Hiring from a director of cyber's perspective.
I thought I’d give you all a view from the other side of the table and what I deal with as a hiring director.
I’m the director/manager of a small DFIR/cyber team in the southern U.S. We’re part of a larger group of about 50 people. Our team focuses on critical infrastructure and the industry around us. We occasionally hire entry-level people.
We recently posted two entry-level cyber jobs for our group and got just under 300 applicants. I intentionally did not post on the big job boards because I did not want 1,000+ applications to sort through, and I do not have the budget or ability to relocate people across the country. I advertised on university job boards in my region, spoke to CS and CIS classes at universities nearby, and went to monthly tech and cyber meetups in the area to talk about the opportunity. Word of mouth brought in a few people from farther away too.
Majority of the resumes had 4 yr degree, standard classes but little to nothing more.
Once we filtered for our minimum requirements and preferred skills, that cut the pool down to about 70.
Our baseline requirements were:
4-year degree in computer science, CIS, IT, or cybersecurity, or 4 years of equivalent experience
- U.S. citizen
- clean criminal record
- ability to regularly pass a drug test
Preferred exposure included some mix of:
- network infrastructure: firewalls, switches, routing, general enterprise networking
- cloud infrastructure: AWS, Azure, etc.
- scripting/programming: Python, Go, Rust, PowerShell, Bash
- desktop/server administration: Windows, Linux, macOS
- forensics tools: Axiom, FTK, Autopsy, Cyber Triage, Volatility
- big data / security platforms: Elasticsearch, Splunk
The resumes told a pretty clear story about the current cyber job market.
Most of the filtered applicants were students or recent grads. Lots of cybersecurity, CS, IT, and information systems degrees. Security+ was everywhere. Python, networking, Linux, Windows, SQL, cloud, Wireshark, PowerShell, Active Directory, Nmap, Splunk, AWS, Azure, Kali, GitHub, all showed up regularly.
On paper, a lot of people looked “cyber enough.”
What was harder to find were candidates with real depth. Not many had meaningful foundational experience (networking, desktops, servers).. without this i cant teach you our workflow and processes. When you have that many applicants, you can afford to be picky, and my expectations higher. I need people with at least some real-world experience and practical exposure, not just home labs and TryHackMe-style exercises.
That stuff has value. I’m not dismissing it. But it is very different from working in real environments where mistakes matter, users are frustrated, systems are old, documentation is incomplete, and the network or server you are touching is tied to an actual mission.
A lot of resumes were built around coursework, home labs, and student projects. Again, that is not worthless. But it is not the same as supporting broken systems, troubleshooting real production issues, or working through ambiguous technical problems where there is no perfect answer.
The strongest candidates usually had a second layer underneath the “cyber” label. They had done help desk, sysadmin work, software development, military, law enforcement, research, or serious internships that gave them technical maturity.
From the 70, we pulled 15 for interviews. There were more people than that who were qualified and capable, but interviews take time and I only need two hires.
My first round is a 20 to 30 minute Teams meet-and-greet. I want to hear the candidate, get a feel for who they are, explain what we actually do, and let both sides decide whether it feels like a fit. Communication matters. Personality matters. Team fit matters. I have a team that runs smoothly and works well together. I do not need someone who is going to disrupt what we’ve worked hard to build.
From there we narrowed it to 6 and brought them in for a 1-hour technical interview. No computers, no AI, just us sitting around a table and a whiteboard. I do not expect entry-level candidates to know every answer. I do expect them to think through problems, use their fundamentals, make reasonable assumptions, and talk through possible solutions. I want to see thought process, honesty, and problem-solving. “I don’t know” by itself is not enough. “I don’t know, but here is how I would work through it” is a much better answer.
One thing I think Reddit gets badly wrong is how much people dismiss help desk and foundational IT work. The right help desk job can expose you to everything from end-user problems to server issues, account management, AD, patching, networking, documentation, escalation, and troubleshooting under pressure. A university help desk job while you’re still in school is honestly a very solid place to start. Over 2 to 3 years, that can turn into sysadmin or network admin experience, and that foundation matters a lot.
That is not a knock on the applicants. It is just the reality of the market right now.
The entry-level cyber market is crowded with people who have degrees and experience. (notice i didnt say certs, they dont really matter to me)
It is much less crowded when you start looking for people with real technical foundations, practical troubleshooting ability, professional communication skills, and experience applying those skills in environments that matter.
For people trying to break in, my advice is simple: a 4 yr degree matters, real world work experience matters. Even if you have the degree, even if you have the certs, you still need real exposure. Get the internship get a job while you're in school. Get the help desk job. Work systems. Build things. Fix things. Support users. Touch real infrastructure. That is what separates people.
A degree gets you considered. Certifications might help. Real experience gets you hired.