On a lark, I decided to do a CompTIA Security+ prep course and found it so basic that I skipped right through several modules. Not that I'm particularly interested in security work, per se, but perhaps I should scoop up the certification if it's in such high demand.

If a job description fixates on certificates, it's usually a sign that no one in the hiring pipeline actually understands the role. Expect to work alongside people who bought their certs, memorised multiple-choice answers, or got waved through because HR needed a checkbox ticked.

And if they clock that you’re actually competent? Brace yourself - you’ll get all the work, none of the credit, and probably be told you’re “not a team player” when you burn out from carrying dead weight.

...or eventfully fired because you're a threat to the favored son and making them look bad.

My philosophy these days is sod it all and let them burn.

Recruitment offer that demands you to be young and highly qualified and experienced at the same time ? What a surprise.

This has been going on for decades already. Companies want to put you to work and pay you peanuts for the priviledge. Everybody knows the stupidity of this, but somehow it keeps on happening.

I suspect that some of these problems can often be laid at the door of ISO 9000 and its friends and relations.

Scene: Quality manual is being written

Wallah 1. We come to minimum experience need for any job.

Wallah 2. It can't be just anybody. All jobs must be done with somebody with good experience.

Wallay 3. How about 5 years?

Wallah 2. Sounds good to me. Should that be the current version of whatever it is they're using?

Wallah 3. That must be right. In fact current versions of anything should always be used.

Wallah 2. I'll go along with that.

Wallah 1. And me. I'll put that down.

And hence we have a requirement to use stuff which is never more than 2 years old and those needing it need to have been using it for at least 5 years.

been this way.

Technology X is released to the public.

5 minutes later the job ads start appearing Senior roles : must have 5 years+ in technology X, junior roles: 2 years experience in technolgy X (plus a master degree in comp science and 5-10 years in a developers role, ideally aged 21 or less)

Cynical? and there me thinking the was my middle name

The real kicker is that questioning or commenting on the contradictions and impossibilities makes you ineligible for the job. You are marked as "person questions authority" and that disqualifies you immediately.

Then again, do you really want to work for a company that prides itself in the employment of people who constantly generate such contradictions?

Of course, if the company also has a BOFH with more than 10 years of lift-shaft maintenance, a qualification in applied quicklime along with a sideline in rolled-up carpetry, there may still be hope for the place!

Potential employers seem to try it on all the time. But if they're failing to recruit, presumably all those highly-paid HR "professionals" are there to align their candidate requirements with market reality. Or is that an unfair expectation too?

Definitely unfair to expect HR staff to do a good job of HR. By failing to recruit, they make the case for more HR staff - an empire under them and a comfortable pension. Oh, and guess who wrote the ticksheet? HR!

...techies were not known primarily for their 'interpersonal skills'. This used to be a sector where you would treasure your ever-so-slightly aspie Linux geeks, even if they want to work at home, in glorious isolation, communicating only with the mothership in Klingon.

But now (outside India) they are seeking clubbable folk with interpersonal skills who yearn to work in teams, excavating the nether regions of server code in a spirit of caring, sharing togetherness. Oh brave new world!

Interface layer needed.

Oh god, the horror.

So glad I’m no longer in this field.

Under UK law, autism is a protected disability - so rejecting someone with ASD for lacking vague “interpersonal skills” that aren’t essential to the job can be grounds for disability discrimination under the Equality Act 2010.

But let’s be honest: corporations don’t want the best minds - they want compliant personalities who smile in meetings, nod through nonsense, and tick HR’s “team player” box. It’s not about ability, it’s about cultural obedience. If you’re brilliant but don’t perform the corporate social ritual, you're out. Because nothing threatens mediocrity like competence without deference.

...if at least some of those jobs are ones that were already filled internally but due to regulations they're required to post a public listing, and so set ridiculous or conflicting requirements to keep anyone but the pre-chosen individual from applying.

You bet a fair percentage are, for sure.

Compliance theater.

The cybersecurity hiring crisis - where companies want junior staff with senior certs, five years of experience, a spotless record, and the willingness to work for public-sector wages because "pensions". Newsflash: pensions are a 1980s relic. By the time most people cash them out, they'll be half-crippled from stress, redundant by automation, or dead. What exactly is the personal upside here?

Cybersecurity isn’t just a job - it’s a constant arms race. To stay sharp, you pay out of pocket for certs, run your own infrastructure, rent boxes for testing, keep up with threat intel, toolchains, legislation, and whatever AI-generated malware just dropped. Meanwhile, companies treat talent like disposable assets, with layoffs every quarter and HR still wondering why no one’s loyal.

The only reason you still get applicants is because some people genuinely love the work - and they have to eat. But don't mistake desperation for pipeline health. If you’re not paying for training, stability, or respect, don’t be shocked when your “junior hire” ghosts after six months or couldn’t spot a backdoor in a broom closet. You built this problem. You're just mad it's costing you now.

I have to say that I agree with absolutely everything in your post.

Although I am getting close to pensionable age, so I'd rather it wait a bit longer to become a true relic.

I spent a few years as security lead for a product that I'd worked on as a developer. I knew the product, the team (dev & QA), had a good idea of where security issues might turn up. It was an interesting and fun job, even the visit to the SVP's staff meeting for a mea culpa after I (and fortunately not a customer) found a serious security issue in a new version that required a stop-ship & new release.

Then came promotion to security head for the wider organisation. I was a sort of policeman for products and teams that I barely knew, and who didn't like an outsider telling them how to 'do' security. I had the experience, but nor the formal qualifications, and getting those was tedious and uninteresting. Some of the products were appalling, some were very solid and secure, but neither liked an 'outsider' supervising them. Soul-destroying work, even with the teams I knew and liked. I stuck it for a couple of years & then left for something that allowed me to look forward to going to work again.

Yep, once the silos form, it's all over but the shouting.

Offering 60K US and wondering why they got hacked, but for sure they know who to scapegoat.

80K if you're lucky. And no, that is still NOT a lot of money these days.

You could make much more as a sparkie. No CVEs, no threat intel feeds, no 3am breach notifications - just stay vaguely up to date on building regs and show up with tools. Can’t work from home, sure, but you also don’t get blamed when a FTSE 100 gets popped because someone reused "Analbeads2023!” as a password.

Yeah, in theory and for sure less stress, but wages are not keeping up in the USA, but actively going down across ALL professions.

Companies provided training. They had enough smarts to realise that engineers didn't hatch from the egg knowing all they would ever need to know, and that if they provided training not only would they get competent engineers (or weed out the incompetent early) but they would be trained in the way that the company did things and so could be reasonably expected to work in the same way as their colleagues.

The company I chose basically did a three-year on-the-job degree level education with both workplace and formal classroom work; the other companies that offered me work had similar schemes. Even thirty years later, they still offered training although by then it had mutated to the level that if you left within a certain time period, there was a compensatory financial penalty.

Expecting someone else to provide the training for your staff is just plain foolish.

Are you saying 28 year old CEOs might not have a clue about things in general?

Someone should tell Meta they might have recently overpaid for one.

Nah, on second thought, let them burn their money.