Sign up
Sign up
If you are in the job market right now, you undoubtedly notice the little ticker on Linkedin that tallies the number of applicants for each opening, and the rapid pace that number of applicants shoots up.
You certainly are noticing the number of form rejections you receive from those applications- even when you are unquestionably qualified for the role.
While some of this is undoubtedly due to the macroeconomic conditions- including layoffs and less overall job turnover- a good deal of it is also due to the newfound ease of applying (just click a button, or even automate the application itself) and the downstream automation of how systems handle all those applications.
There are many cybersecurity postings that are attracting north of 500 applications. Guess what, no human is reading all of those.
If there is a four letter word in job seeking today, it’s probably actually a three letter word- ATS.
Applicant tracking systems are the modern boogeyman for the candidate- the black box that is preventing you- the qualified candidate- from getting to interviews and having the chance to truly demonstrate your strengths. The mysterious system that you need to learn how to beat.
While in some forums ‘the ATS’ has achieved an almost mythical level of malicious capability- the reality is more pedestrian. Most of these originated as tools to manage the recruiting process, manage posts, and consolidate data. A CRM for recruiting, if you will.
Over time, they expanded capabilities to automate the ranking of potential candidates, and they do so by using ML (and increasingly LLMs) to rank candidates for fit with a given role. They do this by extracting a perspective on a candidate’s skills and experiences from the resume, and comparing those skills against requirements in the job description.
Most of these systems are still pretty dumb. For example, say ‘project management’ is a requirement, but you don’t list the actual words? Never mind that you were a consultant for a decade leading teams- that skill isn’t recognized because most tools are bad at interpolating context and are really just looking for keyword matches.
There are tools out there like jobscan that can help look at your resume, compare against a job description, and suggest improvements. They are worthwhile and can help. But overall recognize that fundamentally this is a law of large numbers problem and there is no magic bullet, and ATS systems vary wildly in their capabilities and results.
Overall advice:
In cybersecurity, we are all too familiar with the cat and mouse dynamic of defense against the adversary. There is a perpetual cycle of discovery and closure of new vulnerabilities, tactics, and vectors.
The concept also applies to recruiting. Candidates experience low interview hit rates and so apply to more jobs. More candidates, more automation.
It’s a vicious cycle.
One of the great ironies of this all is it is forcing a return / premium to the human dimension. And for job seekers, that means being networked. I won’t go into it extensively here, but you can check out these posts (part 1 and part 2) for deep dives on a how to execute a job search process, with practical networking advice.
Referrals, endorsements, and introductions from trusted people have always been a critical component of the hiring process, and exceptionally valuable. I’d argue that they become even more important in this environment. If you are in the market today, I’d guess that there’s a 90% chance that your next role comes about based on a human connection, not a blind application.
There is a lot of snake oil being sold on the vendor side of recruiting today. I suppose in the software and tech world there always has been. Something along the lines of ‘just buy this tool and your problem will go away.’ (Like the one security company that promises to ‘end cyber risk’ ahem, ahem ❄️🐺).
In the recruiting world, we are awash in promises to fully automate the process of recruiting from end to end and that AI will automagically find the perfect candidate for every role.
AI absolutely does hold promise for improving the effectiveness and efficiency of recruitment, and to some degree it is making things easier and faster already. But the promises of full automation and superior screening are misplaced.
Let’s unpack it.
Today, AI is amplifying two bad practices, both of which I’ve written quite extensively about.
First, most job descriptions in cybersecurity are poorly written.
LLMs are increasingly being used to generate job descriptions, and they can do a credible job in many ways. The problem is that they push everything back toward the mean, and perpetuate what is generally a sloppy and not well thought through exercise. They can be a great tool for a first pass, or generating ideas, but they don’t nudge things in the right direction.
Second, these tools are scoring based on the discrete number of skill and experience keyword matches, not on what is most important, and with no distinction between what can be learned and what can’t. I use a visual analogy of an iceberg- everyone pays attention to what is above the surface, because that’s what you can see- but you are missing the bigger picture. Experience on resume is minimally predictive of success. Broader context- motivation, grit, intelligence, curiosity, and capacity to learn matter tremendously. And you don’t pick that up with a keyword scan.
This perpetuates:
We are solving for the wrong problem. We need to figure out how to hire for quality before we solve for efficiency, otherwise we are just amplifying bad practices.
AI is only as good as the data that it was trained on. And right now we are training with a definition of success that is totally disconnected from reality.
So we get garbage in, garbage out.
The cost of a bad hire is tremendous- cultural degradation, lost productivity, more time work is not being done due to vacancy, team time spent sourcing and interviewing, etc. But instead of focusing on solving for an approach that brings in awesome talent, companies are spending time nickel and diming recruiting team productivity. We should only do that after we are getting fantastic hiring results.
While our current implementation of AI is guilty of perpetuating bad practices, that doesn’t mean that it’s without promise. Today the matching is being done at a keyword level, without context and without validation.
We are close to a world where AI can actually help validate, and likely do so with higher accuracy and less bias than is typical in human interviews.
These results won’t be perfect. But they can be better than what we do today, which is typically either 1) making an assumption that a skill is there because of some other proxy, or 2) gauging during interviews with no calibration and minimal intention.
Beyond validation, AI can help bring liquidity to the job market. There is indeed value in being able to parse through a large number of candidates- if your talent signals are right, the fidelity and quality of your matches will be higher with a larger sample size. And at large scale that’s just too much for a human to manage.
So if we get the assessments right, and complement initial screening at the skill level with a well designed interview process that provides a second layer of validation and tests for cultural fit, motivation alignment, and manager fit, we will have great results for both candidates and companies.
Candidates are already feeling the isolation of disconnection from the early stage parts of the recruiting process that are automated today- where, if you follow the process, all initial interactions are digital and there’s no transparency or clear logic as to when you get past the ATS screen.
If you believe the marketing hype, a world of full automation/ low no touch is promised.
And let’s be honest, it isn’t the connection between the candidate and the recruiter that matters, it’s the one between the candidate and the hiring manager, and the cultural fit with the team and the company. So some transactional squeeze on the recruiting end is fine, as long as it lead to rich engagement with the hiring manager.
The candidate experience suffers significantly if the process goes too far without them being able to do their own diligence on a company and the hiring manager. Space needs to be made relatively early on to ensure real human connection and the chance for both sides to evaluate fit.
And in the world we are in now, where the results are poor from automated screening, both sides are frustrated, so it’s the ability to have someone that is trusted recommend someone for a job that matters most. And that isn’t going away.
So get out there and build real human relationships. They will stand the test of time.