Wednesday, June 24, 2009

Hiring: Why Some Security Jobs Go Unfilled

Purple Elephants With Wings
Have you seen one fly by recently?
Recently a CISO asked me if the 3-5 month timelines he was running into connected to CISO job searches he was interviewing for was normal. I wrote about that discussion last week.

I’ve been thinking about why it takes so long for some positions to be filled. I’ve read blogs and news threads where security job seekers were ranting and raving about how they’ve been treated by hiring authorities. Some of the suggestions I’ve read have been quite a stretch but some have been worthy of further thought.

I started thinking about why some jobs are open for so long or go unfilled entirely. A number of different reasons came to my mind.

A company recently sent a Security Analyst / Security Engineer job description to me for my review. They’ve had the job posted to major job boards for months but can’t seem to find the right person. As I studied the description, I quickly recognized that they were looking for at least two and possibly three different skill sets that typically don’t fit together in one person’s resume.

I pondered why they would create such a difficult expectation that essentially set them up to fail in their quest to find the right security job candidate. Could the CISO be in search of pain and torment? I doubt it. What I think is going on in this company and companies across the nation is a significant squeezing of the belt. CISOs are pressured to deliver more results with less resources. Security professionals have to wear more hats than ever before and they have to be great at nearly everything they do in order to capture the most appealing jobs.

The good news for security professionals is that there are jobs out there to be filled. Acquiring one of the currently open positions in the security space may be more difficult to accomplish than you realize. Over the past couple of years, I’ve seen numerous job descriptions that when carefully reviewed, represent two, three, four and even five or six different skill sets. I’ve filled a few of these jobs but have walked away from others.
Yes, you read correctly. I’ve walked away from potential new business in the middle of a recession. Taking on jobs that can’t be filled for one reason or another isn’t good business. Everybody involved in such a search ends up being frustrated with everybody else connected to the search. This is not a good situation for a recruiter or for their client company.

I call these searches my purple elephant with wings, gills and an oxygen tank searches. Companies don’t just want an elephant. They want an elusive purple elephant. Then, they want this purple elephant to spread their wings to fly and to be able to stay under water for extended periods of time. Sounds like a vehicle James Bond would have had at his disposal back in the 1970s era James Bond movies.

Before taking on a search, one of the exercises I walk through with my clients is that of making sure their expectations are in line with a delivery we can actually make. Recruiters don’t create candidates, we find those who already exist. If the person a company wants to hire doesn’t exist or doesn’t exist very often, I may be staring at a search that is set up to fail.

I can’t change the fact that security professionals in 2009 have to be highly skilled in many different areas of security and risk management to get the great jobs. What I can do though is to help my clients understand when they’ve sometimes set the bar of expectation too high.
Jeff Snyder,, Security Job Executive Recruiter, Security Executive Search, Infosec Job Recruiter's Security Recruiter Blog