In fast-moving industries like cyber, “years of experience” has long been treated as a proxy for competence. It’s familiar, measurable, and easy to defend in hiring decisions.

But as technology cycles shorten and roles evolve faster than ever, many organisations are starting to ask a difficult question:

Are we using experience as a meaningful indicator of effectiveness, or as a safety blanket?

The answer, unsurprisingly, isn’t binary.

Why Experience Became the Default Signal

There are good reasons experience has held so much weight for so long.

Experience can indicate:

• Exposure to complex, real-world problems
• Pattern recognition developed over time
• The ability to stay calm under pressure
• Context that helps avoid repeating past mistakes

In regulated or high-risk environments, this matters. A seasoned professional who has lived through incidents, audits, failures, and recoveries often brings judgement that can’t be taught quickly.

In fact, multiple studies show that domain-specific experience improves decision quality in stable or slow-changing environments, where the rules don’t shift dramatically year to year.

So the issue isn’t that experience has no value, it’s that we often stop our assessment there.

When Experience Stops Being a Reliable Proxy

The challenge emerges in fast-moving industries - cybersecurity, cloud, AI, digital transformation - where what mattered five years ago may no longer be relevant today.

A common hiring story looks like this:

1. A role is scoped for “10+ years’ experience.”
2. The successful candidate has deep knowledge of legacy systems, established processes, and tools that once dominated the market.
3. Within months, the team realises the biggest gaps are in newer platforms, automation, or threat models the hire has barely touched.

Meanwhile, candidates with fewer years, but more recent, hands-on exposure, were filtered out early.

This isn’t uncommon. According to research on skills half-life, technical skills now have an average half-life of 2–5 years. In some digital roles, it’s closer to 18–24 months!

So while experience accumulates linearly, relevance decays exponentially.

The Other Side: When “Potential” Is Overestimated

That said, swinging entirely in the opposite direction creates its own problems.

Many organisations have experimented with hiring primarily for “potential,” adaptability, or learning agility, and discovered real risks:

• Less experienced hires may struggle with stakeholder management
• They may underestimate organisational complexity
• They may lack the scars that inform good judgement under pressure

There’s also evidence that learning agility predicts growth, not immediate effectiveness. In roles where failure is costly, the runway to learn may be too short.

In other words:

• High potential doesn’t guarantee high performance
• Speed of learning doesn’t replace depth of understanding
• This is where simplistic narratives break down.

What Actually Predicts Effectiveness

When you look beyond CVs and job titles, a clearer picture emerges. The strongest performers (regardless of tenure) tend to share a combination of traits:

• Relevant, recent experience. Not just years, but recency and applicability to today’s environment.
• Demonstrated impact. Clear examples of outcomes achieved, not just responsibilities held.
• Learning behaviour. Evidence of continuous skill renewal, such as courses, certifications, self-driven projects, or role evolution.
• Judgement under uncertainty. The ability to make sound decisions when information is incomplete.
• Adaptability with context. Knowing when to challenge established approaches and when not to.

Years of experience can support these traits. But they don’t guarantee them.

Why Hiring Processes Struggle to Reflect This

Most hiring frameworks still rely heavily on years of experience as a screening filter, tool-based checklists and linear career expectations.

This is partly structural. Experience is easy to measure, easy to justify and easy to explain to stakeholders.

Assessing judgement, adaptability, or learning behaviour requires more effort, better interviewing, and more confidence in decision-making.

As a result, many organisations default to the safer-looking option, even when it’s misaligned with the actual needs of the role.

A More Balanced Way Forward

Rather than debating experience vs potential, a more effective approach is to separate experience from effectiveness entirely.

Some practical shifts that help:

1. Reframe role requirements by replacing “X years of experience” with the problems the person will need to solve, the environments they’ll operate in and the decisions they’ll be accountable for.
2. Assess impact rather than tenure by asking questions like: What changed because you were there? What did you improve, fix, or scale? What would you do differently now?
3. Weight recency and relevance. Ten years of experience isn’t equal if five of those years haven’t involved current tools, threats, or platforms
4. Build mixed-experience teams! The strongest teams often combine deep experience and institutional knowledge with fresh perspectives and emerging skillsets, which reduces risk while increasing adaptability.

The Real Question We Should Be Asking

The most useful question isn’t:

“How many years of experience does this person have?”

It’s:

“Is this experience still working for the world we’re in now?”

Experience matters. So does adaptability. So does judgement, curiosity, and relevance.

Effectiveness lives at the intersection of all three.