Career Advice Tuesday – “Infosecleaders – Please Help Me Become A Successful Recruiter”
January 25, 2011
Let me get right to it, I need help recruiting people to my security engineering team.
Here is my situation, I am a new manager and was just recruited to a position where I am responsible for building an technical security engineering program. When I accepted the position, the goals were to hire six (6) information security engineers within the first 90 days. This is one of the goals that I will be measured on.
I thought that this would be a simple task, considering that I am pretty well connected and figured that a bunch of my past staff would like to join me in my new role. I could not have been more wrong.
First of all, when reaching out to all of my past staff, all but one informed me that their careers had accelerated beyond the roles that I was recruiting for, and that although they appreciated the opportunity, they decided that they would stay with their current employers. The one that was interested in the role, went through our interview process and then asked for a compensation package that was about 10% more than they were currently earning and it got shot down by HR. This was personally concerning since I identified them as a key hire, and I thought that the compensation request was reasonable for the change of positions. (The offer was for about 5% more salary – and the benefits were better at his current firm).
I had discussions with my management and the human resources team and they were both pretty set in that these were the tools that I had to work with, and it was my job to make them work. They even insinuated that they may have chosen incorrectly when electing to hire me over the other candidates for the role.
Can you give me any advice on how to overcome my predicament. I have come to realize I have bitten off more than I can chew!
Bite Too Much, Chew To Little
Dear Big Mouth/Slow Teeth:
From listening to your situations two things come to my mind:
1) It appears that you should have asked some better questions during your interview about staffing budgets and resources, and your influence over compensation for your staff. Sometimes in the heat of our interview processes, we get focused solely on getting the job, not what it will take for us to be successful, once we have the role. ( I think that many of your peers can learn from this.)
2) You also may have bitten off more than you can chew in telling your employer that you could get six (6) qualified information security professionals into your organization in 90 days. Considering that most interview processes will last between 30-60 days (after talent has been identified) – you have given yourself very little room for error. In fact, if you did nothing but recruit for the first ninety days, and had external resources at your disposal – an information security savvy internal recruitment team, budget for external search firms, and previous commitments from past employees to work for you - you still may fall short of your goals.
All this being said, our advice to you is as follows –
1) Meet with your manager and HR to try to agree to an overall salary budget for your six roles. Once you get them to commit to a number, ask them if you would be able to use your discretion on how the amount will be allocated for your staff’s salaries. If they do not give you some leeway, my suggestion is that you abandon ship – before you get too far away from shore – considering that this effort which is tied to your success, will have little hope in succeeding.
2) If they give you the budget, the first thing that I would do would be to go back to your past employer – and re-offer him the position for 5% more than he originally requested. If you can overcome the “bad taste” you will at least have one success, and will be able to build momentum.
3) Now that you will have five positions remaining, what I would do would be to separate the roles into two tiers – three positions that are more senior, and three entry level hires. What this would do, would allow you to elevate the salaries of the two remaining hires to attractive levels. What you also can create, is an opportunity for these Senior Security Engineers to participate in the hiring of a junior “apprentice” whom they could teach and mentor. This could be very attractive for an information security pro to gain some leadership experience.
4) After this, figure out how much money is left – hopefully it will be around 135-160K, and divide that pool in three, and ask your internal recruiting function to help you with some campus recruiting from local schools that have either masters or bachelors programs in information security, information technology, computer science, or engineering. See if you can find three bright minded future info sec leaders who have a good amount of aptitude, have a passion for information security, and can fit into your team’s culture. You may need to wait for May/June to bring them on – but you may also find some who are willing to work – “part time” before they graduate,
5) In the end, you will have your team of 6, just probably not the composition that you were expecting. You will have some senior folks whom you should be able to offload more responsibility too, it will be your job to select the junior members wisely, and create an internal environment of knowledge sharing, training, and professional development to expedite their development as information security professionals.
Let’s put it this way, I think that if you are able to pull this off, without external help (besides this response) you will be recognized by your management for your leadership, creative problem solving, and the use of resources. Hopefully it will work.
One thing that you should realize, is that a main component of recruiting is the ultimate variable – people. To all of those info sec pros who are reading this , before you commit to a staffing/hiring plan, think about the intricacies of your last recruitment process, and all the things that had to go right in order for you to change positions. Magnify that by the complexity of the info sec talent that you are searching for, the compensation parameters that you have, your location, and the amount of people that you need, and you may arrive at a better conclusion of the time and effort it takes to build a successful information security program.
Hope this helps you become a better information security recruiter.
Lee and Mike