September 12, 2012
Currently I am at the end of a job search. The interviews have gone great, I really like the company, and I am on the verge of becoming a CISO for the first time in my career. For about 95% of the process, I have been on “Cloud Nine”.
Unfortunately, my process may have hit a snag, and I really need your advice to potentially avert a catastrophe.
On the company’s application they asked me to list my current professional certifications. I listed my CISSP and my CISA, which I know are current, but I also listed a couple of technical information security certifications that I received earlier in my career. My assumption was that these certifications were current.
I received a call the other day from the background check company asking me to provide some proof of these certifications. I did some checking, and I do have the actual certificates, however the during my discovery I learned that these certifications have definitely expired.
Here is my issue; technically, I have misrepresented myself on the background check form, which I know speaks to my credibility. At the same time, these certifications are not even applicable to my hiring or the qualifications that this information security leadership role requires.
Do you have any advice on how I should handle this situations, to preserve this opportunity? On one hand I want to come clean and let them know of my oversight, on the other hand, since these certs are secondary, they may not even be verifiable, which would mean I would draw attention to something that will be irrelevant.
If you could let me know, that would be great.
My advice is simple but it is two-fold. It will be short but sweet.
First of all, “tell the truth”. What you need to do is to be in front of the story and to let them know that you made a mistake, and you want to bring it to their attention. You can let them know that your assumption was that these certifications were granted for life, and to your knowledge you did not need to renew them. If they question your sincerity, you can point to both your CISSP and your CISA, which are both current and in good standing, to demonstrate that renewing your certifications is a standard operating procedure for you. In addition, the fact that you can produce the actual certificate as proof, will at least demonstrate to your new employer and their background check company that you did actually achieve the certification and your initial statement was indeed accurate.
Secondly, whenever you speak about this, and to whomever you discuss it with, make sure that you do not make this a “big deal”. You should not send e-mails, or contact the senior members of the interview team – you should just deal with the background check company – and should do so via the phone, so that nothing can get forwarded to people with decision making authority for your hiring, who may have dogmatic views about this violation/oversight.
If you make it a big deal, it looks like you are attempting to cover it up and you got caught. If you make it like it is just an honest mistake, you may get them to overlook it altogether and it will most likely become a foot note, and not even become an issue.
What can be learned from this is that when filling out an application, less is more. Only include things that are essential and you know your can verify. If you can not be 100% accurate, omit it, you can always complete it at a later date.
Hope this helps and it works out for you.
September 5, 2012
I’m currently responsible for a security program for a large enterprise. Before taking this role a couple of years ago, security was not a concern for this company, and I believe I’ve made strides in correcting this. However, I feel that I’ve accomplished as much as will be possible given the corporate culture from the top down. The board and company leaders are much more risk tolerant than I am personally comfortable with. This goes beyond a difference of opinions – I have been asked to back down from a number of very basic security policies (i.e. must have a password on a smartphone) because leaders rather deal with a potential security breach than with dissent in the ranks as a result of changing basic behavior. I do not believe that my personal ethics and pride in what I do will allow me to continue to brush security gaps under the rug because they are inconvenient. As a result, I am slowly beginning to investigate the job market.
My question – when asked the inevitable, “Why do you want to leave company XYZ”question in an interview, how do I portray my personal integrity and ethics in a way that does not sound like I’m trashing my employer?
“Looking for the Right Words”
First of all, I want to thank you for this question, it is a very good one and it generally requires a delicate response, mainly due to the fact that the interviewer likely has preconceived notions of what an acceptable response would be.
Before I answer, I want to tell you that I think that this is the worst interview question and in all my years as a recruiter, I believe that this question should really be irrelevant to someone’s interest in a particular opportunity and here is why:
There is really no good answer
“What is a good reason for leaving?” – I mean really, if things were good, would someone really be leaving.
Here are some common Question/Answer responses:
1) If you say something like “I got passed over for a promotion” – the interviewer worries that you are not that talented and that if you are not promoted on your timetable you will leave.
2) If you respond saying that you are “looking for more compensation” – you are effectively a mercenary. You are now labeled as greedy and money motivated, looking for a job for all the “wrong reasons”, or willing to move again for the next biggest pay day.
3) If you say that you “do not like your manager’s style”- then you are all of a sudden difficult to manage and red flags go up
4) If you say “you do not like the work environment” – you are now a malcontent.
5) If you tell them that you want to “work with smarter people” – you are now labeled as cocky and conceited.
6) If you say that the “commute is too long and the hours are too intensive” – they question your work ethic
7) If you state that you want “to work for a better company” – you lose a majority of your leverage and negotiation power
8) If you state that you “have a problem with your company’ s integrity and how they do business” – You are now either a “whistleblower” or have a “god complex”
Believe me, I can go on and on, but I will leave off at your question and try to help you find a better response.
One of my beliefs about interviewing is that the most successful interviewers are effective storytellers. The best interviewers are able to share their experiences in a way that points back to an underlying theme that will enable them to reemphasize a key characteristic or skill. In essence they take something that makes them unique and attractive, and they share experiences that force the interviewer to draw a conclusion aligned with how they want to be portrayed. This enables the interviewee to get their point across more gently, and allows them to paint a picture of both their skills and their character – focusing on the whole “body of work” and not just one particular experience.
In a situation like this, my advice to you would be to build a theme of “ethics and integrity” and make that your interview story. You may be able to begin your story with the reason you were attracted to information security as a career. You then may want to speak about managers that you worked for that reinforced this concept and discuss situations where your ethics and integrity were critical in helping both your employer and team accomplish its goal. You can even lead up to your current role, and speak about why you accepted it, discussing how when you began the role and established the function, that this was a main driver in making that decision.
Now, if asked why you are looking, you can simply state that the company and the people whom you work for now, are much different than the company that you originally joined. This will subtly reinforce your “theme/story”. The interviewer should be astute enough to draw their own conclusion without you having to verbalize this.
You can let the interviewer know that one of the reasons you are interviewing at their company is that from what you have learned and read, it appears that their company’s values align well with your values. You can then turn the interview around and ask them some questions on how ethics and values effect their decision making process. Hopefully they will provide you an answer that will make you feel more comfortable about joining their team!
Hope this helps you.
If you would like to speak more about this and your pursuit, please either contact my office, or send me a number where I may reach you.