Tuesday, July 21, 2009

Conversation: With a CIO regarding his Security Staffing

Security Professionals are Required to Wear More Hats

A conversation found its way to me yesterday afternoon. As the story goes, the person telling the story is a long-time recruiting partner who shared a conversation with a CIO client of his yesterday morning. The CISO was explaining his company’s need to cut back on staffing levels. They had just lost a significant piece of business with one of their major customers.
This isn't the news any recruiter wants to hear from their client but it is the reality of the job market we're in today.
As they looked at staffing levels in each department, someone came up with the idea that this CIO's company could live with one less information security professional. As of now, they have one security professional who does security analysis and project management work but not a lot of what he does is considered deeply hands-on technical work.

The other security professional on this CIO's staff is a hands-on technical professional who has very deep technical skills but he is not strong with regulatory compliance, risk management work or work that requires strong interpersonal skills.

As they considered which security professional could be eliminated, someone suggested passing certain security issues over to a department housed within the general IT staff. Someone else quickly pointed out that they couldn’t allow IT to have control over certain security issues because doing so would result in a PCI violation.

My recruiting partner and the CIO came to the conclusion that both security professionals might have to go in order to hire someone who had a broader skill set that included both the business / risk / interpersonal skills and the deeply technical components all wrapped up in one person’ s security / technology risk management skill set.

Though this is my friend’s story to tell and not my own, I know and understand the pressures my partner’s client is under. We've worked together to serve my partner's client for many years.

Security professionals in both the present and the future need to bring broad skill sets to prospective employers in order to satisfy the growing demands found in hiring manager’s job descriptions. It is a need to get more done with less that CISOs face across the nation.

One of my college professors introduced himself to our business class years ago by telling us his class where we'd learn how to get the “Mostest from the Leastest”. Granted, this wasn’t very impressive English coming from a professor but the point was well-made and his class definately lived up to the introduction.

I don’t know that I knew enough about anything back then to fully appreciate my professor’s point. Having recruited through the Dot Com bust and now through this current recession, I’m beginning to fully understand my former professor’s point.

In today’s business environment, professionals across the board who can figure out how to deliver more value with less resources will be the employable professionals of the present and the future.
SecurityRecruiter.com, Security Training, Security Education, Security Consulting, Security Placement, Security Jobs

SecurityRecruiter.com's Security Recruiter Blog