I saw this post from Jacob titled Beware tech career advice from old heads and I think it’s spot on. Infosec, even back when I was first getting into the field in 2010-ish, has always had that seemingly artificial barrier-to-entry, but there was A LOT that was different then and just doesn’t apply today. The technical/experience expectation(s) for newcomers has skyrocketed, the competition for jobs has ballooned by several orders of magnitude it seems, opportunities have stagnated to a degree, and the advent of AI has started to put pressure on these sorts of technical roles.

When I was getting into the field the recommendation was basically, “get a certification or two, starting with the Security+—and ideally, have a degree in computer science”. That was it. Nowadays the expectations are through the roof, and you’re competing with others who are building incredible resumes before even landing their first job. Open source contributions, participating in capture the flag competitions, bug bounty hunting, multiple certifications, advanced degrees—all to just qualify and compete with other similar portfolios for an entry-level gig.

I do have advice (e.g. my playbook and clout-boosting tips, among other things), and I do share it quite often, but if you’re new to the field and trying to break in, it’s worth asking yourself how valuable that advice really is. After all, it’s been a while since I’ve had to “break in” myself…

Good luck on the hunt!