Tony Bradley, a seasoned communications professional in the cybersecurity industry, was blindsided when he was recently laid off from his role as a marketing director.
“It really was a complete shock. I was not a founder, but I was part of the C-suite inner circle for planning and strategizing,” he says. “I was definitely under the impression that we were all on the same page and we were a team working together. I was wrong.”
Instead, about a year into the job, Bradley received a call and was informed that a human resources representative was in attendance. Since then, Bradley has been searching for a new role, but it has been difficult. The layoff, he says, has had both financial and psychological effects.
“It was rough emotionally,” Bradley says. “I would go back and forth from anger to depression and back again as the weeks turned into months and no opportunities presented themselves. Financially, it really devastated me and my family.”
Unfortunately, Bradley’s story is common in 2024. The cybersecurity sector has seen significant layoffs, leaving many professionals scrambling for new opportunities. The list of companies with layoffs over the past year include Aqua Security, Orca Security, Veem, Jamf, Proofpoint, Kaspersky, CyberProof, OpenText. Apple, Google, Microsoft, Cisco, and Amazon.
According to layoffs.fyi, a tech layoff tracker, 366 tech companies had layoffs this year, and 107,370 employees lost their jobs. Among the list maintained by layoffs.fyi are three security firms in the top 10 list.
Budget Cuts Hit Security
James, an experienced security executive who prefers to remain anonymous, is another casualty of cybersecurity layoffs. He was recently laid off from his CISO role due to a series of budget cuts.
“We actually had been experiencing a revenue spike for the week prior,” he says. “But my CEO informed me on that Monday morning that he was making more cuts to ‘pre-empt’ further revenue losses later this year.”
James describes his initial reaction as one of shock and sadness.
“A lot of years of effort and good work, all for it to be devalued like this,” he says. “Wrap it up however nicely as you want, when it really came down to it, the business did not value my security program as much as it did its short-term profits.”
In the days and weeks following his layoff, James felt a range of emotions, from frustration and disappointment to anger.
“I kind of feel like what is the point of doing this job if our reward for doing it well is a pink slip?” he says. “I was a wreck of stress. It put an unfortunate amount of financial stress due to my mortgage, and professionally I felt stuck. But I refuse to take a step back down just for the sake of a paycheck.”
In his job search, so far James has leaned heavily on his network; he says listings on LinkedIn, Indeed, Monster, and other job listing platforms are oversaturated and a fruitless game. James is currently in the middle of a hiring process for a referred role but has faced a lot of rejection for positions he applied for externally. He believes the job search process is fundamentally broken.
“Roles are not accurately described, and oftentimes job processes are a rigged game,” James says. “The company knows who it wants to hire before it lists the role. They just collect data about applicants for their own interests.”
The Problem With the Job Search Process
As James notes, one of the primary reasons for the frustratingly long job searches these days is that the job application process is not working for job seekers. Deidre Diamond, founder and CEO of CyberSN, which focuses on the cybersecurity workforce, echoes his sentiment.
“Job descriptions don’t make sense, so you don’t really know if you are qualified,” she says. “Many postings are from public companies that post externally even though they will hire internally. Once you do get to talk to a recruiter, they don’t necessarily know cyber. The matching process is flawed. Searching and matching often results in only one out of 20 applicants being a possible fit.”
Employers are getting hundreds of applications an hour on LinkedIn but are barely able to vet even a few, Diamond adds. As a result, job seekers are suffering from imposter syndrome, putting in valuable time on applications that ultimately go nowhere.
“It’s psychologically damaging,” she says. “But it is not the applicant’s fault.”
Diamond suggests that for job seekers with experience, it is just a matter of navigating the broken system. Only 10% of people find jobs from job postings these days, she says.
“If you like a company, apply. Work your network aggressively,” she says. “It is a positive thing, not negative. Use Slack channels for security people. Bring risk out in your resume. Show up interesting and interested in interviews.”
Sue Bergamo, a global CISO/CIO who considers herself a “connector” when it comes to helping people find roles in cybersecurity, agrees with Diamond. She also says there may be additional challenges in the job search process for women. Women in CyberSecurity’s “2023 State of Inclusion Benchmark in Cybersecurity” report affirms that women are five times more likely to report exclusion in the industry.
“The hiring cycle and process take forever. Women are definitely being pushed aside in this market,” Bergamo says. “I have had a recruiter say to me, ‘Women need not apply.’ My comment was, ‘Why would you work with that client?'”
What’s more, she says, the hiring process is plagued by ghost positions and ghosting by employers. Bergamo advises job seekers to leverage their networks and be OK with telling people that they are unemployed. Like Diamond, she suggests going far beyond job listings and looking for opportunities at companies of interest, even if they are not hiring at the moment.
“Hacking for a new job works,” Bergamo says. “Target a role, target people you know, target some you don’t. Many connections I know say it has helped them push through and get hired.”
Keeping the Faith in Tough Times
Bradley, who continues to remain optimistic while searching for new opportunities, says the experience has given him a chance to reflect on bigger-picture issues.
“Family and friends and experiencing life are higher priorities,” he says. “A job is only important to the extent that it can support living life the way you want.”
Bradley has approached his job search by reaching out to his network of contacts and applying for roles related to his skills and experience on Indeed and LinkedIn. He has also taken courses through platforms like HubSpot and LinkedIn, but the search continues. His advice to others is to lean into friends and family, remember what’s most important, and consider side hustles to maintain financial stability. But make no mistake: Being laid off in information security can be particularly challenging, he says.
“For more industry-specific roles, it’s tough because it’s a relatively small and incestuous world — and the entire infosec market seems to be in austerity and layoff mode, so the options for employment are very limited,” Bradley says.