Career Advice Tuesday – ” Noone Will Come Work For Me”

January 24, 2012

Dear Infosecleaders:

My question comes from a different angle than most of the questions that you address on your blog – I am an information security leader, and I have been trying to hire some key technical information security engineers for my team, and I have not had much luck.

I have been looking for these positions for close to six months, and the only thing that I have to show for it is three rejected offers of employment and a good deal of wasted time.  The candidates have rejected our offers for a variety of reasons:  compensation, expectations associated with the position, and one of the candidates never every responded to the offer. 

I think that my internal recruitment team has written the positions off and we do not have any budget to hire external search firms to help locate this talent.  I have posted these roles on internet websites, and I can not tell you how many resumes we have received which do not nearly resemble the skill combinations and experience which I outlined in the job description.

I guess I would like to know if you have any advice for me.  We are committed to hiring the right people for the roles, but I am at the point that I will settle for someone with a pulse and some passion.

Is there any advice that you can share with me to help me solve this issue and hire some future information security leaders.


Looking for Mr. (or Ms.) Goodbar?


Dear Info Sec Leader:

There is no simple solution to hiring the correct talent for your information security team.  It appears from your note that you are resource constrained on many levels – compensation, internal support, and external budget.  Although these are substantial obstacles to overcome, they are not insurmountable.

The first thing that I would do would be to look at your job description, and determine which skills are absolutely necessary to perform the position that you are looking to fill.  Sometimes job descriptions are filled with a good number of “nice to have” bullets, and they overshadow the “need to have” requirements.   It is logical that the candidates that you have been interested in have a good amount of the experiences that you request,  but your budget simply cannot afford that level of resource.

What you should do is to winnow the amount of experience down to the skills and experience to reflect a level that you can actually afford.  You should understand that it is one thing to attract candidates, hiring them is completely different.    If you lessen some of your requirements, and require that candidates who lack certain experiences make up for it by displaying “passion” and “drive”, during your interviews, you should be able to locate a candidate that you can afford.

When you design a position to inspire professional growth and career acceleration, you will generally attract candidates who have a high level of motivation and professional pride.  So, what they lack in experience, they will make up in aptitude and “passion”.  It will be important that you screen for these intangibles in the interview process.   Constructing your position in the matter will truly turn it into an “opportunity” as opposed to what your past candidate pool has viewed it as; “a job.”

As far as building your relationships with human resources and your internal recruitment team, my suggestion would be for you to schedule some time to reengage them and start anew.  During this time, you may be able to educate them on your new requirements, provide them some good screening questions, and adjust some of the elements of the job description to reflect less experience and more passion.  You can accomplish this by screening the candidates for things that reflect this, like conference attendance, industry involvement, and logical career investments.   I would then educate them on potential sources in your market for these skills, so that they may be able to do better in pre-screening resumes.   Try to schedule a weekly meeting with them to both provide status on their efforts, and to give them a regular opportunity to ask questions.    The more that you engage them in the process, the more they will want to help you.

Although you cannot use external agencies, you can still post the position on internal and external websites.   In posting the position, try to do so in a way that reflects the type of career opportunity that is available and the candidate profile you are attempting to attract.   I would use words that could possibly encourage more affordable and slightly more junior candidates to respond.  A good exercise would be to think back of your career, and think about the things that would attract you to a role like the one that you are offering.   When the candidate eventually comes to the interview, utilize these examples as selling points as to why this role will benefit their professional development and their career as an aspiring information security leader.

Feel comfort that your experience is not unique.  Do the best you can with what you have, and keep your expectations realistic.

Hopefully this helps, and you will fill your roles in the next 30 days.


Lee Kushner

Posted by lee | Filed Under Advice, Career Advice Tuesday, Interviewing, Leadership, Recruiting, Security Industry, Skills 


2 Responses to “Career Advice Tuesday – ” Noone Will Come Work For Me””

  1. Career descriptions on January 31st, 2012 7:02 am

    Off course getting right one in the team is not an easy task. It requires brilliant skills to identify correct talent.

  2. Lettice on February 16th, 2012 5:23 am

    I really cuodln’t ask for more from this article.