seen, yeah, yeah, we definitely do I think more so than other roles like automation, networking. They're not as worried about that. Um security, they will a lot of times, or at least have a mix where you know there'll be somebody maybe taking the tickets, but also someone on call at the same time to do some of the more escalation work. So we are seeing a lot go offshore. But I do think this year, just depending, you know, on the administration and where all that falls, I think we'll start to see a shift back yeah, yeah, yeah, okay.
Speaker 2:Um, one thing I had we had right here is uh is a question about skill sets and, and we're going to talk about, I guess, the more in demand. But before that, what? What are the skill sets that companies are struggling to fill? And maybe it matches to the in-demand.
Speaker 3:Mm-hmm.
Speaker 2:Yeah.
Speaker 3:We see a lot of like security architects which just isn't helpful to someone more entry-level but like if you're looking future state security architects and then a lot of more tool specific in the security space are the hardest to fill, like a CyberArk, a Splunk, like if you can really get to be an SME in some of the more prevalent tools, then I think that's a really good long term career stability sure so sneak and the big skill, big tools that most companies are using that they need somebody that has that expertise they can bring in and hit the ground running yeah, because a lot of companies spend a lot of money which would, again, you all probably do this and have done this on these really expensive tools, because you hear about them and then they have them in their environment and aren't getting the full functionality of it, so they want someone to come in and help them make sure they're getting the fuck, if you will.
Speaker 1:Yeah, Get the return on investment right Make sure you're using it to its full potential. So yeah, get the return on investment right. Make sure you're using it to its full potential. So yeah, and Smee for those listening is a subject matter expert, just FYI there.
Speaker 2:Yes, yeah, you mentioned Splunk and CyberArk. Are there other tools that come to mind Like, hey, these are the ones Like CrowdStrike, things like that?
Speaker 3:Yeah, SailPoint, we see a lot of IAM tools, a lot of the vulnerability tools, vulnerability management tools, threat detection too, I think those, as I was looking at the highest demand skill sets, those came up a lot okay, yeah, gotcha, and you mentioned before clouds, like it's still a big one more for mid to senior, but that's a big in demand.
Speaker 2:Uh, positioning type or skill set right yeah, yeah.
Speaker 3:Cloud security too. We're seeing that. More dev sec ops. We're seeing a lot more um, whatever people think that means yeah, it, yeah, it changes depending on the person yeah um, but yeah, just someone who's has that security mindset but has the cloud experience people really want, because it's you set up security as you're setting up your devops environments and it's a lot more um, obviously secure for sure yeah, it makes sense um I would say are there any?
Speaker 3:sorry, go ahead. I was probably gonna answer the question you're about to ask. But the easiest skill sets from a security perspective to get into and to get down that to the SME are within Active Directory and more on, like the more entry level IAM. So don't be afraid to take a role that is again on help desk or desktop where you're assigning permissions or you're doing stuff like that, because that is really relevant in how you can get more into a security-based role. So Active Directory IAM are good.
Speaker 1:That's great. Yeah, that's really good advice, so I wanted to kind of were you going to ask something else, john?
Speaker 2:I was just going to say. Are there any industries that are hiring more than other industries?
Speaker 3:Yeah, great question, I would say, and I feel like we'll probably talk about certifications too. So this kind of can go.
Speaker 1:Yeah, that's next yeah.
Speaker 3:But the from just government, anything related to you said city of Greenville earlier, local government, federal government too, like if you can get, if you have a security clearance somehow.
Speaker 3:that is a really really good industry to get into and pretty stable, because a lot of the funding I mean you never know but unprecedented times, but a lot of normally yeah, a lot of the programs are funded for five plus years and then you get a lot of experience and they take a lot of entry level people if you have a clearance and a security plus or something like that so I would say if you can get into that sort of industry, it would be really good. From an entry-level perspective, government um financial services has been pretty good a lot, specifically compliance um so grc stuff yeah, yep, highly regulated industries are good because compliance skill sets are another high demand one.
Speaker 3:I can't remember if I mentioned um, so health care services. A lot of those more heavily regulated industries are definitely more active right now.
Speaker 1:Okay, great yeah, thank you keep going with certification.
Speaker 3:So are you seeing companies prioritize technical skills over certificates? Or in school, like real-world experience that's applicable to the jobs you want is definitely going to help you more than a certification, which I know it's hard because you can't control that as much. But there are some certifications that people do value, like when you look at, like I said, a Security Plus, I think it's just a good. It shows initiative, it shows that you can apply and study and learn. People like to see that. Maybe a Network Plus, but I think not as much. And then the CISA. From an audit perspective, that is one that people will ask about a lot. Okay Again, especially when you get on the GRC side, they do like to see more certifications there, but we still see experience more than certs and degrees.
Speaker 3:I think most of the industry has moved past wanting a bachelor's degree or associate's degree, so that's definitely not as important.
Speaker 2:Always good yeah.
Speaker 1:No, that's great because even for us, when we're hiring, I mean it is one of like the hr requirements for your degree but, or whatever. But it's, um, it's not something we pay too much attention to. It's more on experience. If they have certain keywords within their description of their previous jobs, right if they they work with splunk, or if they work with a vulnerability scanner, like those things, or even just general it if they work with a vulnerability scanner, like those things, or even just general IT if they know Windows Active.
Speaker 1:Directory Linux. That really stands out more than oh yeah, I went to Clemson and got a four-year degree, so absolutely that kind of matches with what we see as well. So what are so? You kind of mentioned already some certifications that you kind of see as valuable. Are there any others to that that maybe are not to so much entry level but maybe mid to higher level for those who might be wanting to move up the corporate ladder within security?
Speaker 3:Yeah, a CISSP still holds a lot of weight and is incredibly impressive. So I think working towards that would be the one that I would say is still high regard. So do you all have CISSP.
Speaker 1:Mm-hmm.
Speaker 3:Yeah.
Speaker 1:John took it twice.
Speaker 2:Passed it twice.
Speaker 3:I didn't say it, okay, okay, no, no, no.
Speaker 2:I took it originally a long, long time ago and then I let it lapse and then my boss was like hey, I really want you to get it. I'm like I don't want this. I was like no, we want everybody to have it. So then I took it again passed it, so double sacrifice. I should have a little thing, a little square it's.
Speaker 3:I-C squared, I'll square.
Speaker 1:C-I-C-squared. It's I-C-squared.
Speaker 2:I'll just be C-I-C-squared. There you go.
Speaker 1:Yeah, and for those who have taken it or those who are studying to take it, it is not easy, it is not easy. And for John to have done it twice successfully, that's a big deal.
Speaker 3:Yeah, yeah, and because you have to have what like a certain number of working hours too, it's like five years experience and one of like the seven, eight domains or so. Yeah, yeah. So definitely keep that in mind and keep track of that, as you're early in your career for sure, because I do think if you want to get into a leadership type of role within security, that is important to have question about cloud.
Speaker 1:So I actually had a gentleman I've been kind of mentoring and he's looking to get into cloud and he was asking me a great question, which I will now ask you is there a certain, I guess, flavor that's more popular? Aws, azure, google, ibm? I mean there's so many out there, is there one that's a little more, not better, but you see more opportunities for than others, yep.
Speaker 3:Yep, that one does actually depend on industry, which has been really interesting, I will say, just with the nature of Microsoft's whole suite of products and services. We do see a lot of Azure, just because it's more. You already have an EA with Microsoft. It's just a barrier of entry for a lot of companies and they have a good relationship already. But we do see a lot of AWS and GCP as well. They're definitely gaining a little bit more market share, I would say, but there's a lot of companies that don't want to work with AWS because they compete with an Amazon. So it's very interesting from an industry perspective. But we do see a lot of Azure, I would say, and those are some good certifications to get to. Like, I took, like, the AWS cloud foundations class and and got that certification. So if I can take that, then someone who's who's looking to get into it. Technically, I think that's a good just place to start too, and people do do like to see more cloud certs outside?
Speaker 1:Okay, perfect. Have you seen anything with AI that you could share that could help others kind of get into that area?
Speaker 3:Yeah, a lot of companies are still trying to determine how they want to leverage AI within their environments. To leverage ai within their environments and a lot of what the focus has been is just figuring out easy lift use cases, because it's been around for a little while, like in the help desk capacity, chat bot and stuff like that but it's more of like how can we really leverage the generative ai, because it's a lot more around like how people can look at their data more quickly and build out models to digest all of that. But we like tying ai into security.
Speaker 3:We're seeing ai initiatives owned by security leaders okay I don't know how y'all are doing it at clemson but, like a lot of companies we work with, the cso is a huge part of ai within companies, because they're the ones that need to make sure there's guardrails and all of that in place, so even in security. I would just try to learn how AI ties into that.
Speaker 2:Yeah, I would say we're trying not to be the leaders, but we're definitely in the conversation and trying to be the guiding principles of data security and privacy. Luckily, we have a chief privacy officer that I can lean on and helps us. But understanding the data security pieces of it and what people are trying to do with it and what the risks are so, from a security perspective, being able to understand what the risks look like so that you can communicate it to leadership and others, like when they're asking you well, hey, this thing has ai in it. Everything now has ai in it. What are you guys okay with that? And just being able to help them, inform them on what those risks look like so that they can make a better informed decision. Right, so we don't want to be like the this is the AI we're going to use, but as they're looking at at ones to use, um being part of that conversation, so that would be what I would recommend understanding it that way.
Speaker 3:Yeah. And then, when you look at it too specific to hiring and finding a job, a lot of companies are using ai to like as in their tools to go through resumes. So we always just say, like I think there's a lot of a question a lot of times of do I just send one resume to a million roles or do I, you know, customize my resume for very specific roles? It is always a balance of both, but a lot of companies are using keyword and buzzword AI tools to sift through resumes so you don't have to go through 168 yourself.
Speaker 3:So if you don't have keywords that match the job description, then your resume isn't even going to get seen.
Speaker 2:That's a great point. I would say analyst steve. I know he's he loves looking at resumes, but I think if you take that to what you just said, kelly, and think about how do I maybe don't fully like redo a unique resume for everybody, but make sure that you do match it closer to what the position is looking for and look for keywords that they are mentioning in their job posting, would you say that that's accurate?
Speaker 3:yeah, yeah and use. I would try to find jobs that look really in line with what you're looking for, um, and that are feasible for you to get, based on your experience, and use those roles to help you build a resume that you can use more than once. Because then you kind of see the vernacular and what companies are writing in job descriptions to make sure your resume has those, because you might have done something that you aren't putting on your resume because you don't quite remember it. Then you see the job description of a role that you think you'd be a great fit for, so you can use that and then you can use that resume for a lot more roles. So definitely take some time to go through the posts on LinkedIn and see what companies are looking for to help you build that resume that you can use.
Speaker 1:Great Perfect, great advice that you can use, great, perfect. So, along those lines, are there things that you have seen in people's resumes that are, you know, like red flags or things that are hurting candidates chances?
Speaker 3:Yeah, unfortunately a lot so you want sharing some of those.
Speaker 3:This is great, because I do think people don't always think about that um, a lot of how you shape your resume. I think if you have less experience, the, the summary and the skills are important, but you want the last thing you want to do is have a huge, long skill section and then your experience be this long with none of the skills that you said. To do is have a huge, long skill section and then your experience be this long with none of the skills that you said. I think that's probably the biggest red flag, because we talk about buzzwords a lot, but people will put buzzwords just because they want to get the job and then they can't put that in their experience.
Speaker 3:So you want to make sure you can speak to anything on your resume like yes, we want to put the buzzwords in, but if you don't have it, you don't have it. So that's one of the biggest complaints that we get is that people see a resume, they love it and then they interview the candidate and they can't speak to anything on their resume in depth so yeah.
Speaker 3:I think that's a big one. It is. A lot of companies will look at tenure. So if you have a lot of roles that you've only stayed at for short stints, job tenure is definitely still valuable in the industry, even though the average tenure in IT now, I think, is 18 months, which is a little crazy, but I think you want to. At least. That's definitely a red flag if you've had a lot of different roles, like full-time roles that don't last, so just being able to speak to reasons of leaving or if it was a project or whatever. But yeah, those are probably the biggest the biggest red flags, I would say Okay, perfect.
Speaker 3:Misspellings.
Speaker 1:Well, with AI out there, I mean you should you know that should be. The last thing that's wrong with your resume is misspellings grammar, I mean, you know, but yeah, we, we, we see it too, we see it, yeah.
Speaker 3:So then one other thing so we kind of talked about some of the red flags. Are there anything that you would say that maybe someone getting started like you're 54 times more likely to get a role if it's a referral of some sort? So don't like minimize the importance of connections. So even if it's someone, it doesn't have to be someone on this team specifically in it. Security.
Speaker 3:So, like maybe your neighbor works at the company that you're trying to get into, just having a conversation with them and seeing if they, you know, can go talk to HR and have them just look at your resume, cause again, it's a lot of applicants really easy to get lost. So really leveraging LinkedIn, mutual connections, not just in IT, within any industry, I think I would say Even like in what I do, is because I try to meet with a lot more and more companies and more IT and security leaders and no one's going to meet with me if they don't have a referral or know who I am. Um, so it's the same in the job search, like anything like that helps. So, and then to networking groups like ISSA, specific to the industry. I know it's hard to go to, you know, younger, nervous, but that is the number one thing.
Speaker 2:They're worth it, yeah, yeah and on that, like I've heard people tell me, like you know and I, that's one of the first things I usually go to is, like, how is your networking? What does it look like? You know, we say networking is king. We're going to get T-shirts that say this, but I like the 54 times more likely, right, 54x. That should be something that just stands out to people's mind.
Speaker 2:How do I work on your stuff, work on your skills, but you have to work on your network, right? And I'm curious, kelly, this is what I told people Right, like you said, reaching out to people, look at these companies that you think are interesting, or maybe people that could be hiring managers for the position you want to be. Like, say, you want to be a SOC analyst, reaching out to SOC managers and even if they don't have positions available, but you can just build those connections and say, hey, this is where I am, this is where I want to be. Um, you know, what would you recommend I work on if I were to come work for you? And then just also just networking in general.
Speaker 2:Like, get to meet people because everybody knows somebody, right, six degrees of kevin bacon, right? So everybody knows somebody and if they see you're connected with so-and-so and they look at your LinkedIn profile. Oh, maybe I'll hit them up and see what their experience is or how they know you. Yeah Right, so do you guys coach people in that way? What do you tell people when you ask them this question Like how are you networking and what are you doing? Yeah, when you ask them this question like how are you networking?
Speaker 3:and what are you doing?
Speaker 3:Yeah, definitely finding mentors within companies that you would want to work for and within your skill sets, but also, too, like, if you're applying for a job, that internal recruiter, don't be afraid to reach out to them on LinkedIn, just like just another way to get your name in front of that person, um, so they can see that and then cause LinkedIn is is the number one tool utilized within the recruiting industry, um, and so I would do that, um, and don't be yeah, to your point.
Speaker 3:Don't be afraid to message people directly internal recruiters and then working with recruiters again, we, like I know you, you all from from working together over the past few years, and there's a lot of people that we meet with or know that we can help from a mentorship perspective, even if we don't have an opening, that is a good fit, and a lot of times, like, our delivery teams will hear stories of like, yeah, I just got this person placed at this company, I started working with them two years ago, I started working with them a year ago, so those relationships do pay off, even again, if it's not instant.
Speaker 2:Yeah, sure, I got a question about LinkedIn. So if LinkedIn is so important which it is what I guess kind of like your resume, right, how do you do you what? What do you guys coach people from a linkedin profile perspective of like, hey, your, your linkedin is going to be looked at um do's and don'ts or red flags, anything you would say to somebody?
Speaker 3:yeah, the, the first reason I won't call someone a candidate back is if their LinkedIn does not match their resume. So definitely make sure dates line up, like that little stuff to make sure, um, that fits. And do you have a question on that?
Speaker 2:No, I was gonna say double that. Everybody needs to listen to that again.
Speaker 1:Yes.
Speaker 2:That's a. You need to highlight that one in bold. Yeah, kelly says she will not call you is if your resume does not match your stuff in your in your linkedin profile or vice versa um so pay attention yeah yeah, keep going it is not facebook, so just to be very cognizant of it being a professional networking site.
Speaker 3:There's always a personal aspect to everything I understand that but definitely have it lean more professional, because a lot of companies are asking us to send the LinkedIn profiles with candidate resumes, so I would have an updated picture that you know is professional. I probably need to update my picture, honestly, um, but but yeah, even if you don't have a professional headshot, just have someone take a picture of you, you know, in a, with a white wall behind you or whatever. Um, cause, a lot of people are looking at that.
Speaker 2:Don't use your old wedding photo that you're in years ago that you were the groomsman or bridesmaid.
Speaker 1:I see a lot of those You're. You're calling somebody out, john.
Speaker 3:I'm calling someone we know and if they're listening to this, this is your time, um, and people do look at endorsements and skills, and people do look at endorsements and skills. So, even like you all, as you're mentoring people, I think if there's people that you can give endorsements to on LinkedIn, people do look at that a lot. So it holds a lot of weight, yeah, I haven't thought about that, that's good. Yeah.
Speaker 1:Yeah, yeah, we need to up our endorsement game John I know that's awesome.
Speaker 2:Steve, do you have a question? I have another question, one that I'll keep thinking about, but I'll let you go.
Speaker 1:Yeah, no, I just wanted to say thank you for basically saying what you just said about LinkedIn, because it's what I've been telling everybody, and now it's not just you're not hearing it from me, you're hearing it from a very, very reliable source. Linkedin matters, it's not Facebook.
Speaker 1:Put a picture on there and make sure it matches your resume and it is important because I've had a lot of young mentees ask me do I really have to do a LinkedIn? I don't like social media, I don't like this, I don't like that, and I get it. But yes, you do. It is a tool that will help you tremendously, especially with networking. You've heard it here, so, yes, it is important.
Speaker 2:Thank you, kelly. Yeah, keep it professional.
Speaker 3:You don't have to get all like you said, it doesn't have to be you got to go in there and post something all the time, but you want to look good if somebody goes and looks at it. Yeah, yeah, repost articles and in the space that you're in, and yeah. So, oh, there's something I was gonna say. Now I can't remember.
Speaker 2:No, that's okay, I'll ask you about ghost posting. So this is the question I get? I asked you this already. People are like you know we're trying to apply and how many of these are even real postings and it is a thing you told me like it is a thing, um, so tell us what this is and how. What do people do to try to deal with that or get around it?
Speaker 3:yeah, it is a huge problem that's really prevalent in our industry too specifically. So we had our corporate send out communication around how important it is to make sure that if you're putting up a job posting, there is an actual job. So I think companies are definitely trying to get a lot cleaner around that, because some people do just hey, we might have a role down the road and we want to make sure we have a good pipeline of candidates for that and then a lot of times companies do post they have to post a job that they already have someone identified for, which is that is normal and that is frustrating, though as a job seeker, cause they have to post it for that person to apply.
Speaker 3:So that does happen. They have. You know, don't get too upset with yourself if that happens. But, um, there's a lot of scammers in our industry, for whatever reason. Like we had a I had a manager message, one of my partners and with a screenshot, like did you text me this? And it said hey, this is Leah from tech systems calling you for this. And she was like no, that's not me. Like that was a humor.
Speaker 3:So be alert, stay alert. Um it's and it is kind of hard to kind of discern, but look up the company um a lot of times, if it's a true posting, it'll pop on a lot of different job boards so and you'll be able to see the company. Um yeah, and if it's a an agency, they should have you know contact information for you to call a recruiter to apply. So. But there are definitely that out there. But don't let it discourage you, because it is just happen.
Speaker 2:Yeah, I will say for the, for the postings, cause you know we do have to post most jobs, that we may even have an internal candidate that we're interested in, but it we we like to see you know what's out there. You know it's not a guarantee we may have a great candidate that comes in external and it's like this person. This happened recently.
Speaker 2:We thought we had somebody internal that was going to be the person but we had an external candidate that just had better skills, more experience, and we went that route. So don't be discouraged. Like you said, kelly, like you still have a chance. Um, it can be hard because what you know with this internal, you know the person, you have some experience to rely on, you can see, you can ask their managers how they've been right. So there is some advantages for sure. That's why you want to get in and try to move up. But we have done that before too, where we thought we had an internal candidate and it turned out we went with an external candidate.
Speaker 3:Yeah, that's a good story.
Speaker 2:Yeah.
Speaker 3:All right.
Speaker 2:Yeah, I was going to ask one last thing. So what's the best way for people to network with?
Speaker 3:someone like you, you like recruiters. Like what would you recommend there? I would try to find someone local that you can meet with again. Every tech systems is back in the office, like we're all trying to get more, you know, back to the face-to-face um, and I think like there's some, there's some really good recruiters in Greenville. I mean John, probably the recruiter that you worked with back in the day is still there, like he probably is but I'll be like dude.
Speaker 2:you remember that dollar you wouldn't give me?
Speaker 3:Yeah, Um, meet with them, you know, face to face. Like I said, like tech has an office in every market mostly, and a lot of recruiting companies do so, try to find a recruiter that you can meet with face-to-face Because, again, that's the recruiter that, even if they don't have something for you now in a year, they're going to call you because they've got something. Versus, if you just have one phone call and you're just one in a million other, you know, trying to get, because we're still in the people business and so the more relationship you have, people inherently want to help. So I would say, search, you know, a tech systems or whatever you know recruiting company that might be around in your local area. Um, we are specialized from a skillset perspective, but any recruiter can really help and so it could either be an account manager or a recruiter in your local market. Um, and I'm happy to connect anyone to, to anyone I can look up and see who would be a good, good resource wherever you want to find a job.
Speaker 3:So definitely feel free to share my info and I can help connect some folks wherever.
Speaker 1:Awesome. Thank you, we will do that.
Speaker 2:Yeah, this has been great. Kelly, thank you. It's not a wake-up call, but it's a level set Like, hey, this is where we are, don't just get caught up in the hype. There is demand, right, there is a need, and it looks like it's going to continue. But you may have to do the hard things and then not the perfect opportunity and you may not get paid what you think you're going to get paid, but you know it's you got to build on something it's a journey where you can absolutely.
Speaker 2:It's a journey when you can, absolutely, it's a journey.
Speaker 1:So, kelly, thank you so much. We will share your information in the notes here so people can reach out to you. But thank you again so much. This has been very, very informative. Our listeners are really going to enjoy this. So any last parting words of advice from you, kelly, no.
Speaker 3:I don't think so. Thank y'all for having me. This is fun, go Tigers. I guess is what we'll end on.
Speaker 1:There you go, there you go Go, tigers. All right, thanks everybody. Well, thank you See y'all. Thank you for joining us on season two of the Cybersecurity Mentors podcast. So this season we dove into today's job market and heard from Kelly Belding about what it's like to work with an IT recruiter.
Speaker 2:Yeah, we talked about the essentials for landing your first cybersecurity job with Daniel DeLeon and mastering tools and skills as a security analyst, and we went through two cybersecurity journeys with Ryan Rath and Max Harley. We even explored the strategic insights of a couple of CISOs Frank DiPaola and Andrew Wilder.
Speaker 1:So thank you all for your support and helping us continue our mission of mentoring and helping build the next generation of cybersecurity professionals.
Speaker 2:So stay secure, keep learning and stay tuned for season three coming soon.
Speaker 1:Thank you for tuning in to today's episode of the Cybersecurity Mentors podcast.
Speaker 2:Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.
Speaker 1:Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.