Why Hasn’t He Been Hired Yet? A Wake-Up Call for Cybersecurity Hiring
- Scott Crabb
- Jul 18
- 2 min read
I have a friend who’s spent 30 years in cybersecurity. He’s authored foundational architecture documentation that many in the industry rely on. He’s got over 10,000 followers on LinkedIn. He’s a seasoned U.S. Navy veteran who has led, secured, and advised under pressure. He’s sharp, relevant, and still deeply engaged with the latest security threats, technologies, and frameworks.
And yet… he’s not getting hired.
At a time when companies are struggling to fill cybersecurity roles, with headlines screaming about a massive cyber talent shortage, it’s baffling. How can someone with this kind of pedigree, character, and practical insight still be sitting on the sidelines?
It begs the question: Are we doing something wrong in how we evaluate and hire cybersecurity talent?
The Myth of the “Unicorn” Cyber Hire
Most job postings today look like a greatest-hits compilation of buzzwords and certifications:
CISSP, CEH, OSCP, and at least one cloud cert
Must understand zero trust, DevSecOps, AI in security, purple teaming, and SASE
Experience with 15 tools, 6 frameworks, and everything from endpoint to boardroom strategy
In trying to find the “perfect” candidate, are we chasing a unicorn that doesn’t exist — and overlooking real-world experts who can actually deliver value from day one?
Experience vs. Trendiness
One reason pros like my friend may be passed over is that their resumes don't scream today’s latest acronyms, even though their expertise laid the groundwork for many of them. Some employers may assume he's "too senior," "too strategic," or “not technical anymore.”
But cybersecurity is not just a technical exercise. It's about judgment, risk awareness, and the ability to lead in the face of uncertainty. It’s about knowing how to build security that’s usable, not just compliant. And that kind of wisdom doesn’t come from a two-year sprint. It comes from a career of showing up, adapting, and protecting mission-critical systems — often in high-stakes environments.
Resumes Aren’t Reality
Hiring processes favor what’s easy to quantify: certs, keywords, and ATS-friendly formatting. But cybersecurity leadership, architecture, and resilience aren’t easily distilled into bullet points.
My friend isn’t flashy. He’s not chasing headlines. He’s the one in the room who quietly sees what others miss — and then builds something solid that works.
To Hiring Managers and CISOs: Rethink Your Filters
If you're hiring right now, ask yourself:
Are we evaluating candidates on what truly matters — or what just looks impressive on paper?
Are we filtering out the exact experience we claim to be looking for?
Do we know what problems we're really hiring someone to solve?
The Talent Is Right in Front of Us
This isn’t just about one person. It’s about a growing gap between who can help, and who’s getting hired.
If someone with 30 years in the field, real operational insight, a Navy background, and peer respect across the cybersecurity community isn’t getting calls back — maybe we’re screening for the wrong things.
Want a Quiet Rock Star on Your Team?
If you're looking for someone who brings depth, clarity, leadership, and integrity to cybersecurity — someone who’s done it, not just talked about it — message me directly.
He’s ready. And your organization could be stronger for it.
Thank you so much for sharing me Scott!
You have been a dear friend, colleague and a genuine role model to, and for, me.
What you speak is truth, there is not a REAL skills shortage, but more of a finders shortage. This finders shortage comes from so many angles like copy/paste other JDs, hiring someone as low on the payscale as possible and hopefully getting the biggest bang for the buck.
Fact is, seasoned cybersecurity practitioners like you and I - we can see what is coming. We see this because the attacks are cyclical - ie, the Nigerian Prince Scam fell the days of the FAX machine.... it's now called Pig Buthering, same concept: give me x amount…