Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation.
But that doesn’t mean newcomers are free from responsibility in their career journey. If you’re early in your cybersecurity career (or trying to break in), you have a role to play too.
I am a terminally online millennial on social media, cybersecurity careers subreddits, Discord chats, Slacks – and I see some interesting vague and demanding requests from people who want to enter cybersecurity.
The Reality of the 2025 Job Market
Let’s be blunt: the cybersecurity junior job market in 2025 is the worst I’ve ever seen.
- The broader IT market is in rough shape.
- Layoffs are widespread, so employers are pickier and preferring people with experience.
- Training programs and universities are still selling the “skills shortage” myth.
- Automated ATS filters collide with automated AI applications from job hunters, creating noise and delays.
- To make matters even worse, a huge surplus of graduates in identical cybersecurity-related programs just hit the market at the same time.
This means newcomers (and even experienced and well-credentialed professionals) are struggling to find jobs. A lot of very qualified people have been unemployed for a year or more. For juniors, the situation is even tougher. This has become an incredibly competitive field to work in.
Why This Matters for Mentorship
When this horrible ice bath of reality hits, many juniors turn to mentors for help. Unfortunately, there aren’t nearly enough willing senior mentors to go around. My own office hours are booked months in advance.
Too often, the requests I see on forums read something like:
- “Help me get a cybersecurity job! I have no degree, Security+, and some TryHackMe experience.”
- “I need a mentor to write me a training plan and build me labs to get a job!”
- “I just finished a two-year bootcamp; how do I land a six-figure job within the next year?”
These kinds of approaches may have worked 15 years ago when cybersecurity was still a niche field and not a lot of people were interested in breaking in. Today, the baseline for just getting interviews globally typically looks like this:
- A 4-year plus Computer Science or Engineering degree, with less value given to Cybersecurity majors
- 2+ years working IT experience, such as Help Desk
- A reputable second-tier cybersecurity cert beyond Security+
- Plus extras like a home lab, CTF participation, or conference volunteering
I don’t like this crummy reality. I don’t want to be a “cyber is full” person. This market is woefully exclusionary, it hurts diversity, and it’s unsustainable. But it’s where we are. You are one person in a sea of very qualified candidates. We simply don’t have time to help every one who asks. Especially the ones who come unprepared.
Reasonable Expectations for Mentees
If you’re asking for mentorship (and you should be), here are a few tips to look promising to a potential mentor:
- Be specific. Define the challenge and project you need help with. “Getting a job in cybersecurity” is too vague. Think: “I am having trouble developing my Linux cli skills and the programs I have already tried have not worked for me. I think I want to work in security engineering, based on reading about niches – and that’s an important skill.”
- Ask the right mentor. Look for mentors whose background and role align with your goals, background, and personality. Don’t just spam influencers for help because they are higher profile or most senior.
- Do your homework. Understand the poor state of the cybersecurity jobs market, the specific roles you’re aiming for, and the general certifications and skills required for those roles in your region. There are endless blogs, talks, and podcasts that will answer these initial questions for you. Don’t expect mentors to be Google for you. Mentors are here to extrapolate information further and help you complete a project plan.
- Be open to hard truths. Sometimes the degree or certification you thought was gold… isn’t. Your resume might be genuinely bad for modern ATS. A mentor’s job is to tell you how the game is actually played, even though we don’t make or like it.
- Show commitment. Build and use a home lab, complete meaningful projects, or volunteer at conferences before asking. Be willing to talk about those and show what you’ve accomplished. Mentors need to see you’re serious and you can commit to achieving your goals. If you give up or get discouraged easily, you are not going to make it in a pool of 100-300 competing qualified candidates. This is a great conversation opener. A lot of potential mentors have become jaded and given up because they’ve expended so much time on people who quit.
- Recognize that cybersecurity isn’t an entry-level job and requires strong computer foundations. Most “junior” roles still require years of IT fundamentals and time at IT work. Mentors can help you chart that path earlier in your education, but you can’t skip it unless you are randomly extremely lucky.
- Respect their time. The few people offering mentorships typically work 50–70 hours a week in this climate, and likely do other community work. Ask for a reasonable cadence—maybe 30 minutes every few weeks. Maybe buy them a coffee. Say “thanks” sometimes. Work with them to establish a clear schedule.
- Always show up. No ghosting. Be on time whenever possible. Respect the time you’re being given. Your mentor is doing this for free when they’re tired and overworked.
The Bottom Line
Mentorship can be transformative to juniors’ career searches, but only if mentees come prepared, realistic, and respectful.
We need to keep building the pipeline of future cybersecurity professionals. But newcomers must meet mentors halfway.
Source: Lesley Carhart
Source Link: https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/