3/24/2026 at 7:36:50 PM
context: i teach at a local college in IT. some of my classes are part of the cybersec curriculum.as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
this is significantly different than when the program started (around 2015 or so), where roughly 4/5 of the graduating class had jobs (specifically in cybersec) lined up at the time of graduation.
cybersec is a bit of an outlier, but i see a similar trend with the networking program and game design program as well (the only other 2 i have first-hand knowledge of)
its rough out there! (i am recommending to my kids that they avoid post-secondary)
by john_strinlai
3/24/2026 at 7:40:55 PM
Game design also seems like it'd be an outlier fwiw, since it's a niche that people desperately want to get into if they've participated in contemporary entertainment culture in the last 2 decades, and that schools are happy to take their money for, but realistically the competition's always seemed high. Networking is a pretty boring unglamorous pursuit though that's very behind the scenes as well as being difficult and niche.by brailsafe
3/24/2026 at 9:42:19 PM
Game making is like film making in this regard: it's often a "passion job."by flopsamjetsam
3/24/2026 at 10:40:28 PM
This surprises and worries me, because it seems more important than ever to take cyber security seriously. Although bots are more sophisticated and capable than ever, people seem to feel much the same as they did ten years ago. It's as though security is eternally reactive.by steve_adams_86
3/25/2026 at 10:40:50 AM
I dont understand these degree programs. Those were single courses or side specializations in my computer science curriculum. And then you could build on one of the other after your degree.Cybersecurity is a subset of computer science.
by the_real_cher
3/24/2026 at 8:14:14 PM
None of the top cyber security talent I've worked with went to school for it, and I have been underwhelmed by what I see coming from college programs. These kinds of credentials themselves are not a signal of quality to me.by elevation
3/24/2026 at 8:17:08 PM
>The kinds of credentials themselves are not a signal of quality to me.i hear this online a lot but never from the companies and hiring managers that hired our cybersec students for the last decade.
keep in mind, this is not a 6-month "intro to cybersec" or bootcamp-style program.
by john_strinlai
3/24/2026 at 8:39:44 PM
Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.If I were running your college's program, I would invest in a presence at Defcon. If just one your students could use their skills to uncover and present something genuinely interesting, it would be worth covering their airfare and accommodations just to get your logo on the screen. If you could do this every other year, your program would have an unparalleled brand.
by elevation
3/24/2026 at 8:57:15 PM
>Goodwill with hiring managers is good. But in a down economy it'd be helpful to boost your reputation more broadly.part of our success over the years has been due to our reputation building, presence at local/state/national conventions, etc. that is exactly why the sudden downturn in hiring has been eye-opening.
by john_strinlai
3/24/2026 at 11:24:16 PM
> i am recommending to my kids that they avoid post-secondaryCertainly I'd avoid an expensive standard university to start unless they have an obvious path. I'd recommend the local community college for 2 years to get an Associate's Degree of some form though with an eye on heading to a university for the last bits.
by bsder
3/24/2026 at 7:49:55 PM
> I am recommending to my kids that they avoid post-secondaryI think that's a mistake, unless you mean "and go into debt for college". Working with many people over the years the educated (in STEM) are noticably better quality than high school or bootcamp folks on average. Work ethic or amount of code written is not an issue, just the general thinking through of problems.
by gedy
3/24/2026 at 8:02:17 PM
>unless you mean "and go into debt for college"well, yes. i am not rich. they would need to take loans. and from what i am seeing, they would likely end up working in the exact same position as the 19 year old who decided to go directly into the workforce.
i will, of course, support them no matter what they decide. but when we discuss options, i emphasize skilled trades, or working for a few years before committing themselves to tens of thousands of dollars of debt to very possibly end up in a position that doesnt require the schooling.
by john_strinlai
3/24/2026 at 8:53:00 PM
For what is worth. I am planning to save about 60k for each and encourage them to go to the State university that is 20minutes from home. Hopefully they can go to college and stay debt free. But it will be really up to them.by MyHonestOpinon
3/24/2026 at 8:13:52 PM
I don't mean to argue but living at home and community college + state school is a viable option. I was not wealthy but able to not borrow for school this way. Good luckby gedy
3/24/2026 at 8:35:56 PM
it is absolutely viable!i am just not recommending it as a first choice to my kids. i remember how it was presented to me: "go to post-secondary or be stuck burger-flipping forever."
this is also just one random teacher's opinion, where 99.9% of the context (e.g. academic history of my kids, aptitude, my experiences as a teacher, my location, etc.) are missing. so, mountain of salt and all that. my recommendation is specifically a recommendation for my kids.
by john_strinlai
3/24/2026 at 7:53:07 PM
> some of my classes are part of the cybersec curriculum> as far as i have been able track (linkedin, email, etc.) roughly 3/4 of the previous graduating cybersec class has been unable to get a job in cybersec. probably 1/2 of those are struggling to find even basic sysadmin or password-resetter positions.
What is the curriculum that is being taught in your program?
If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.
by alephnerd
3/24/2026 at 7:58:39 PM
>If it's "how to be a Splunk or Crowdstrike" admin or "how to be an L1 SOC" I don't think that is a hireable skill at this point.its not, and up until recently (~2 years or so), the majority of our graduates were instantly picked up.
by john_strinlai
3/24/2026 at 9:07:24 PM
What is the curriculum though - you don't need to send me the name of the institution but I've been a hiring manager in the space and a PM for some of the larger companies and I haven't been impressed by "Cybersecurity" bootcamps or degree holders unless they also had a tangible track record (eg. HackerOne).I feel a lot of hiring reflects that as well now - if I want a SWE to build a runtime agent I'm better off hiring a new grad from UC Berkeley who took CS162 and CS161 versus someone who took a summary course but doesn't understand how ld_preload works. Similarly, if I was doing AppSec for WebApps/OWASP I'd rather hire someone with an actual bounty track record on HackerOne instead of a bootcamp grad and potentially even a degree holder.
My best hiring pipeline have either been Vets who were in a Cyber MOS with a couple years of hands-on experience and then did a WGU type program (the WGU program was just a checkbox for HR) or successful bounty hunters with a strong track record on HackerOne or Cobalt.
by alephnerd
3/24/2026 at 10:10:16 PM
i have no arguments with anything you have said here. but none of it really explains how we went from most kids being hired directly into the industry a few years ago to only a few of them now. our curriculum has not changed enough in the last few years for the curriculum to be the culprit.we understand the importance of meeting the employers where they are at, so once a year we meet with ~15 industry partners (people in your position) and ask them directly questions like: "of your recent hires, what are they missing?", "what specific skills do you think needs more focus?", etc. that informs any changes we make for the following year. we have dropped entire courses and spun up new ones solely from industry input.
we also understand the importance of hands-on experience. it is probably the most common feedback we get from people in your position. we have a giant lab so kids get experience wiring up and configuring real physical appliances instead of doing it all in packet tracer or whatever. we have a bug bounty club, we attend and host hackathons, etc. courses are split roughly 50/50 between theory classes and practical classes. practical courses are mostly focused on "fix this shitty/vulnerable implementation of X" or "here is an existing environment, propose and then implement something that addresses X problem in the least-disruptive way" rather than "here is a fresh start, implement X in this perfect environment".
i dont want to give too much detail (e.g. course names and progression), as i would probably end up doxxing myself. but as someone who started off in the industry and then moved to a teaching position later in life, i am 100% with you. people who have real experience (e.g. a vet with cyber experience) are almost always going to be a better hire than a fresh graduate (i think this is true in any industry, and has always been true -- so it doesnt explain the change). but my job is to try and close that gap, and i think we have made good progress along that path. we are absolutely not a 6 month money-grab program.
by john_strinlai