Jobs
For candidates
For Employers
For Employers
Cyber professional recruiting
Executive/ CISO recruiting
Board of directors roles
Cybersecurity talent strategy development
Insights & resources
Insights & resources
Blog
Partners
Cybersecurity conference calendar
About
Sign up
Sign up
Name of user
Profile
Assessments
account
log out
Log in
Sign up
Jobs
For candidates
For candidates
For candidates
Cybersecurity sales talent
Technical talent
For Employers
For Employers
Cybersecurity sales talent
Contract/ fractional technical talent
Full time technical talent
Executive/ CISO talent
Insights & resources
Insights & resources
Blog
Partners
Cybersecurity conference calendar
About
Jobs
Hire
For candidates
For candidates
Cybersecurity sales talent
Technical talent
For Employers
Cybersecurity sales recruiting
Contract/ fractional technical staffing
Technical practitioner recruiting
Executive recruiting
Insights & resources
Blog
Partners
Cybersecurity conference calendar
About
Log in
Sign up
Profile
Assessments
account
log out
back
For Candidates
for hiring managers
For everyone

The problem with most job boards

Job hunting
Job boards
Resumes
Networking

This is, indeed, a monster

I’d have to consult with Dante, but I’m pretty sure that conducting a job search with a heavy reliance on job boards is at least some inner circle of hell. The fifth is anger, so maybe that one. I think root canals and DMV lines are sixth and seventh.

The problem with most job boards

Almost all of us check out job postings from time to time. Some on a passive basis to stay on top of the market, others a bit more actively while thinking about making a move, and full on if you are in the market. They are less relevant for very senior roles, but a great way to gain visibility on staff and individual contributor roles.

That being said, I see many folks we work with struggling to productively leverage job boards, and frustrated by the travails of an active search, so I wanted to share a few common challenges and observations, as well as some advice.

We are also working on a major project to help address these concerns- but more to come on that in a few weeks.

First, the good.

  • Job boards give you a sense of the market- what qualifications employers are looking for, who is hiring, what pay ranges look like (though often you have to look at a lot of jobs to get a good gauge on trends)
  • You can set up alerts and hop on newly posted jobs (where you have an advantage as an early applicant)
  • Sometimes they do actually lead to a company and candidate linking up
Crux

Now, the not so good. I’ll divide this into ‘pre-application’ and ‘post-application’.

Pre-application:

  • It can be a huge pain to narrow down to a relevant set of jobs and stay on top of newly posted ones
  • Most search algorithms are based on job titles, which are all over the place in our industry and frequently don’t accurately describe the work to be done
  • Seniority level frequently isn’t clear, and at best is inconsistent across companies
  • Search results tend to catch many irrelevant jobs (see below for results from an IAM job alert… thanks Indeed)
Pre-application and Post-application
  • Job descriptions suffer from myriad problems- we did a full teardown of this a few months ago here.
  • There are a ton of jobs from recruiters that earn their money in contingent search and thus anonymize the actual employer. Often the JDs here are little more than 5 bullets on requirements. These just add noise from a job seeker’s perspective (does anyone actually apply for them??)

Post-application:

  • The odds of a job application leading to an actual job at the end are low. That’s just a matter of statistics. Job boards are just one source of candidate flow. There’s proactive outreach, internal candidates, referrals, etc. So out of the gate, there’s only a certain percent chance (probably <30%).
  • The constant rejection can be demoralizing, particularly when you know you are qualified and could do a good job
  • Companies are screening on the wrong things. They are only looking at what is visible from the resume, and in the process, end up cutting out many people that could do a great job. More to come on this topic in future weeks.
  • There’s been an increasing phenomenon of ‘ghost jobs’ that are posted but without a real intention of hiring. See full story here. (I’d be curious to speak with you if this has happened to you)

So, is it still worth it? Here’s what can you do:

  • Don’t over-rely on job boards. Thing of it more as an intelligence tool than a means to get a job. Lean into networking, building recruiter relationships etc as part of a multi-pronged strategy.
  • Network: How to do this well well is its own longform piece. However, I can point to a few good resources:
  • Cold outreach on Linkedin (Josh Fullmer)
  • Getting referred into a job (Josh Fullmer)
  • Lean heavily on local security communities. For example, here in Colorado, there are very active chapters of the Cloud security alliance (CSA), OWASP, as well as local meetups and a group called Colorado = Security which is incredibly vibrant. Figure out what is relevant in your market and get involved (both in person and on slack/ discord channels)
  • If there are jobs you are particularly excited about, invest to get to know the company, build relationships with folks on the security team, and stand out with your enthusiasm. It goes a long way.
  • Set up your job alerts well. Try using “” around certain titles to increase the stringency of the search, and add a few various titles, for example:
  • “IAM manager” OR “Identity & access management engineer” OR “IAM architect”
  • Keep a saved folder of interesting/ relevant jobs. With some volume, take a close look at:
  • Responsibilities and skills- fine tune your story on why you are a great fit. Make sure your resume hits the keywords.
  • Comp- is it appropriate for what you are looking for
  • Remote/ on site- to set your expectations appropriately
  • Spend your time on good job boards. 
  • Google Jobs- 4/5. Excellent search and filter capability. Alert relevance can be hit or miss (they tend to stuff a lot in there). The biggest issue is that some of the job boards that feed this service are super shady and frequently don’t reflect actual jobs that are really open.
  • LinkedIn: 4/5. Has a large number of jobs and makes it (a bit) easier to research who the hiring manager and recruiter are. Their alerts are reasonably on point. Search accuracy can be somewhat low.
  • Jooble- 4/5. This is a good service that aggregates jobs from various job boards. Their search accuracy is high, but quality is only as good as the job boards that feed it (builtin seems to be a good one). Alert quality is only OK
  • Indeed: 3.5/5. Great for the number of jobs, but searches frequently yield many irrelevant jobs, and the ongoing alerts are almost useless.
  • Ninja Jobs- 3.5/5.Good site with better filter capabilities than most, but job postings are pay to play so don’t expect to see a whole universe here. Lots of jobs from cyber tech and services firms if that’s what you are interested in. Check in in conjunction with the big job sites.
  • Monster & Zip Recruiter: 3/5. These rarely have jobs that you won’t find elsewhere and don’t seem to fit security well. OK to skip.
  • Dice- 3/5. Lots of anonymized recruiter jobs and not a ton of depth. But you may see jobs here that you don’t elsewhere.
  • Infosec-jobs- 3/5. Good site with jobs that are easy to filter, but quantity is limited and many of the jobs are international
  • CyberSN- 2/5. Claims to have 200K security job postings but the vast majority are expired or broken links. Pass.

Here’s an idea- what if there was a job board that was:

  • Only cybersecurity
  • Where all the job descriptions were solid, well written, and consistently formatted
  • Classified according to seniority/ NIST-NICE framework/ security domain
  • Super easy to see and filter on things that matter like remote/ hybrid, comp, and company glassdoor rating
  • Wasn’t pay to play, so you’d have broad visibility

I’d say that sounds like a great idea. Maybe we will have to do something about that 😉

Brad Rager
CEO

Our latest insights

expore blog
For Candidates
For candidates
For hiring managers
Cultivating opportunities
How to build optionality in your security career
Careers
Promotions
Options
For Candidates
For candidates
For hiring managers
Doing your diligence- CISO edition
How to understand whether a CISO gig is right for you
CISO
Diligence
Interviewing
For Candidates
For candidates
For hiring managers
You are the interviewer- how to do your diligence on a company
Time to turn the tables
Interviews
Questions
Due diligence
Finding the right employer
For Candidates
For candidates
For hiring managers
Cultivating opportunities
How to build optionality in your security career
Careers
Promotions
Options
For Candidates
For candidates
For hiring managers
Doing your diligence- CISO edition
How to understand whether a CISO gig is right for you
CISO
Diligence
Interviewing
For Candidates
For candidates
For hiring managers
You are the interviewer- how to do your diligence on a company
Time to turn the tables
Interviews
Questions
Due diligence
Finding the right employer
JobsFor CandidatesAboutContact uslog insign upHire talentpost a job
For EmployersCybersecurity sales recruitingContract/ fractional technical staffingTechnical practitioner recruitingExecutive recruiting
Insights & resourcesBlogPartnersCybersecurity conference calendar
E-mail:
info@crux.so
Phone:
312-330-0788
Social media:
© Copyright 2024 Crux Talent, Inc. All rights reserved.
Privacy PolicyTerms and Conditions