Friday, September 27, 2013

A Bank CISO Tells Me about Recent Interview Experiences

An Open Security Job for 1 Year

A bank CISO has a Security Architecture position to fill that has been open for 1 solid year. 
I won’t cover some of the reasons why this job has been open for a year but I’ll cover some of the reasons why candidates who've been interviewed for the job over the past year have not captured the job.

Not Prepared To Interview

The CISO told me about the feedback his CIO has given him after several information security skilled candidates walked out of the CIO’s office after an interview.  The CIO asks candidates what they know about his organization.  Other than the fact that candidates know that they walked into a bank for their interview, nobody who has interviewed knows anything about the bank.

  • Nobody knows that the bank is one of the city’s top employers for women and working mothers.  
  • Nobody knows anything about the bank’s stock performance. 
  • Nobody knows about the bank’s most recent and highly publicized acquisition of another local bank.  
  • Candidates are not investing time to learn about the business in which they are about to interview. 

Not Prepared To Talk About Strengths

The CIO of this bank wants to know what a candidate is great at.  He can’t tell what anyone is great at by way of the tactical resumes that land on his desk.  So he gives candidates an opportunity to verbally articulate what it is that they've done in the past that they can bring to his bank.  

He wants to know how a Security Architect candidate is going to produce value that will add to the bank’s bottom line.  

For one solid year, no candidate has been able to sit in front of the CIO and articulate their strengths and past bottom-line enhancing accomplishments.

Not a Student of the Security Profession

The CIO is looking for a Security Architect who is passionate about their chosen profession. 

What does this mean?  Someone who is passionate about their profession generally isn't watching the clock.  

Okay, so maybe they need to catch the 5:15 PM train on a regular basis but they also know that there is a 5:45 PM, 6:15 PM and 7 PM train they could catch if they’re up to their eyeballs on a project and leaving for the 5:15 PM train would crush momentum. 

The CIO wants a Security Architect who can talk about how they keep up with emerging threats in the security profession.  

He wants a Security Architect who wants to know about the company’s tuition reimbursement policy because they want to continue taking classes and/or attending conferences.  Not to have a reason to leave the office but to gain knowledge that can be brought back to the bank to make the bank more competitive within the city’s competitive banking landscape.


If you want the best jobs that corporations have to offer to information security / cyber security professionals, you can’t be passive about making yourself a desirable candidate.  If you’re not clear about how to talk about your personal strengths with confidence in an interview, through my Security Career Coaching services, I can definitely help you.

If you’re watching the clock and you can’t wait for 5 PM to arrive, you should probably find a new profession.  Protecting a company’s information, brand and reputation is not generally an 8-5 job.

When you go to an interview, at the very least, prepare for the following:

  • Know how to articulate your strengths and the business value you can bring to an organization.  Know how to articulate the value of the problems you’ve solved in the past so the employer can gain an idea of what kinds of problems you’ll be able to solve for them in the future.

  • You don’t have to know everything.  In fact, acting like you do know everything never works. You need to know where to go to find the information you need when you need it.

  • Know not only about the company you’re going to interview with but do homework to learn about the people you’ll be interviewing with when you arrive at the company.  You may not be able to find everything you want to find but there is no excuse for not trying with so much information available on LinkedIn today.

There’s more to preparing for an interview but this should give you a good start.'s Security Recruiter Blog