Friday, November 09, 2012

Cyber Security Job Candidate Question: Should I Apply For This Job?

To Apply or Not To Apply?
Whenever a question comes to me, I try to remember to not only answer the question but to also turn the question into a blog.  I assume that if one person has a question that there just might be a second person out there who has the same question.

When I was talked into creating the Security Recruiter Blog many years ago, the person who pushed me in the blogging direction suggested that every time someone asked me a question, I would have a topic for my next blog.  Not a bad idea.  Here you go.

A security professional in Europe writes: 

Do you think a job offer requiring 7+ years or experience or 15+ years of experience should be understood literally? Do you think I can apply to a 7+ year job requirement although I'm only a 4-year security professional?

This is a great question and I have two answers to share.
Answer #1

Currently, I’m working with a Fortune 150 client that is hiring Cyber Security and IT Risk Management professionals at the Security Architect level.  For a candidate to qualify for the salary band that goes with the Security Architect title, he/she must have a minimum of 8 years of overall IT experience.  The candidate must also demonstrate at least 5 years of Information Security experience.
For this company, the year requirement is a compensation department issue.  The next measuring stick comes from the hiring manager.  The 8 year issue is what I call an HR checkbox item.  Whether a candidate fits the job and has the skills and aptitude to perform the job or not is an entirely different question.

Answer #2
My second answer is to suggest that you should apply for the 7 year job despite the fact that you only have 4 years of information security experience.  As a cyber security jobs candidate, you don’t know what was in the mind of the person who wrote the job description.  Like my Fortune 150 client, they may have a sound reason why you need 7 years of experience to qualify.  On the other hand, 7 might have been a randomly picked number.

There is a chance however that the 7 year number is a random number that someone in HR came up with while the hiring decision maker might be content with a candidate who possesses the desired skill and only  4 years of experience.   
As a security recruiter, if I’m not working from a box as I am with my Fortune 150 client, I’ll work with a candidate to determine whether they have enough experience to do the job while simultaneously working to understand what’s in it for the candidate to take the job.

By the way, for my Fortune 150 client, a candidate could come along with 15 years of experience and be just as qualified as the person who has 8.5 years of total experience.  The 8 year mark is a minimum level of post-college experience the compensation department came up with for the salary ban that applies to the Security Architect Title.
I appreciate this question from a European security job candidate.  My next blog will be part 2 to this blog as a similar question came to me earlier in the week and it ties into today’s topic.

Jeff Snyder’s Security Recruiter Blog's Security Recruiter Blog