EP105 Networking, Not Resumes: How People Actually Get Hired in Security

Chris Honda, Manager of Security, Risk, and Compliance at Plotly, shares his journey from software engineering into governance, risk, and compliance (GRC). • He argues the cybersecurity “talent gap” exists, but it is often misunderstood—many organizations struggle more with placing talent correctly than with a pure shortage of workers. • The industry faces a succession planning problem, with many senior leaders approaching retirement while fewer entry-level roles exist to develop the next generation. • Budget pressures and the perception of security as a cost center rather than a business enabler make companies hesitant to invest in training early-career professionals. • Chris explains why cybersecurity rarely works as a “true entry-level role,” emphasizing the need for foundational experience in areas like software engineering or system administration. • Many companies prefer hiring candidates who have already solved the problems they’re facing, prioritizing immediate impact over developing junior talent. • Overreliance on automation and AI can create risk if organizations assume machines can replace human judgment in security decisions. • The job market shows a mismatch: large numbers of applicants compete for limited roles, while specialized expertise in emerging areas remains scarce. • Chris encourages aspiring professionals to gain experience in adjacent roles—such as engineering, IT, sales, or customer success—and gradually transition into security. • Ultimately, networking and building genuine relationships remain one of the most effective ways to enter the cybersecurity field, bypassing automated hiring systems. You can find Chris on LinkedIn here:   / ichirohonda