top of page
Search

You're Not Failing the Test


We tell the next generation of cyber and IT talent two things that cancel each other out.


One: the field is desperate for you, there's a shortage, come on in.


Two: apply to forty jobs and maybe one calls back.


If the demand were real the way we describe it, you wouldn't need to play a slot machine and pray. A new Stanford-led study just explained why the slot machine doesn't pay out and it lines up exactly with the gut feeling so many of you have.


The setup: Over 90% of U.S. employers now screen applicants with hiring algorithms, and most buy from the same handful of vendors. The study looked at 3.4 million applicants and 4 million applications all scored by one vendor. They call it an algorithmic monoculture.


Why that matters: When the same algorithm guards the door at employer after employer, a "no" here predicts a "no" everywhere. You don't get rejected once. You get rejected simultaneously, for the same invisible reason. They call it systemic rejection and if the algorithm says no, you're usually rejected before a human ever sees you.

The credit-score parallel you already sensed: Applying to a second job isn't a fresh roll of the dice, the same way applying for a second credit card isn't. Same data, same model, same verdict, new logo. The model isn't reading your potential; it's reading your pattern, matched against who got hired before. Which means it quietly inherits every old bias. The study proved it: ~26% of Black applicants' applications and ~15% of Asian applicants' were funneled into roles that disadvantaged them under U.S. employment law. The bias only showed up when they audited role by role, in aggregate it vanished into the noise. (Sound familiar? It's a breach hiding in the logs until someone segments them.)


So why "apply to forty"? Because it's coping, not strategy. If every application were an independent coin flip, you'd need ~10 to be nearly sure of one yes. But they're not independent, so under realistic conditions that number jumps to 25, and 10% of people who applied to four roles got shut out everywhere.


That's your spaghetti metaphor, but darker: you're not throwing forty noodles at forty walls. You're throwing them at the same wall, over and over. It already decided.


And cyber has it worse. We preach the pipeline, lower the rope, shout climb, then attach the rope to a model trained on who got hired a decade ago. Career-changers, the self-taught, the cyber pivots? Structurally the least likely to match the pattern. We built a funnel and installed a turnstile, then called it a shortage.


What actually works:


  • Bypass the turnstile. One referral or warm intro beats fifty cold applications, because it breaks the correlation. Spend your energy where the deck isn't stacked. Go out and meet people, volunteer, go to conferences and hit those networking events!

  • Build proof outside the funnel a lab writeup, a tool, a talk, a community. Things a human can evaluate the second you get in front of them.

  • If you hire: audit role by role, not in aggregate. Ask your vendor for adverse-impact numbers at the position level and watch them stall.


You're not failing the test. The test is failing you, quietly, at scale, behind glass none of us are allowed to look through.


Now that you can see the current, stop fighting it. Swim around it. 🌊


— Siren of the Cyber Sea

Recent Posts

See All
The Spaces We Will Fill

I had a conversation with a friend and mentee of mine regarding being in male dominated fields and reflecting on it. Yes, I am sure a lot of people are tired of hearing male dominated field this, male

 
 
 

Comments

bottom of page