Tuesday, March 03, 2015

They Say That Security Recruiters Don’t Get It

Who Said That?

Who is suggesting that Security Recruiters don’t understand what they are doing?  

Numerous comments I’ve recently read on-line from security professionals suggest that they have run into highly inexperienced, check box minded recruiters who claim to understand information security jobs or cyber security jobs. This is to be expected. The Information Security / Cyber Security space is a hot area in which to be employed.

After reading each comment, I made a mental note but I did not capture and save each comment.  I just know that there is a significant amount of negative sentiment regarding my profession.  

While this saddened me for a brief moment, I only take responsibility for my own work and nobody else’s.  I got over what briefly saddened me.  I work hard every day to impact people’s lives in a positive way and to create value.  I’m confident that I do that because I receive feedback daily that tells me so.

Many employers I’ve run into recently behave as if they do not understand that for the most part, talented security, risk, compliance and privacy professionals are gainfully employed.  Sure, there are people here and there who are between positions in your profession but for the most part, that doesn’t last long if the individual is diligent about finding a new job and they have talent to offer.

Here is real-time evidence that security skills are in high demand

careerbuilder 3.3.15
Keywords:  Security Architect
1,837 jobs found

Keywords: Security Consultant
7,192 jobs found

Keyword: Security Analyst Jobs
5,676 jobs found

What's it like to be a recruiter?

Cloud Security Example

A Director of Human Resources recently sent an email with an attached search contract.  She did not call to speak with me. She simply sent an email.  

The contract was not great but it was not worth arguing over.  Out of curiosity to see what might happen next, I signed the contract and quickly sent it back.  The HR Director sent a follow-up email thanking me for my quick response like this:

"Attached is our countersigned.  Let the resumes flow."
"Below are some openings we would like help with, which are on our website as well."  

Keep in mind that I’ve had no human interaction with anyone in this cloud software company. 

What's wrong with this picture?
  • I don’t know where this company is in their search process.
  • I don’t know if the job descriptions the HR Director sent URLs to are accurately written. 
  • I don’t know if the hiring manager is the greatest manager on the planet or the opposite.
  • Because nobody at this company has educated me, I have no idea how to sell this company’s jobs.  A talented recruiter by the way is a sales professional and part psychologist.  If I have nothing to sell, I’m not making recruiting calls.

There’s much more I’d like to know but I have no human being to gather information from on behalf of candidates I would recruit if this situation were not set up as a “throw it against the wall and hope it sticks search process”.  

Acquiring people is not the same as acquiring computer monitors but that's how many companies approach talent acquisition.

One thing I’m certain of is that Cloud Security Professionals are gainfully employed and in high demand.  This type of search is like all of my searches in that direct recruiting is the only way to fill these high demand jobs.

By the way, I'm not an order taker so I didn't stop trying to get relevant information before starting my search process. 

I reached out to a Vice President of Engineering at this company to learn more about the jobs.  He responded four weeks ago telling me how busy he is but he committed to getting back to me. 

He has never gotten back to me.  I've never invested my time into this company's searches.

A Security Consulting Firm

In late 2014, I worked with a CEO whom I served in late 2013.  When I say that I served this CEO, I specifically mean that I filled a difficult position with one resume connected to one local candidate who is still with the company today. 

The CEO asked me to find a new set of talent.  I turned on my direct recruiting search process and delivered a candidate within a couple of weeks of the outset of the search.  For six weeks, I attempted to reach my CEO client with a phone call and a corresponding email.  My client finally got back to me after six weeks telling me that she was too busy to communicate. 

If she’s too busy to communicate, she’s too busy to properly handle top-shelf talent.  Do you want to work for this CEO?  I don't.

A Global Manufacturing Company

In the past I served a Global Chief Security Officer by directly recruiting corporate security talent in Brazil.  This talent in Brazil is gainfully employed for the most part.  I delivered four directly recruited and gainfully employed candidates to my client.  

My client sat on these candidates for 1.5 months before taking any action.  After 1.5 months, the top two candidates lost interest in the "opportunity".  Highly talent people don't sit around and wait for indecisive people to take action.  They move on.

What’s The Point Here?

I could write a book if I kept going with stories that are real to me.

I’ll be the first to agree that there are many recruiters entering the information security / cyber security recruiting space because it is a “Hot” talent space to enter.  I’ll also tell you that a few years ago, I attempted to convert three IT recruiters who had 17, 22 and 31 years of IT recruiting experience into security recruiters.  This effort failed.  If I knew what it was that I understand that I can’t seem to pass on to others, I’d bottle it up and become a millionaire overnight.

Information Security recruiting is not IT Recruiting.  I've done both.  I know the difference but I think most companies do not know the difference.

Security Recruiting is one of the most difficult disciplines of recruiting on the planet

Having executed my first security search in 1995, I’m still convinced that most companies do not understand security professionals.  I routinely fill jobs with 1-3 resumes.  That is when I have access to hiring authorities in order to determine what the business drivers are behind a search and I’m able to re-write a search to match up to what my client really wants and needs in a candidate.

  • Companies frequently do not understand how to write security job descriptions.
  • Companies frequently do not understand how to screen and properly hire security professionals.  
  • Once you’re on board, companies frequently do not know how to determine whether you’re succeeding or not.

For those who have run into a less-than-talented security recruiter, I’m sorry.  However, not all security recruiters are less than talented just like not all information security professionals are less than talented. 

Moving Onward

I have several high quality jobs to fill with high quality clients.  I have screened these clients for quality just as much as they have screened me for competence and quality.  I welcome the challenge by the way.

I have high quality resume coaching and career coaching clients to serve before this day ends.  I’ll continue to fight the fight and a fight it truly is. 

Please don’t put all recruiters in the same bucket as I don’t put all security professionals in the same bucket just because I run across one that is less than stellar here and there.


If you run across someone who should not be in the security recruiting profession, move on and find someone who has earned their stripes and the right to serve you in this space.

SecurityRecruiter.com's Security Recruiter Blog