The title of today’s Security Recruiter Blog is not one I came up with on my own. This title is actually a statement made by one of my LinkedIn connections after we knocked the ping pong ball back and forth so to speak on several topics last night by way of our mutual connection on Linkedin.
To address another one of your points, I see many security requirements that describe several people in one job description. Sometimes multiple areas of competency can be found in one candidate but frequently these requirement heavy jobs go unfilled for months or even longer. I had a candidate who started on one of these requirement- heavy jobs today. My client told me they'd been searching for 1.5 years to fill this position. It made my day to learn that I was able to help solve a problem of this magnitude. In the end, it was an outstanding candidate who prepared for the future who earned the new role. I simply got to open the door.
That lack of technical skills stems from our education system has not changed in over 50 years and the world has changed a little. You see candidate after candidate need to work but lack the experience, certifications, and knowledge. How does anyone in this Industry get experience? How can Info Sec college graduates be graduating without 1 Networking or Firewall Certification? Would that person be qualified for any job that you recruit? If a job can go 1.5 years without being filled I contend the job is not necessary. How did the company make it that long without the mission critical role being filled?
A Niche within the Security Recruiting Business
Back to the point the writer on my LinkedIn update made, I would argue that each position I’m about to profile was necessary for each company. The reason each company made it as long as they did without finding a solution is that they simply got lucky. Nobody in the hacker community thought to go after these particular companies when they were missing critical talent.
Here are a few examples to give you a flavor of the complexity of positions that go open for so long.
Director of Corporate Secruity, Anti-Bribery and Corruption Compliance Officer
Open for 9 months
I received the call to assist with this position after a global $650M company had worked on their own and they had worked with one of my competitors for 9 months. After investing an hour or so on the phone with the Chief Compliance Officer, I discovered they they were interviewing federal law enforcement agents because a consultant with a DHS background advised them to hire a law enforcement professional.
As I probed and asked the Chief Compliance Officer about the needs of his business, it became crystal clear to me and to my client that what he really needed was a corporate security professional who had sound business experience, enterprise risk management experience and global experience working across many different cultures.
I re-wrote the original job description and aligned it with the conversation I shared with the Chief Compliance Officer and came up with the right candidate a few weeks later.
The reason this Chief Compliance Officer wasn't happy with 9 months of interviewed candidates was that they hit target that was not his target. Once the Chief Compliance Officer's target was clearly defined, the search process could then be clearly defined.