context: i teach at a local college in IT. some of my classes are part of the cybersec curriculum.
as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
this is significantly different than when the program started (around 2015 or so), where roughly 4/5 of the graduating class had jobs (specifically in cybersec) lined up at the time of graduation.
cybersec is a bit of an outlier, but i see a similar trend with the networking program and game design program as well (the only other 2 i have first-hand knowledge of)
its rough out there! (i am recommending to my kids that they avoid post-secondary)
Game design also seems like it'd be an outlier fwiw, since it's a niche that people desperately want to get into if they've participated in contemporary entertainment culture in the last 2 decades, and that schools are happy to take their money for, but realistically the competition's always seemed high. Networking is a pretty boring unglamorous pursuit though that's very behind the scenes as well as being difficult and niche.
None of the top cyber security talent I've worked with went to school for it, and I have been underwhelmed by what I see coming from college programs. These kinds of credentials themselves are not a signal of quality to me.
Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.
If I were running your college's program, I would invest in a presence at Defcon. If just one your students could use their skills to uncover and present something genuinely interesting, it would be worth covering their airfare and accommodations just to get your logo on the screen. If you could do this every other year, your program would have an unparalleled brand.
>Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.
part of our success over the years has been due to our reputation building, presence at local/state/national conventions, etc. that is exactly why the sudden downturn in hiring has been eye-opening.
This surprises and worries me, because it seems more important than ever to take cyber security seriously. Although bots are more sophisticated and capable than ever, people seem to feel much the same as they did ten years ago. It's as though security is eternally reactive.
Take a look at what is coming out of RSAC right now. All the big boys are starting to lean heavily into things like agentic SOCs, agentic threat Intel, agentic appsec. I've been in appsec for a decade now and honestly I get it, a lot of this bullshit can be broken down into agentic flows pretty easy, it's even more compelling when you have a program with uninspired security leadership (most places)
I know I've worked with quite a few compliance/checkbox programs in which the people running things don't even seem to see their work as security-oriented anymore so much as... I don't know, generic criteria fulfillment. It made me trust code or systems that claim to be audited way less than I did before. The people I've seen auditing things are not critical, curious, serious people. They're like most other people, waiting for the day to end so they can do something else. I hate to say it but I can see agents being more effective in many cases.
We're kind of hosed, aren't we. The more I think about how complex and challenging security is getting, and will continue to get, the more I want to pull an Admiral Adama and pull everything offline. I need an air gap.
> I am recommending to my kids that they avoid post-secondary
I think that's a mistake, unless you mean "and go into debt for college". Working with many people over the years the educated (in STEM) are noticably better quality than high school or bootcamp folks on average. Work ethic or amount of code written is not an issue, just the general thinking through of problems.
well, yes. i am not rich. they would need to take loans. and from what i am seeing, they would likely end up working in the exact same position as the 19 year old who decided to go directly into the workforce.
i will, of course, support them no matter what they decide. but when we discuss options, i emphasize skilled trades, or working for a few years before committing themselves to tens of thousands of dollars of debt to very possibly end up in a position that doesnt require the schooling.
For what is worth. I am planning to save about 60k for each and encourage them to go to the State university that is 20minutes from home. Hopefully they can go to college and stay debt free. But it will be really up to them.
I don't mean to argue but living at home and community college + state school is a viable option. I was not wealthy but able to not borrow for school this way. Good luck
i am just not recommending it as a first choice to my kids. i remember how it was presented to me: "go to post-secondary or be stuck burger-flipping forever."
this is also just one random teacher's opinion, where 99.9% of the context (e.g. academic history of my kids, aptitude, my experiences as a teacher, my location, etc.) are missing. so, mountain of salt and all that. my recommendation is specifically a recommendation for my kids.
> i am recommending to my kids that they avoid post-secondary
Certainly I'd avoid an expensive standard university to start unless they have an obvious path. I'd recommend the local community college for 2 years to get an Associate's Degree of some form though with an eye on heading to a university for the last bits.
I dont understand these degree programs. Those were single courses or side specializations in my computer science curriculum. And then you could build on one of the other after your degree.
> some of my classes are part of the cybersec curriculum
> as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
What is the curriculum that is being taught in your program?
If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.
What is the curriculum though - you don't need to send me the name of the institution but I've been a hiring manager in the space and a PM for some of the larger companies and I haven't been impressed by "Cybersecurity" bootcamps or degree holders unless they also had a tangible track record (eg. HackerOne).
I feel a lot of hiring reflects that as well now - if I want a SWE to build a runtime agent I'm better off hiring a new grad from UC Berkeley who took CS162 and CS161 versus someone who took a summary course but doesn't understand how ld_preload works. Similarly, if I was doing AppSec for WebApps/OWASP I'd rather hire someone with an actual bounty track record on HackerOne instead of a bootcamp grad and potentially even a degree holder.
My best hiring pipeline have either been Vets who were in a Cyber MOS with a couple years of hands-on experience and then did a WGU type program (the WGU program was just a checkbox for HR) or successful bounty hunters with a strong track record on HackerOne or Cobalt.
i have no arguments with anything you have said here. but none of it really explains how we went from most kids being hired directly into the industry a few years ago to only a few of them now. our curriculum has not changed enough in the last few years for the curriculum to be the culprit.
we understand the importance of meeting the employers where they are at, so once a year we meet with ~15 industry partners (people in your position) and ask them directly questions like: "of your recent hires, what are they missing?", "what specific skills do you think needs more focus?", etc. that informs any changes we make for the following year. we have dropped entire courses and spun up new ones solely from industry input.
we also understand the importance of hands-on experience. it is probably the most common feedback we get from people in your position. we have a giant lab so kids get experience wiring up and configuring real physical appliances instead of doing it all in packet tracer or whatever. we have a bug bounty club, we attend and host hackathons, etc. courses are split roughly 50/50 between theory classes and practical classes. practical courses are mostly focused on "fix this shitty/vulnerable implementation of X" or "here is an existing environment, propose and then implement something that addresses X problem in the least-disruptive way" rather than "here is a fresh start, implement X in this perfect environment".
i dont want to give too much detail (e.g. course names and progression), as i would probably end up doxxing myself. but as someone who started off in the industry and then moved to a teaching position later in life, i am 100% with you. people who have real experience (e.g. a vet with cyber experience) are almost always going to be a better hire than a fresh graduate (i think this is true in any industry, and has always been true -- so it doesnt explain the change). but my job is to try and close that gap, and i think we have made good progress along that path. we are absolutely not a 6 month money-grab program.
"Two years later, enticed by the prospect that a higher degree would open doors to more opportunities, she enrolled at Rollins College, a private liberal arts school in Winter Park, Fla. She started studying art history, which felt like a natural extension of her love of art, writing and research."
I'm surprised that one goes into a field as small and competitive as art history in these days.
Museums, how many relevant art related roles can there be nation wide?
A major issue I feel has been a proliferation of lower quality programs charging a premium price as well.
It's become harder to vet undergrads in the US for specific subfields because of either a lack of preparation or subpar career services.
Additonally, at least in CS/CE the number of candidates have skyrocketed, but the reality is most companies can limit new grad hiring to 10-20 target programs nationally and 2-3 local programs and get the talent pipeline they need.
> Additonally, at least in CS/CE the number of candidates have skyrocketed, but the reality is most companies can limit new grad hiring to 10-20 target programs nationally and 2-3 local programs and get the talent pipeline they need.
Why? In my opinion a new grads can do good work and they take very low salary.
It's ridiculously funny that if I were to graduate from HBS today with an MBA, I would have a lower chance of securing my first job as an analyst at a private equity fund, as a fresh graduate. The numbers for graduates are even more terrible. Yes, I did the math and they are abysmal today.
I didn't read the article (paywalled), but did the headline is "young graduates face the grimmest job market in years". Did they address how many years? I've seen now compared to 2000 & 2008, which were bad, but that we bounced back from. Is it the grimmest job market in years or the grimmest in centuries?
According to the article's graph of the fresh grad unemployment rate, the present climate is about as bad as in 2003 but less than a third as bad as it was in 2010. Unemployment during the pandemic spiked well above 2010, but only briefly, before returning to pre-pandemic level.
Wealth inequality is beyond gilded age levels and all signs point to this only accelerating, the only significant economic growth over the past year is in technology meant to mass-replace labor, the government (in the US anyway) is openly corrupt and disdainful of its own citizens and is bankrupting the country while simultaneously stripping safety nets that could help soften the blow of previously mentioned issues, we've decided to pretend the climate crisis doesn't exist despite the clear evidence all around us that things are accelerating even faster than previous predictions.
Right. Whether it's absolutely true in an empirical sense almost doesn't matter. If enough people believe it's true--and I'd argue Gen Z absolutely does--it will become the reality. Whether it's a self-fulfilling prophecy or truth out of our control, it's the reality.
context: i teach at a local college in IT. some of my classes are part of the cybersec curriculum.
as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
this is significantly different than when the program started (around 2015 or so), where roughly 4/5 of the graduating class had jobs (specifically in cybersec) lined up at the time of graduation.
cybersec is a bit of an outlier, but i see a similar trend with the networking program and game design program as well (the only other 2 i have first-hand knowledge of)
its rough out there! (i am recommending to my kids that they avoid post-secondary)
Game design also seems like it'd be an outlier fwiw, since it's a niche that people desperately want to get into if they've participated in contemporary entertainment culture in the last 2 decades, and that schools are happy to take their money for, but realistically the competition's always seemed high. Networking is a pretty boring unglamorous pursuit though that's very behind the scenes as well as being difficult and niche.
Game making is like film making in this regard: it's often a "passion job."
None of the top cyber security talent I've worked with went to school for it, and I have been underwhelmed by what I see coming from college programs. These kinds of credentials themselves are not a signal of quality to me.
>The kinds of credentials themselves are not a signal of quality to me.
i hear this online a lot but never from the companies and hiring managers that hired our cybersec students for the last decade.
keep in mind, this is not a 6-month "intro to cybersec" or bootcamp-style program.
Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.
If I were running your college's program, I would invest in a presence at Defcon. If just one your students could use their skills to uncover and present something genuinely interesting, it would be worth covering their airfare and accommodations just to get your logo on the screen. If you could do this every other year, your program would have an unparalleled brand.
>Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.
part of our success over the years has been due to our reputation building, presence at local/state/national conventions, etc. that is exactly why the sudden downturn in hiring has been eye-opening.
This surprises and worries me, because it seems more important than ever to take cyber security seriously. Although bots are more sophisticated and capable than ever, people seem to feel much the same as they did ten years ago. It's as though security is eternally reactive.
Take a look at what is coming out of RSAC right now. All the big boys are starting to lean heavily into things like agentic SOCs, agentic threat Intel, agentic appsec. I've been in appsec for a decade now and honestly I get it, a lot of this bullshit can be broken down into agentic flows pretty easy, it's even more compelling when you have a program with uninspired security leadership (most places)
I know I've worked with quite a few compliance/checkbox programs in which the people running things don't even seem to see their work as security-oriented anymore so much as... I don't know, generic criteria fulfillment. It made me trust code or systems that claim to be audited way less than I did before. The people I've seen auditing things are not critical, curious, serious people. They're like most other people, waiting for the day to end so they can do something else. I hate to say it but I can see agents being more effective in many cases.
We're kind of hosed, aren't we. The more I think about how complex and challenging security is getting, and will continue to get, the more I want to pull an Admiral Adama and pull everything offline. I need an air gap.
> I am recommending to my kids that they avoid post-secondary
I think that's a mistake, unless you mean "and go into debt for college". Working with many people over the years the educated (in STEM) are noticably better quality than high school or bootcamp folks on average. Work ethic or amount of code written is not an issue, just the general thinking through of problems.
>unless you mean "and go into debt for college"
well, yes. i am not rich. they would need to take loans. and from what i am seeing, they would likely end up working in the exact same position as the 19 year old who decided to go directly into the workforce.
i will, of course, support them no matter what they decide. but when we discuss options, i emphasize skilled trades, or working for a few years before committing themselves to tens of thousands of dollars of debt to very possibly end up in a position that doesnt require the schooling.
For what is worth. I am planning to save about 60k for each and encourage them to go to the State university that is 20minutes from home. Hopefully they can go to college and stay debt free. But it will be really up to them.
I don't mean to argue but living at home and community college + state school is a viable option. I was not wealthy but able to not borrow for school this way. Good luck
it is absolutely viable!
i am just not recommending it as a first choice to my kids. i remember how it was presented to me: "go to post-secondary or be stuck burger-flipping forever."
this is also just one random teacher's opinion, where 99.9% of the context (e.g. academic history of my kids, aptitude, my experiences as a teacher, my location, etc.) are missing. so, mountain of salt and all that. my recommendation is specifically a recommendation for my kids.
> i am recommending to my kids that they avoid post-secondary
Certainly I'd avoid an expensive standard university to start unless they have an obvious path. I'd recommend the local community college for 2 years to get an Associate's Degree of some form though with an eye on heading to a university for the last bits.
I dont understand these degree programs. Those were single courses or side specializations in my computer science curriculum. And then you could build on one of the other after your degree.
Cybersecurity is a subset of computer science.
> some of my classes are part of the cybersec curriculum
> as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
What is the curriculum that is being taught in your program?
If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.
>If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.
its not, and up until recently (~2 years or so), the majority of our graduates were instantly picked up.
What is the curriculum though - you don't need to send me the name of the institution but I've been a hiring manager in the space and a PM for some of the larger companies and I haven't been impressed by "Cybersecurity" bootcamps or degree holders unless they also had a tangible track record (eg. HackerOne).
I feel a lot of hiring reflects that as well now - if I want a SWE to build a runtime agent I'm better off hiring a new grad from UC Berkeley who took CS162 and CS161 versus someone who took a summary course but doesn't understand how ld_preload works. Similarly, if I was doing AppSec for WebApps/OWASP I'd rather hire someone with an actual bounty track record on HackerOne instead of a bootcamp grad and potentially even a degree holder.
My best hiring pipeline have either been Vets who were in a Cyber MOS with a couple years of hands-on experience and then did a WGU type program (the WGU program was just a checkbox for HR) or successful bounty hunters with a strong track record on HackerOne or Cobalt.
i have no arguments with anything you have said here. but none of it really explains how we went from most kids being hired directly into the industry a few years ago to only a few of them now. our curriculum has not changed enough in the last few years for the curriculum to be the culprit.
we understand the importance of meeting the employers where they are at, so once a year we meet with ~15 industry partners (people in your position) and ask them directly questions like: "of your recent hires, what are they missing?", "what specific skills do you think needs more focus?", etc. that informs any changes we make for the following year. we have dropped entire courses and spun up new ones solely from industry input.
we also understand the importance of hands-on experience. it is probably the most common feedback we get from people in your position. we have a giant lab so kids get experience wiring up and configuring real physical appliances instead of doing it all in packet tracer or whatever. we have a bug bounty club, we attend and host hackathons, etc. courses are split roughly 50/50 between theory classes and practical classes. practical courses are mostly focused on "fix this shitty/vulnerable implementation of X" or "here is an existing environment, propose and then implement something that addresses X problem in the least-disruptive way" rather than "here is a fresh start, implement X in this perfect environment".
i dont want to give too much detail (e.g. course names and progression), as i would probably end up doxxing myself. but as someone who started off in the industry and then moved to a teaching position later in life, i am 100% with you. people who have real experience (e.g. a vet with cyber experience) are almost always going to be a better hire than a fresh graduate (i think this is true in any industry, and has always been true -- so it doesnt explain the change). but my job is to try and close that gap, and i think we have made good progress along that path. we are absolutely not a 6 month money-grab program.
"Two years later, enticed by the prospect that a higher degree would open doors to more opportunities, she enrolled at Rollins College, a private liberal arts school in Winter Park, Fla. She started studying art history, which felt like a natural extension of her love of art, writing and research."
I'm surprised that one goes into a field as small and competitive as art history in these days.
Museums, how many relevant art related roles can there be nation wide?
https://archive.ph/2026.03.24-100557/https://www.nytimes.com...
A major issue I feel has been a proliferation of lower quality programs charging a premium price as well.
It's become harder to vet undergrads in the US for specific subfields because of either a lack of preparation or subpar career services.
Additonally, at least in CS/CE the number of candidates have skyrocketed, but the reality is most companies can limit new grad hiring to 10-20 target programs nationally and 2-3 local programs and get the talent pipeline they need.
> Additonally, at least in CS/CE the number of candidates have skyrocketed, but the reality is most companies can limit new grad hiring to 10-20 target programs nationally and 2-3 local programs and get the talent pipeline they need.
Why? In my opinion a new grads can do good work and they take very low salary.
> can do good work
Doesn't mean will, and if their work isn't good the low salary isn't particularly beneficial.
https://en.wikipedia.org/wiki/Elite_overproduction
It's ridiculously funny that if I were to graduate from HBS today with an MBA, I would have a lower chance of securing my first job as an analyst at a private equity fund, as a fresh graduate. The numbers for graduates are even more terrible. Yes, I did the math and they are abysmal today.
I didn't read the article (paywalled), but did the headline is "young graduates face the grimmest job market in years". Did they address how many years? I've seen now compared to 2000 & 2008, which were bad, but that we bounced back from. Is it the grimmest job market in years or the grimmest in centuries?
According to the article's graph of the fresh grad unemployment rate, the present climate is about as bad as in 2003 but less than a third as bad as it was in 2010. Unemployment during the pandemic spiked well above 2010, but only briefly, before returning to pre-pandemic level.
The geezers in power have been grooming them for the peasantry. The signaling is explicit. You will own nothing and you will be happy.
And you will only be happy of course because it’s above you status to worry about the upsetting things.
The amount of sentiment like this is scary. I’m not disagreeing with you but there isn’t a lot of optimism overall.
Wealth inequality is beyond gilded age levels and all signs point to this only accelerating, the only significant economic growth over the past year is in technology meant to mass-replace labor, the government (in the US anyway) is openly corrupt and disdainful of its own citizens and is bankrupting the country while simultaneously stripping safety nets that could help soften the blow of previously mentioned issues, we've decided to pretend the climate crisis doesn't exist despite the clear evidence all around us that things are accelerating even faster than previous predictions.
Not a lot to be optimistic about.
Right. Whether it's absolutely true in an empirical sense almost doesn't matter. If enough people believe it's true--and I'd argue Gen Z absolutely does--it will become the reality. Whether it's a self-fulfilling prophecy or truth out of our control, it's the reality.
[dead]