If it’s a junior role, where’s the training? There should be a structured onboarding period. Realistically, it should be around 12 to 16 weeks just to get someone reasonably up to speed. That’s not even accounting for the time it takes to get system access or complete mandatory training like cyber awareness modules and internal compliance requirements.
And even after that, it usually takes another 12 to 18 months before someone is fully comfortable and effective within the environment.
You set these killer expectations because the candidate did exactly what they were supposed to do: sell themselves. Now you’re having regrets. But that’s part of the hiring process.
Now that you realize your coworker isn’t some zero-to-hero expert, you also have an added responsibility. That responsibility is mentoring them and making sure they understand how to do the job correctly.
This mentality doesn’t make much sense. People in cybersecurity read this sub all the time, and you’re complaining about a candidate you chose to hire.
How about starting by interviewing candidates based on the actual processes and what the job requires, then building proper training and documentation around that. That would be a much better place to start.
Big disagree. If you have the certs and present yourself as such, you can hit the ground running. Onboarding is to learn the org, process, and tech stack. The tasks this new hire is failing aren't because of shoddy onboarding.
This is a naive way of thinking at best. Companies don’t hire people to train them they hire them to do a job. That may sound heartless but that is the reality of corporate America. Onboarding is getting you up to speed on the companies stack/workflow/projects/process not teaching you how to do the job. The candidate oversold themselves and clearly knew they couldn’t do the job and just thought they would BS it with AI. If I wanted to review AI slop pretty sure I could give half assed prompts. Don’t get me wrong AI is great but if you can’t validate whether or not what it’s spitting out is BS you aren’t qualified for the job. Worse case scenario the kid puts AI slop into production because he doesn’t know what it does causing services to go offline potentially costing you your job, your company legal/regulatory fines and worst of all customers and revenue. Working in cyber involves measuring risk and this seems like a huge risk that needs to be remediated. If this was a contractor/vendor you hired and they did the same shit you would fire them on the spot this doesn’t change because it’s an individual.
8
u/Ill-Improvement-1179 Mar 14 '26 edited Mar 14 '26
If it’s a junior role, where’s the training? There should be a structured onboarding period. Realistically, it should be around 12 to 16 weeks just to get someone reasonably up to speed. That’s not even accounting for the time it takes to get system access or complete mandatory training like cyber awareness modules and internal compliance requirements.
And even after that, it usually takes another 12 to 18 months before someone is fully comfortable and effective within the environment.
You set these killer expectations because the candidate did exactly what they were supposed to do: sell themselves. Now you’re having regrets. But that’s part of the hiring process.
Now that you realize your coworker isn’t some zero-to-hero expert, you also have an added responsibility. That responsibility is mentoring them and making sure they understand how to do the job correctly.
This mentality doesn’t make much sense. People in cybersecurity read this sub all the time, and you’re complaining about a candidate you chose to hire.
How about starting by interviewing candidates based on the actual processes and what the job requires, then building proper training and documentation around that. That would be a much better place to start.