Tuesday, December 11, 2012

Candidate Questions for a Security Recruiter


I’ve been following your company and your blog for many years.  Thank you for the insights you so unselfishly share with those of us who work in one company at a time and are not able to see the big picture that you clearly see.  My company is ready to hire a Chief Information Security Officer for the first time.  I brought up your name and I was asked to gather information to back up my recommendation.  What value do you bring to a search for a company’s first CISO? 


The Value of a Highly Specialized Security Recruiter

My first security recruiting assignment came to my desk back in the mid-1990s and I’ve been building my knowledge, expertise and relationships in the security, risk management, compliance and privacy sectors ever since.

Over the years, I’ve been fortunate to earn the trust of many companies that were hiring a CISO for the first time.  They all had an idea of what they needed in a CISO but the real set of expectations came to the table when I was introduced to key stakeholder decision makers. 
By asking these stakeholders questions that I’ve learned to ask by way of filling other highly strategic CISO jobs, I have been able to gather information required to write accurate and compelling job descriptions. 
This information also puts me in a position to build an interview process that addresses topics that are important to my client as opposed to topics I think are important.

My CISO Job Filing Track Record
I have significant references to share but I’ll offer a couple of significant examples of problems I’ve solved and turned into opportunities for my clients.

One of my clients in the recent past was one of the world’s largest telecommunications companies.  They need to hire a Head of Security and Risk Management, essentially a Converged CISO.  Their position had been open for 18 months before I was brought in to help. 
After working closely with an HR Director than then after spending 43 minutes on the phone with the CFO and Controller for North America, I was able to determine precisely what this company needed.  For 18 months, they had been busy interviewing, and interviewing and interviewing.  The problem was that key stakeholder decision makers were measuring each unique candidate against a different set of criteria.  I got the stakeholders aligned and rewrote their job description.
With the right information in hand, I wrote up a job description that mirrored the conversation I had with the CFO and Controller.  In just 3 weeks, I was able to identify, recruit and deliver a local candidate who ended up winning the job just 1.5 weeks later.

Global Mining Company

For one of the world’s largest mining companies, I was recently asked to deliver a Chief Information Security Officer.  This would be the company’s first CISO.  This person would have a background in information security, enterprise risk management and some physical security.
After being granted an hour on the phone with the Chief Information Officer, the person to whom the job would report, I was able to ask the right questions to draw information out of the CIO that nobody on his own staff had been able to draw out previously.
This position had been open for 9 months before I was engaged to help.  I don’t know how many candidates had previously been interviewed but I was told by an HR leader that the CIO was “exhausted” with the interview process by the time I arrived.

One of the CIO’s direct reports championed my cause and convinced the CIO to give me a chance.  In just a few weeks, I delivered my first CISO candidate.  This person had a significant background in global chemical manufacturing that included an outsourced SAP environment and a global business footprint that looked a lot like my client’s footprint.

The questions I asked the CIO brought to the surface the CIO’s desire to see candidates who came from highly industrial companies.  He was tired of seeing candidates coming from banking, insurance and healthcare.  I’m not speculating on this information. This is what the CIO told me.
In just a few weeks, a 9 month problem turned into an opportunity when I delivered the right person with the right background, the right personality and the right business culture experience to the CIO.
Why Engage Jeff Snyder at SecurityRecruiter.com?
I’m not an expert at too many things but when it comes to putting the right people together to create business opportunities, I’ve invested 22.5 years to fine-tune my skills and I could show you objective assessment results pointing to the fact that I was hard-wired from the start to do this kind of work.
Given access to the right key decision makers, I’m able to extract information that others are not able to get to.  I’m able to help a company that has never hired a CISO or a CSO to understand the playing field they’ve never before played on.
I don’t mean the playing field of available candidates who can be found through major job board postings.  I mean candidates who are generally gainfully employed and must be directly recruited by a highly skilled security recruiter

Dave, I sincerely appreciate your vote of confidence.  I’ll adjust my schedule to accommodate your decision maker’s schedules. 


Jeff Snyder

SecurityRecruiter.com's Security Recruiter Blog