Crowdsourced Cybersecurity Job Market Analysis

Augmented with AI from the open-source Fabric project

Author

Steve McMichael
April 25, 2024

Do you think you’re not technical enough to use AI beyond Chat GPT, because you don’t have Command Line Interface experience?

Or maybe you’ve heard competing views lately that cybersecurity has both a skills shortage and a skills surplus?

Two new resources to help solve those problems are:

  • A Graphical User Interface (GUI) capability for Fabric, that I’m excited to finally get to try out since first hearing of this concept in January

  • A r/cybersecurity question I asked recently that led to some great discussion and insights

GitHub - danielmiessler/fabric

fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere. - ...

github.com/danielmiessler/fabric

Should Aspiring Cybersecurity Professionals Join the Industry Right Now?

www.reddit.com/r/cybersecurity/comments/1cb1f3x/should_aspiring_cybersecurity_professionals_join

Below is a demo of applying fabric patterns (prompts) to the Reddit discussion, both from the new GUI and from the terminal. I’m impressed with the output!

Table of Contents

Updating Fabric for the GUI Capability

To update my fabric client for the new GUI capability, it only required two simple commands: 

#Update Patterns
fabric -u

#Install Node.js on my Mac Mini
brew install node

I could then quickly try out the create_aphorisms pattern:

Patterns (Prompts) to Apply To the Subreddit

Pattern

Identity and Purpose

create_micro_summary

You are an expert content summarizer. Output a 20 word sentence.

create_summary

You are an expert content summarizer. Output a micro_summary + 10-15 main points and the 5 best takeaways.

extract_insights

You extract surprising, powerful, and interesting insights from text content. You are interested in insights related to the purpose and meaning of life, human flourishing, the role of technology in the future of humanity, artificial intelligence and its affect on humans, memes, learning, reading, books, continuous improvement, and similar topics.

analyze_claims

You are an objectively minded and centrist-oriented analyzer of truth claims and arguments.

You specialize in analyzing and rating the truth claims made in the input provided and providing both evidence in support of those claims, as well as counter-arguments and counter-evidence that are relevant to those claims.

create_better_frame

You are an expert at finding better, positive mental frames for seeing the world as described in the “Framing is Everything” essay by Daniel Miessler.

analyze_presentation

You are an expert in reviewing and critiquing presentations.

You are able to discern the primary message of the presentation but also the underlying psychology of the speaker based on the content.

find_logical_fallacies

You are an expert on all the different types of fallacies that are often used in argument and identifying them in input.

find_hidden_message

You are an expert in political propaganda, analysis of hidden messages in conversations and essays, population control through speech and writing, and political narrative creation.

You consume input and cynically evaluate what's being said to find the overt vs. hidden political messages.

Command Line Interface (CLI) Approach

In VSCode, create a terminal per pattern to run, then individually enter these commands into each terminal as an input. 

pbpaste | fabric -p create_micro_summary -s
pbpaste | fabric -p create_summary -s
pbpaste | fabric -p extract_insights -s
pbpaste | fabric -p analyze_claims -s
pbpaste | fabric -p create_better_frame -s
pbpaste | fabric -p analyze_presentation -s
pbpaste | fabric -p find_logical_fallacies -s
pbpaste | fabric -p find_hidden_message -s

GUI Approach

Use the drop down lists to pick a pattern and LLM, paste in your input and click Submit.

Results: Fabric Prompt Analysis of Cybersecurity Job Market Discussion

create_micro_summary

➜ ~ pbpaste | fabric -p create_micro_summary -s

Here is a summary of the key points from the discussion on whether aspiring cybersecurity professionals should join the industry now:

ONE SENTENCE SUMMARY:

The best time to start a cybersecurity career is as soon as you are able, despite current job market conditions.

MAIN POINTS:

  • Cybersecurity is not an entry-level field; IT experience is usually a prerequisite

  • The industry has advanced, making some security roles more accessible to newcomers

  • Gaining relevant IT experience first can make transitioning into a cybersecurity role easier

TAKEAWAYS:

  • Don't let current job market deter you from pursuing cybersecurity if it's your passion

  • Consider starting in IT/sysadmin roles to gain foundational skills and experience

  • Focus on developing the right skills and finding the right company to break in

create_summary

➜ ~ pbpaste | fabric -p create_summary -s

Here is a summary of the key points from the discussion on whether aspiring cybersecurity professionals should join the industry now:

ONE SENTENCE SUMMARY:

The consensus is that if you're passionate about cybersecurity, start gaining relevant skills and experience now to capitalize on future industry growth.

MAIN POINTS:

  1. Cybersecurity is not typically an entry-level field; IT experience is usually a prerequisite.

  2. The industry has advanced with more tools, training, and non-technical roles available compared to the past.

  3. SOC analyst is considered an entry-level security role but requires foundational IT and security knowledge.

  4. One recommended path is starting in IT/software engineering and transitioning into a security specialization later.

  5. The job market is competitive, especially for remote roles, so candidates need to stand out.

  6. Undergraduate cybersecurity degrees alone are insufficient; experience and skills matter more.

  7. Gaining security experience, even in an IT generalist role, is valuable for future opportunities.

  8. Salaries for experienced security engineers can be very high, especially in tech companies.

  9. Managers are having difficulty filling open security positions due to a lack of qualified candidates.

  10. If you're passionate about the field, start building relevant skills now and be open to related IT roles.

TAKEAWAYS:

  1. Don't wait for the "perfect time" to enter cybersecurity - start gaining experience now if it's your goal.

  2. Build a strong IT foundation first before specializing in security.

  3. Seek out security-related tasks and learning in any IT role to prepare for future opportunities.

  4. Supplement education with practical skills, certifications, and networking to stand out in the job market.

  5. Be open to entry-level IT and security roles to get your foot in the door and gain valuable experience.

extract_insights

➜ ~ pbpaste | fabric -p extract_insights -s

Here are the key insights extracted from the discussion, each in 15 words:

  1. Get into cybersecurity as soon as you can to gain experience for future growth.

  2. IT experience is valuable preparation for cybersecurity roles, even if not explicitly security-focused.

  3. Cybersecurity is not typically an entry-level field, but some roles are accessible to new grads.

  4. Cybersecurity has advanced with more tools, training and non-technical roles compared to the past.

  5. SOC analyst is an entry-level security role but benefits from prior IT/sysadmin experience.

  6. Finding your niche and interests within the broad cybersecurity field is key for success.

  7. Transitioning from software engineering or IT/cloud into security can lead to higher-level roles.

  8. Security engineer salaries are debated but can be very high, especially at tech companies.

  9. The cybersecurity job market is hard but not oversaturated; openings exist for qualified candidates.

  10. Pursue cybersecurity if it's your passion, but have realistic expectations about entry-level roles.

analyze_claims

➜ ~ pbpaste | fabric -p analyze_claims -s

Here is my analysis of the arguments and claims made in the discussion:

ARGUMENT SUMMARY:

The main argument is whether now is a good time to enter the cybersecurity industry given conflicting advice about job prospects.

TRUTH CLAIMS:

CLAIM 1:

CLAIM: The cybersecurity job market is currently saturated with not enough entry-level positions.

CLAIM SUPPORT EVIDENCE:

  • Some experienced professionals are advising against entering the field now due to market saturation. [Anecdotal evidence]

CLAIM REFUTATION EVIDENCE:

  • Bureau of Labor Statistics projects 32% growth for information security analysts over the next decade, 10x more than average. [1]

  • Increasing technology dependence, complexity, flaws and threats are driving demand for cybersecurity professionals. [2]

LOGICAL FALLACIES:

  • Hasty generalization - Extrapolating anecdotal advice to the entire job market.

  • Appeal to authority - Relying on the opinion of "experienced professionals" without data.

CLAIM RATING:

D (Low) - The data contradicts the anecdotal claim of a saturated job market.

LABELS:

anecdotal, speculative, contradicted by data

CLAIM 2:

CLAIM: IT experience is a prerequisite for cybersecurity roles, they are not entry-level.

CLAIM SUPPORT EVIDENCE:

  • Many commenters state IT/sysadmin experience is needed before moving into security.

  • Understanding the systems you are securing is important to be effective.

CLAIM REFUTATION EVIDENCE:

  • Some argue entry-level security roles do exist now as the field has matured.

  • A few people shared anecdotes of being hired in security without prior IT experience.

LOGICAL FALLACIES:

  • No true Scotsman - Dismissing entry-level security jobs as not "real" cybersecurity.

CLAIM RATING:

C (Medium) - IT experience is very valuable but some entry-level opportunities exist.

LABELS:

gatekeeping, mostly true, some exceptions

CLAIM 3:

CLAIM: The best way into cybersecurity is to start in IT/software engineering and transition later.

CLAIM SUPPORT EVIDENCE:

  • Having in-depth technical skills makes you more valuable to security teams.

  • Transitioning from within IT is a common path into security for many.

CLAIM REFUTATION EVIDENCE:

  • Direct entry into security is possible, especially in large organizations, with the right skills/credentials.

LOGICAL FALLACIES:

None

CLAIM RATING:

B (High) - This is a tried and true path for many, but not the only viable one.

LABELS:

common wisdom, viable strategy

OVERALL SCORE:

LOWEST CLAIM SCORE: D

HIGHEST CLAIM SCORE: B

AVERAGE CLAIM SCORE: C

OVERALL ANALYSIS:

The arguments present a nuanced picture - while the cybersecurity job market is growing rapidly, entry-level roles are more limited. Transitioning from IT/engineering is a smart path, but entry-level opportunities do exist for qualified candidates. Ultimately, the advice to pursue cybersecurity now if it's your passion, while being flexible and strategic, seems most prudent. Build relevant skills and experience however you can.

create_better_frame

➜ ~ pbpaste | fabric -p create_better_frame -s

Here are some potential negative and positive frames I found in the discussion:

NEGATIVE FRAMES:

  1. The cybersecurity job market is saturated and there aren't enough entry-level positions.

  2. Cybersecurity is not an entry-level field and requires significant IT experience first.

  3. Undergraduate cybersecurity degrees are basically a scam at this point.

POSITIVE FRAMES:

  1. If you want to be in cybersecurity, get into it as soon as you are able.

  2. The experience you gain now will position you well for future growth in the field.

  3. There are now 100% entry-level security roles and non-technical cybersecurity roles available.

  4. If cybersecurity is your passion, it's worth pursuing even if the job market is challenging.

  5. Any tech experience, even help desk, can be a stepping stone into a cybersecurity career.

analyze_presentation

➜ ~ pbpaste | fabric -p analyze_presentation -s

Here is my analysis of the presentation:

IDEAS:

7/10 - The discussion focused mostly on the key question of whether now is a good time to enter cybersecurity.

Instances:

  • Presents conflicting advice on whether now is a good time to enter cybersecurity

  • Cites BLS projections of 32% growth for information security analyst jobs over next decade

  • Discusses factors driving growth like increasing tech dependence, complexity, flaws and threats

  • Commenters debate if cybersecurity has true entry-level roles or requires prior IT experience

  • Some argue any IT experience is relevant to security and a good stepping stone

  • Advice given to develop skills now to capitalize when market improves in future

SELFLESSNESS:

8/10 - The focus was squarely on the topic and advice for aspiring professionals, not the original poster.

Instances:

  • No significant self-references by the original poster found in the text

ENTERTAINMENT:

2/10 - The discussion was direct and serious in tone without attempts at humor or entertainment.

Instances:

  • No clear jokes, memes or entertaining elements found in the text

ANALYSIS:

8/10 overall considering the strong focus on ideas and advice over entertainment or self-promotion.

IDEAS [-------7------]

SELFLESSNESS [--------8-----]

ENTERTAINMENT [-2------------]

CONCLUSION:

The discussion provided balanced perspectives on entering cybersecurity now, focusing on building relevant skills to capitalize when the market improves, without self-indulgent tangents. The serious tone matched the career advice topic.

find_logical_fallacies

➜ ~ pbpaste | fabric -p find_logical_fallacies -s

Here are the fallacies I found in the text:

FALLACIES:

  1. Appeal to Authority: Relevance Fallacy — Citing BLS projections as proof without further evidence.

  2. Hasty Generalization: Faulty Generalization — Generalizing from anecdotal experiences of some professionals.

  3. False Dilemma: Relevance Fallacy — Presenting only two options of joining now or not.

  4. Argument from Incredulity: Relevance Fallacy — Dismissing undergraduate cybersecurity degrees as scams.

  5. Anecdotal Fallacy: Faulty Generalization — Using personal anecdotes to argue entry-level jobs exist.

  6. Survivorship Bias: Faulty Generalization — Focusing on exceptions who got hired out of college.

  7. Hasty Generalization: Faulty Generalization — Generalizing difficulty of breaking in from some experiences.

  8. Appeal to Tradition: Relevance Fallacy — Implying how seniors started determines industry today.

The text contains a mix of anecdotal experiences, hasty generalizations, and some fallacious reasoning in debating whether now is a good time to enter the cybersecurity field. More data and a balanced analysis of the current job market would be needed to properly evaluate the central question posed.

find_hidden_message

➜ ~ pbpaste | fabric -p find_hidden_message -s

Here is my analysis of the underlying political messages in this discussion:

OVERT MESSAGE

  • Cybersecurity is a fast-growing field with strong job prospects

  • There are conflicting opinions on if now is a good time to enter cybersecurity

  • Some say the market is saturated, others point to strong projected growth

  • Experience and skills matter more than timing the market perfectly

  • IT experience provides a good foundation to move into cybersecurity roles

HIDDEN MESSAGE

  • Cybersecurity bootcamps are selling false dreams to make money

  • Entry-level cybersecurity jobs barely exist, you need IT experience first

  • Companies gatekeep cybersecurity roles and have unrealistic expectations

  • The industry has advanced but hiring practices haven't caught up

  • Cybersecurity has become overhyped, leading to inflated expectations

SUPPORTING ARGUMENTS and QUOTES

  • "Too many Bootcamps selling the dream and buzzword of Cybersecurity" suggests bootcamps are misleading people to profit

  • "I never see entry level roles offered" and "It's a notoriously difficult industry to break into" imply a lack of true entry-level opportunities

  • "They deny an experienced IT professional a job because he/she doesn't already know the company's security stack" points to unrealistic hiring expectations

  • "The world has moved on" from needing deep technical skills but hiring hasn't adapted

  • Warnings against expecting to "make 6 figures and work from home 1st job" hint the field has become overhyped

DESIRED AUDIENCE ACTION

  • Be very skeptical of cybersecurity bootcamp marketing promises

  • Don't expect to land a cybersecurity job right out of school

  • Gain foundational IT experience before specializing in cybersecurity

  • Recognize you'll need to work your way up, cybersecurity isn't an entry-level field

  • Have realistic expectations about the cybersecurity job market and career path

CYNICAL ANALYSIS

The cybersecurity industry wants you to believe it is a lucrative, fast-growing field open to ambitious newcomers, but it's actually an insular, gatekept domain that wants you to pay for training but then gain years of IT experience before being deemed worthy of an entry-level security role.

MORE BALANCED ANALYSIS

While the cybersecurity industry is definitely pushing for people to gain foundational IT skills and experience before specializing in security roles, it does make valid points about the importance of understanding the systems you're trying to secure.

FAVORABLE ANALYSIS

While the cybersecurity industry is definitely guilty of some degree of gatekeeping and unrealistic expectations for entry-level roles, it does make valid points about the need for hands-on IT experience as a foundation for a successful security career. The projected growth and importance of the field are very real.

NOTE: This AI is tuned specifically to be cynical and politically-minded. Don't believe everything it says. Run it multiple times and/or consume the original input to form your own opinion.