as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
this is significantly different than when the program started (around 2015 or so), where roughly 4/5 of the graduating class had jobs (specifically in cybersec) lined up at the time of graduation.
cybersec is a bit of an outlier, but i see a similar trend with the networking program and game design program as well (the only other 2 i have first-hand knowledge of)
its rough out there! (i am recommending to my kids that they avoid post-secondary)
I think that's a mistake, unless you mean "and go into debt for college". Working with many people over the years the educated (in STEM) are noticably better quality than high school or bootcamp folks on average. Work ethic or amount of code written is not an issue, just the general thinking through of problems.
well, yes. i am not rich. they would need to take loans. and from what i am seeing, they would likely end up working in the exact same position as the 19 year old who decided to go directly into the workforce.
i will, of course, support them no matter what they decide. but when we discuss options, i emphasize skilled trades, or working for a few years before committing themselves to tens of thousands of dollars of debt to very possibly end up in a position that doesnt require the schooling.
i am just not recommending it as a first choice to my kids. i remember how it was presented to me: "go to post-secondary or be stuck burger-flipping forever."
this is also just one random teacher's opinion, where 99.9% of the context (e.g. academic history of my kids, aptitude, my experiences as a teacher, my location, etc.) are missing. so, mountain of salt and all that. my recommendation is specifically a recommendation for my kids.
> as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
What is the curriculum that is being taught in your program?
If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.
its not, and up until recently (~2 years or so), the majority of our graduates were instantly picked up.
I feel a lot of hiring reflects that as well now - if I want a SWE to build a runtime agent I'm better off hiring a new grad from UC Berkeley who took CS162 and CS161 versus someone who took a summary course but doesn't understand how ld_preload works. Similarly, if I was doing AppSec for WebApps/OWASP I'd rather hire someone with an actual bounty track record on HackerOne instead of a bootcamp grad and potentially even a degree holder.
My best hiring pipeline have either been Vets who were in a Cyber MOS with a couple years of hands-on experience and then did a WGU type program (the WGU program was just a checkbox for HR) or successful bounty hunters with a strong track record on HackerOne or Cobalt.
we understand the importance of meeting the employers where they are at, so once a year we meet with ~15 industry partners (people in your position) and ask them directly questions like: "of your recent hires, what are they missing?", "what specific skills do you think needs more focus?", etc. that informs any changes we make for the following year. we have dropped entire courses and spun up new ones solely from industry input.
we also understand the importance of hands-on experience. it is probably the most common feedback we get from people in your position. we have a giant lab so kids get experience wiring up and configuring real physical appliances instead of doing it all in packet tracer or whatever. we have a bug bounty club, we attend and host hackathons, etc. courses are split roughly 50/50 between theory classes and practical classes. practical courses are mostly focused on "fix this shitty/vulnerable implementation of X" or "here is an existing environment, propose and then implement something that addresses X problem in the least-disruptive way" rather than "here is a fresh start, implement X in this perfect environment".
i dont want to give too much detail (e.g. course names and progression), as i would probably end up doxxing myself. but as someone who started off in the industry and then moved to a teaching position later in life, i am 100% with you. people who have real experience (e.g. a vet with cyber experience) are almost always going to be a better hire than a fresh graduate (i think this is true in any industry, and has always been true -- so it doesnt explain the change). but my job is to try and close that gap, and i think we have made good progress along that path. we are absolutely not a 6 month money-grab program.
i hear this online a lot but never from the companies and hiring managers that hired our cybersec students for the last decade.
keep in mind, this is not a 6-month "intro to cybersec" or bootcamp-style program.
If I were running your college's program, I would invest in a presence at Defcon. If just one your students could use their skills to uncover and present something genuinely interesting, it would be worth covering their airfare and accommodations just to get your logo on the screen. If you could do this every other year, your program would have an unparalleled brand.
part of our success over the years has been due to our reputation building, presence at local/state/national conventions, etc. that is exactly why the sudden downturn in hiring has been eye-opening.
Certainly I'd avoid an expensive standard university to start unless they have an obvious path. I'd recommend the local community college for 2 years to get an Associate's Degree of some form though with an eye on heading to a university for the last bits.
It's become harder to vet undergrads in the US for specific subfields because of either a lack of preparation or subpar career services.
Additonally, at least in CS/CE the number of candidates have skyrocketed, but the reality is most companies can limit new grad hiring to 10-20 target programs nationally and 2-3 local programs and get the talent pipeline they need.
Why? In my opinion a new grads can do good work and they take very low salary.
Doesn't mean will, and if their work isn't good the low salary isn't particularly beneficial.
And you will only be happy of course because it’s above you status to worry about the upsetting things.
I'm surprised that one goes into a field as small and competitive as art history in these days.
Museums, how many relevant art related roles can there be nation wide?