David Nolan

Have either of you worked at a business where they accepted a ton of risk and they really rolled the dice?

Yes?

Quote, you aren't struggling to find entry-level candidates.

You're struggling to find the mid-level candidates that are willing to take entry-level pay.

End quote.

That's how one Redditor responded to a hiring manager's frustration about trying to fill stock analyst roles.

The manager claimed most candidates lacked business fundamentals, like no active directory knowledge, no cloud platform experience, no scripting abilities.

The two hires who worked out had gone beyond their degrees.

They did capture-the-flag participation, GitHub projects, self-driven learning.

But if someone graduates with a cybersecurity degree and a SEC plus...

What do they need to demonstrate to be, quote, SOC ready?

Is it hands-on and active directory management or building a home lab with detection tools contributing to open source security projects?

I mean, David, I'll start with you.

When you're hiring for a junior SOC analyst, what's the minimum viable skill set that proves someone can operate like just on day one and come in?

And whose job is it to build that bridge between graduation and being ready to enter the SOC?

Because, I mean, I would just say I run the San Diego Cyber Group, and there are a ton of young people who've got tons of education.

They're eager, eager for that first SOC job.

What's your advice?

That's great tip.

What would you add to that, Andy?