The Myth of the Entry-Level Cybersecurity Analyst: A Job Description from Another Dimension

In the cybersecurity world, where precision and practicality are everything, there’s one domain that consistently defies logic: job descriptions. And no posting better exemplifies this than the infamous “entry-level” cybersecurity analyst role with demands that would make even the most seasoned professionals laugh, cry, or both.

You’ve seen them. They go something like this:

“Looking to hire an Entry-Level Cyber Security Analyst. Must have CISSP, OSCP, CEH, and 15 years of experience.”

Let’s unpack this anomaly in hiring practices. Grab your popcorn—it’s going to be a wild ride.

1. Decoding the Absurd Requirements:

1.1 CISSP: A Certification for Veterans, Not Rookies

For the uninitiated, the CISSP (Certified Information Systems Security Professional) isn’t your average certification. It requires five years of professional experience in cybersecurity, verified through endorsements. How, exactly, is this compatible with “entry-level”? Did the candidate start their career as an infant? Perhaps they accrued experience hacking toy robots in daycare?

1.2 OSCP: The Gladiator Arena of Certifications

The OSCP (Offensive Security Certified Professional) isn’t for the faint-hearted. It’s a grueling, hands-on exam designed for penetration testers who already know what they’re doing. Expecting an entry-level analyst to have OSCP is like asking someone fresh out of driver’s ed to win the Monaco Grand Prix.

1.3 CEH: A Classic, but Not Entry-Level Either

The Certified Ethical Hacker certification is often used to demonstrate ethical hacking fundamentals. While it’s somewhat more accessible, requiring it for an entry-level role alongside CISSP and OSCP is like asking for a Swiss Army knife when a butter knife will do.

1.4 15 Years of Experience: Time Travel Required

This one deserves a standing ovation. If someone has 15 years of experience, they’re likely managing entire cybersecurity programs, not applying for “entry-level” roles. What’s next? Asking for an MBA in quantum computing for a junior data analyst?

2. The Salary Paradox

Let’s not ignore the elephant in the room: these job postings often come with salaries that barely cover rent. You want a CISSP-certified, OSCP-wielding, 15-year veteran? Great! But offering them $20,000 a year and “the chance to grow with the company” isn’t just insulting—it’s delusional.

3. The Consequences of These Ridiculous Postings

3.1 Driving Away Talent

Imagine you’re a bright-eyed graduate with a degree in cybersecurity, a shiny new Security+ certification, and dreams of making a difference. Then you see these postings. You think, “If this is what they expect for entry-level, I’ll never make it.” Congratulations, you’ve just scared away a perfectly capable future cybersecurity professional.

3.2 Undermining Industry Credibility

These job descriptions make our industry look unapproachable, out of touch, and frankly, a bit ridiculous. They perpetuate the myth that cybersecurity is an elite club, accessible only to the chosen few.

3.3 Hiring Logjams

By setting unrealistic expectations, companies narrow their talent pool to near-zero. Instead of hiring eager, trainable individuals, they waste months chasing unicorns that don’t exist.

4. What Should an Entry-Level Job Actually Look Like?

4.1 Realistic Expectations

• Certifications: Security+ or CompTIA Cybersecurity Analyst (CySA+).
• Experience: Internships, personal projects, or self-taught skills.
• Skills: A foundational understanding of networking, basic scripting, familiarity with tools like Wireshark or Splunk, and a healthy dose of curiosity.

4.2 Competitive Salaries

If you want to attract talent, pay them what they’re worth. Entry-level doesn’t mean undervalued.

4.3 Training and Growth Opportunities

Remember, entry-level roles are for candidates who are starting out. Offer mentorship, on-the-job training, and access to learning resources. If you want experts, create them.

5. Suggestions for Hiring Managers

5.1 Engage with the Community

Participate in forums, meetups, and conferences to understand the talent pool. The cybersecurity community is full of eager professionals looking for their first break.

5.2 Write Better Job Descriptions

Clearly define what “entry-level” means. Use phrases like “0-2 years of experience” or “basic understanding of cybersecurity principles.” Leave the CISSP and OSCP for senior roles.

5.3 Focus on Potential, Not Perfection

Look for candidates with the right mindset, not just the right resume. A candidate who’s passionate, curious, and eager to learn will often outperform someone with a stack of certifications but no enthusiasm.

6. What Can the Cybersecurity Community Do?

6.1 Call Out Unrealistic Postings

If you see absurd job descriptions, share them (anonymously, if needed). Let’s make these practices a cautionary tale.

6.2 Mentor Newcomers

Guide aspiring professionals through the maze of certifications, skills, and career paths. Help them understand what’s really important and how to get there.

6.3 Advocate for Change

Push for better hiring practices in your own organizations. Educate HR teams on what cybersecurity roles truly require.

Final Words

To hiring managers writing these absurd postings: It’s time for some self-reflection. Entry-level means entry-level. If you’re expecting a candidate to be a cybersecurity wizard with certifications and experience dripping out of their ears, don’t be surprised when your role goes unfilled for months.

To the cybersecurity professionals reading this: Let’s build a better industry. Advocate for realistic hiring practices, mentor those entering the field, and keep calling out these ridiculous standards.

And to the aspiring analysts discouraged by these postings: Don’t be. These job descriptions are the problem, not you. Build your skills, seek out supportive organizations, and remember—every expert in this field started where you are now.

Because, spoiler alert: I am still not a CISSP.