> I spend a decent amount of time trying to advise people away from this career field for college. So so so so so many people are going to college for cyber not realizing when they graduate, they are in totality unemployable.

My spouse knows a recent grad who took this path through an undergraduate program at the University of Maine (https://www.uma.edu/academics/programs/cybersecurity/cyberse...). As you said, he was unhirable in this field and now works in a completely unrelated job in a hospital.

Universities, local governments, local legislatures, the federal government, and whatever industry lobbying orgs that pushed for this are at fault. The apocalyptic narrative warning of a dire skills shortage are still being pushed out by industry:

Cybersecurity workforce shortage reaches 4 million despite significant recruitment drive (2023) https://www.csoonline.com/article/657598/cybersecurity-workf...

It's led to an expensive, unforgivable mess for a lot of young people and their families.

I personally as a general rule don’t hire people who work in cybersecurity if they were not traditional developers first. The chances of you understanding “cybersecurity” without also understanding how general software works is extremely low.

> A lot of the entry jobs in tech though are not complicated and can easily be taught on site but even then, companies have defaulted to requiring years of prior experience even for those positions.

I graduated with an AS in programming in the mid-late 1990s. I continually sent resumes for 18mos and got back 2 replies.

I had 2 major strikes against me. I was a new coder. I worked in a region that was reluctant to consider new hires (even for no-skill jobs) w/o an introduction.

My scholarship came with job placement but the entire program was axed by the Contract With America prior to me graduating. Apparently the animosity toward helping folks off the bottom rung outweighed any platitudes about jobs.

I eventually eked out a living doing local IT work but I never did reach a living wage.

> However it happened, the absolute maniacal obsession with job experience has ruined the market.

The problem isn't necessarily with job _experience_. It's the acronym. Most employers seem to believe that YOE stands for years of _employment_, which has effectively cut off anyone who wasn't previously employed at a relevant position. You can gain experience in almost anything by working hard at home (and 90% of that would absolutely carry over to a FT position), but you can't do the same for employment (unless you accept fabricating your job history). Cybersecurity is actually a field where hacking away at home, messing around with codebases, doing ctfs can actually give you TONS of experience, but barring you coming up with major zerodays, no one cares.

Have a friend just graduated in cybersecurity. He’s going into the military with it.

The absolute wild opposite (for cybersecurity) to this is that higher level individuals are in such insane demand that if you are underpaid even during the current wage suppression, going to over market should be almost completely trivial.

Are the companies hiring fewer people than they need? If not then perhaps the fault is not with their standards but with an oversupply of applicants.

> Yes the more involved jobs in information security do require widespread knowledge that can't necessarily be taught on site

It certainly can, companies just don't want to pay for that training. That's really where the "maniacal obsession" with job experience comes from. Companies just want to save money on training.

I’m just a swe, but I kinda thought cyber is a good place to be, since the proliferation of insecure vibecoded apps.

what about oscp certification?