Landing your first role in cybersecurity can feel like navigating a maze designed to keep you out. It’s increasingly common to find job postings for “junior” positions that paradoxically demand extensive experience, often five to ten years, specific advanced certifications, and sometimes even a PhD or Master’s degree.
This creates a significant hurdle for individuals genuinely looking to enter the field. How can someone gain years of experience if entry-level roles require it upfront? The situation often leads to frustration for aspiring professionals and contributes to the widely discussed talent gap in cybersecurity.
Many speculate on the reasons behind these unrealistic requirements. It could stem from poorly drafted job descriptions, a misunderstanding of what a true entry-level role involves, or an attempt to use stringent criteria as an initial filtering mechanism. Regardless of the cause, the effect is the same: it discourages potential talent and makes starting a career feel unattainable.
Instead of demanding ready-made experts for junior positions, the industry needs to focus on building realistic entry points and fostering growth. Hiring for potential, aptitude, and foundational knowledge allows companies to cultivate skilled professionals from within, addressing the talent need more effectively than searching for the mythical “junior” candidate with a decade of experience. Creating clearer pathways and providing opportunities for on-the-job learning are crucial steps toward building a robust cybersecurity workforce.
Source: https://go.theregister.com/feed/www.theregister.com/2025/06/13/infosec_employers_demanding_too_much/
