Is There Such Thing As An Unfillable Security Job?
Yes there is. Over the past couple of years and more specifically since the first bank failure in 2008, many security jobs have surfaced that realistically can’t be filled
When was the last time you ran into an information security professional who had expertise in SAP Security and Identity Management? Sure, there is someone out there who has this unique mix of difficult to find skill sets but can you imagine filling such a job for $75,000 in Southern California? Seriously, I received a call and a job description like this from a company in Southern California within the past 12 months.
Information Security Threats are not diminishing. However, companies are doing what they can to hire fewer people to protect their digital and intellectual property. They’re rolling the dice. When you see a job description that asks for so many skills that you find yourself thinking you’ve just read 3-5 job requirements, there is nothing wrong with your eyes. Employers today are regularly trying to get more for less when they hire.
Recently, a Security Architect professional called me and shared a story of his face-to-face visit to an employer to discuss a Security Architect position. On the East Coast,in a high cost of living location, this Security Architect is earning in the $150,000 range. In the city where he invested his time to fly to for an interview, the employer wanted him but wanted him for a salary of $85,000. I wasn’t involved in this recruiting process. This hire didn’t happen.
I’ve researched this employer and the position the security job candidate interviewed for. The security job is designed to consolidate the work of several security skilled professionals into one role and it is severely underpriced for the market where the company does business. Unless the hiring expectations change, the job will go unfilled or the employer will have to compromise significantly to get someone on board.
Sometimes, employers simply don’t know how to build security job descriptions. Sometimes they build a strong description but then they hang the wrong price tag on the description. I’m convinced that there are many times when a job description is created out of the ashes of 3+ older descriptions connected to 3+ people who are no longer with the company. What the employer is trying to do in this case is to get the job done through one person without paying for the skills of three people. Looks like a roll of the dice to me.
Whether current hiring trends are right or wrong isn’t my argument. What I’m sure of is that information security professionals today have to become well-rounded and deeply skilled if they’re going to have a chance of matching up to the expectations many employers are placing on the cyber security job candidates and technology risk management job candidates they choose to interview.
Don’t Forget Succession Planning When Recruiting
Apr 27
2010
Succession Planning Needs to be Part of Security Recruiting
I just finished reading “Leadership In The Era Of Economic Uncertainty”. It is a timely book written either at the tail end of 2008 or even in the first month or two of 2009.
The book covers a lot of ground but one particular subject that caught my attention was succession planning. The subject caused me to remember a comapny that hired a very talented CISO earlier in this decade. This CISO was more talented than anyone this company had ever hired to take care of information security, compliance and risk management.
The CISO delivered and over approximately four years, was promoted four times. So far, this is a great success story. Wait a minute, the story is about to change. The CISO was so successful that he was ultimately promoted to the CTO office.
Over four years, with a security staff exceeding 40 security professionals, this CISO never focused on bringing someone up behind him to step into his shoes. When the time came for his promotion to CTO to occur, the company had to go outside the organization to find a new CISO.
This lack of succession planning when doing security recruiting happens too frequently. What prompted me to write about succession planning was a mix of ideas.
- First, I read a good book that brought the subject back to the forefront of my mind.
- Second, I thought of a specific instance in which the lack of a sound succession plan generated personnel challenges that could have been avoided.
- Finally, a conversation I shared with a very bright Director of HR whom I’ve worked with for several years was largely wrapped around the idea of hiring with the future in mind.
The company’s Converged Chief Security Officer was hired in 2008. There is talk today of starting a new security recruiting search to identify a Security Architect to work under the CSO. The HR Director is smart enough to think not only about who we need to recruit to fill the void that exists today but he is also thinking about focusing our security recruiting on identifying and hiring hiring someone who could ultimately step into the shoes of the VP of Security should that person leave or should something happen to him.
This may seem like a simple story on the surface but the implications of getting it wrong are costly. What stands out to me is that employers rarely engage me in succession planning discussions. When a discussion of this nature occurs, it really stands out. When an employer is thinking of the future when they hire in the present, more often than not, they’ll hire based on cost and what they see on a security job candidates’s resume today rathe than focusing on what the candidate’s potential is for the future.
When hiring for the future in the present, employers have to consider whether or not today’s candidate has the raw materials to be groomed and mentored in such a way that they can step up to a bigger role within the organization in the future. When hiring is approached with this strategy in place, with the end in mind rather than just focusing on the here and now, better hires are made and this level of recruiting is strategically more fun for the security recruiter to tackle.
Winning a Global Director of Security Job
Apr 9
2010
Winning a Global Director of Security, Policies, Procedures and Compliance requires a well-executed interview strategy from start-to-finish.
A Chief Compliance officer whom the job reports to explained what separated the chosen candidate from the rest of the candidate pool. Here were the keys that enabled the chosen security job candidate to win the job.
Nailing an Interview…. how the top security job candidate won the job.
Asked great questions! Interviewers judge the interviewee by the quality of their questions during the interview I’ve been suggesting this to candidates for years as I prepare them for interviews. My Chief Compliance Officer client pointed out that the candidate who stood out from the rest of the interview group asked the most compelling, business focused questions.
Approached the interview discussion as if he were a member of the team. The interview process was that of a group interview. One candidate speaking to a group of six interviewers made for an uncomfortable situation for all candidates. The chosen candidate did a great job of capturing the group’s attention by engaging everyone in the group and asking questions of the team so they felt as if he were already collaborating with them just like he would be if he were on the job. In other words, he projected himself into the job and immediately treated those on the interview team as his teammates .
Knew when to say….”I don’t know but I’m willing to learn”. The chosen candidate knew his weaknesses and strengths and wasn’t afraid to admit when a topic wasn’t his area of expertise. Other candidates attempted to tackle issues that were not in their areas of expertise. More often than not, you’ll gain more respect from the interview team when you can articulate your strengths, admit your weaknesses and when you don’t stretch to make up answers where you don’t have expertise.
Answered questions directly. The chosen candidate did a great job of answering direct questions with direct answers. Other candidates were vague when they answered questions according to the Chief Compliance Officer. Every interview process you’ll encounter will be different from the last one in some way. The best you can do to prepare for an interview is to know yourself, know how to articulate your acomplishments, know what isn’t your expertise, ask great questions and be honest. The winning candidate in this situation did all of these things well. So well in fact that he was the only candidate of interst when all interviews had completed. Hopefully this real feedback that came to me directly from a hiring official can be helpful to you the next time you have the opportunity to interview for a new security job.
Keeping in touch
Mar 23
2010
Here’s a great article about staying in touch while “between engagements”.
It’s from “Forbes Woman”, which is another great resource for you ladies.
This idea is very worth internalizing, you can quickly be out of the loop.
Personal Development
Aug 23
2009
Personal development is, in the end, what it’s all about. Jim Rohn has said for years “Work harder on yourself than on your job”. Your worth, in the marketplace, depends on your ability to deliver value.
“OK,”, you say “what does that mean? What parts of me do I need to develop?”. Well, the short answer is “all of them”. However, that’s kind of daunting and also not very efficient. We’ve all heard, in church, “be more like Jesus”. That statement is the key – both in the literal sense and as a principle.
Let’s talk about the principle and leave the other for church – the principle is “Find someone who is successful, in your field, and work to be more like them”. This is called modeling – as in “model yourself after …”. An example, if your goal is to be successful in real-estate, you might study Donald Trump. If your field is finance, Steve Forbes.
So what’s the catch? Wellllll, there’s two parts to the above:
- Pick a model
- work to be like that model.
But, each of those two parts has some parts.
It looks like this:
- Pick a field
- Pick a model
- Work to be like the model
- Find information
- Get mentoring
Notice that “Pick a field” comes first – see Dreams and Goals and Plans – if you didn’t read those parts first.
Let’s assume that you’ve got a dream and a plan, Now you pick someone or some someones (it doesn’t have to be one) to model. “Right!” you say, “I just walk into Donald Trump’s office, and say ‘Don! Baby! Be my mentor’”. Well yes, in a sense.
Many, many of the true models in the world are accessible. They want to be accessible. Some, because they want to give back. Some, because they want to be idols. If motives matter to you, be sure you understand them. The access is generally free or cheap. There are some high-dollar coaching programs but you can start for the price of a library card or an internet connection.
There’s one thing to understand before beginning a search for a mentor / model – the most important attributes and skills are common to all fields and to understand and internalize the field-unique skills you must gain these common (actually very un-common) skills first. What are these skills?
They are “people skills” and personal integrity – see “Jesus” above. If you haven’t got these qualities, no amount of coaching or studying will make you successful.
There are some excellent resources for understanding your skills.
So, here’s two lists of resources – Personal Skills and Business Skills
0