College grads face a chaotic, nearly indiscernible IT job market

College grads are being screened out by AI before humans ever see their resumes, even as overwhelmed recruiters list “entry-level” jobs requiring years of experience. At the same time, hiring slowed sharply in April and May across all industries — including cybersecurity.

In April, employer hiring fell to its slowest pace in more than a decade, excluding the early months of the COVID-19 pandemic in 2020. “It’s happening in every industry,” according to a study by the nonprofit ISC2 (International Information System Security Certification Consortium).

Despite strong hiring intentions in late 2024, the cybersecurity field continues to face growing economic pressure. Hiring alone won’t solve skills shortages; organizations must also focus on retention, especially as the cost of an average US hire is nearly $5,000, according to the ISC2 study.

The study focused on hiring in cybersecurity roles, but it found more broadly that many organizations now prioritize soft skills and diverse backgrounds over technical expertise for a number of IT roles, reflecting a shift in a confusing job market. The research also found that certifications now outrank both education and experience when hiring for junior roles and more than half of hiring managers say they’ve passed on candidates because of social media activity.

ISC2 also found that many organizations are hiring people without technical chops for IT roles, preferring candidates with non-technical skills such as teamwork, problem-solving, and analytical thinking. However, a gap remains between expectations and realistic capabilities; for instance, while cloud security is deemed essential, few believe entry-level workers are ready to handle it.

When they do hire for tech roles, 90% of managers prefer IT experience and 89% prefer certifications over formal education.

ISC2 research shows many managers set unrealistic expectations for entry-level cybersecurity roles, despite this group’s potential to fill key skills gaps with proper support. For example, a third of hiring managers ask for advanced certifications like the CISSP in junior roles, even though they require multiple years of experience. Many of those certifications are intended to support more experienced cybersecurity professionals, not entry- and junior-level positions.

For example, 38% of hiring managers require the CISA (ISACA) certification for entry-level positions, even though the certification demands a minimum of five years of professional experience in information systems auditing, control, assurance or security. Likewise, hiring managers expect around a third of entry- (34%) and junior-level (33%) candidates to have the (ISC2) certification, which also requires a minimum of five years of cumulative, paid experience in cybersecurity.

Internships (55%) and apprenticeships (46%) are increasingly used to source talent, especially in sectors such as education, government, and energy, ISC2 said.

Despite concerns about attrition (58%), most managers have the budget for training (75%) and staffing (73%), seeing early-career development as fast, cost-effective, and strategic. Many also hire from non-tech academic backgrounds, recognizing the value of diverse perspectives.Mosyle’s AccessMule makes employee access a little easier for SMBs – ComputerworldRead More