U.S. has almost 500k job openings in cybersecurity

How many of those job postings list a CISSP or 5 years for an entry-level job that pays $70k? This is stuff I see often.<p>I have extensive experience in cloud security environments, have done IR, DR&#x2F;BCP planning, passed SOC II audits, and have security cert(s). But I&#x27;d have a hard time finding a security engineering job that pays similarly to what I get paid currently as a support engineer for AWS&#x27;s security services. And that&#x27;s largely because most security jobs I see are asking for unicorns willing to get paid substantially less than other IT disciplines.

I&#x27;ve reading about this &quot;security professionals shortage&quot; for quite some years, yet the reality is that there is no such shortage.<p>And I think this is even expandable now to any IT field. People keep saying about shortage, but what I do see is exhausting hiring process most people just don&#x27;t want to deal with.

Well, since ultimately this involves codewords dancing around the &quot;don&#x27;t want to pay proper wage&quot;, America&#x27;s companies should instead hand their security over to outsourcing firms like they do with everything else that is IT related?<p>What could go wrong? Make sure to diversify to China, Russia, Eastern Europe, Malaysia, Israel etc.<p>Oh does that sound like a bad idea? The fact is as soon as the main systems development is outsourced, you might as well have outsourced the security too.<p>Probably why most enterprise security is a bunch of people buying Cisco appliances and formulating checklists and policies and don&#x27;t even know specific vulnerabilities or the safety degree of various algorithms.<p>And of course, their main job, making powerpoints for upper management and occupying seats&#x2F;budget such that when leaks or failures occur upper management has plausible deniability.

I am a Sr. devops engineer and have been looking to transition to a devsecops or even some sort of security ops role for a YEAR. I am willing to take a pay cut and move to a more junior role but I can never pass the HR filter of “prior security experience needed.”

I wish these supposed jobs existed when I finished my degree for going into cybersecurity, unfortunately EVERY &quot;entry level&quot; job required 3-5 years experience. It&#x27;s probably exactly the same today. Now I work in electrical engineering, because the position requested (not required) a background in IT and my hobbyist experience was enough to satisfy the rest of the requirements.

Discussed 3 days ago:<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27219156" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=27219156</a> (88 points&#x2F;94 comments)

&gt; &quot;It just requires someone who has the proper training, proper certification<p>Certification? I don&#x27;t think so, why would you even...<p>&gt; Tim Herbert, executive vice president for research at CompTIA.<p>Ahhh... it&#x27;s an advertisement for a bad certification program.

Meta on the comments: While it&#x27;s true that the salaries are unreasonably low, it doesn&#x27;t mean that there are 500k Americans capable of doing cybersecurity work just waiting for the right paycheck.<p>There can be _both_ a worker shortage and unreasonable salary expectations. A labor market will always have slack on both sides, but even at the extreme, there could be 10 cybersecurity experts, and you&#x27;d have people saying &quot;Oh, you can find workers, you just have to be willing to pay $100mm&#x2F;yr.&quot;

I don&#x27;t know any security professionals. Is this something that a mostly-self-taught software engineer could get a job in? What are interviews typically like?

The salary they mentioned in the article is too low when the downside is millions in payout

Well that oughta get all those waiters and cashiers off unemployment.

No one wants to pay big money to improve the talent in a cost center.