Career Advice Tuesday – “Programming My Future”

October 23, 2012

Dear Infosecleaders:

I write to you seeking career advice. I graduated from college in 2005 with a B.S. in Computer Science (programming). I was unable to timely find a job in my field of studies, so I accepted an offer to become an IT Auditor. I’ve been an IT Auditor ever since in two different business environments (banking and government).

Because of my background in programming, I absolutely enjoy undertaking tasks that are related to business analytics, data mining, re-performance, etc. However, my current line of work does not require or provide for that. In addition, I have become greatly interested in security, but while I feel that I am very capable of learning effectively and efficiently, I do not have a strong foundation on networks.

In order to push myself to strive for more, I have looked at the option of becoming CISSP certified. However, I am not sure if the SSCP would be a better choice for me based on my knowledge level.

I am currently CISA certified and know that having another, more technical certification, will better position me in my job or others.

What would you suggest? Thanks in advance for your help.


Programming My Future


Dear “Programmer”:

The best suggestion that I have for you is not to pursue any certifications for the sake of positioning yourself in your current role or others.     The certification alone will not help you, finding an environment where your skills are valued for their unique combination is the best way to further your career.

To begin with you have a degree in Computer Science and a background in programming.   Next, you have 5-7 years of real world experience in IT Audit and you are a CISA.  On top of that, you have an interest in security, and you have a history of gravitating to more technical projects.

The combination of these skills and your interests are unique.   Your skills have a great deal of value to an organization who realizes how to utilize them and leverage them for their benefit.

Recently we have been engaged in a number of searches that are looking to find technical information security professionals to work in IT Audit environments.  The primary reason for this is that corporations are recognizing that it is critical for these two business functions to understand each other, and the key to this is to either have audit minded security professionals or technically and security astute IT Auditors.

This being said, it is good that you recognize that your lack of networking experience is a shortcoming and a potential skill gap.  My feeling would be for you to find a way to work on developing this skill and knowledge.  This could begin by reading some books on the topic, taking some vendor based training, and maybe eventually getting a certification that demonstrates and reinforces this knowledge.

If successful, this may be  2-3 year undertaking. If you begin down this road and it “does not take”, then I would suggest you refocus your energies on you’re the enhancement of your strengths – and maybe learn some new programming languages, application security, code review, or other related skills.

If you are interested in learning about some of these blended opportunities, do not hesitate to contact us at LJ Kushner ( . If you do so, in your e-mail please mention – Career Advice Tuesday!

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Career Advice Tuesday, Career Investments, Planning, Position Selection, Security Industry, Skills | 1 Comment 

Career Advice Tuesday– “Managing Compensation Risk”

October 16, 2012

Dear Infosecleaders:

Currently I am employed as an information security consultant with a large entity.  As part of my compensation program, I earn a quarterly bonus based upon the achievement of utilization targets and billable hours.  Our company has done well over the past five years, and my bonus has become quite predictable.  Over the course of the year, it amounts to about 30% of my base salary and close to 20% of my overall compensation.

About a year ago, one of my peers left the company to strike out on his own.  During that time, he has grown a small boutique consulting company that specializes in my area of expertise, GRC product implementation.    While I am familiar and comfortable with the person as a peer, I am not fully comfortable with him as a business owner.   He has recently made me an offer to join his team.  

The position comes with a little more authority than I currently have, alone with a flashier title  (From reading the blog, I know how much weight you put on this.)   The salary is a small increase from my current salary, but the bonus appears to be more substantial.   He has told me that, based on the corporate formula that they utilize, it could equate to about 50% of my base salary.  This would be a sizeable increase, and potentially give me additional freedoms.

There is one problem that I have; I do not fully trust that this money is going to be there.   I base this on the fact that I do not know what kind of businessperson he is and do not know if I can rely on the bonus to be there.   If it does not materialize as promised, I will be taking about a 10-15% decrease in earnings, and I risk leaving a safe and comfortable situation.

Any advice would be appreciated?


InfoSec Actuary


Dear Actuary:

While your question appears to be complex, fortunately, the answers are quite simple.  By asking your potential new employer a few key questions, you will be able to figure out your answers about his business ethics, believability, and the health of the company.

Here are some easy simple steps:

1)   Before accepting the position, ask the new employer if you can speak to some of your potential peers who have been working with the company for at least three months.  During these discussions, ask these folks how their bonus has been, has it been paid, has it been paid on time, and if it was paid as stated in their offer.

This is your first line of defense.  It will provide you with at least some history in seeing if your new employer is true to his word.

2) If this checks out, then I would want you to call your new employer directly before accepting the offer.  When you speak with them, I want you to ask them to guarantee the bonus for the first six months of employment at the target rate.  In essence, I want you to ask him to treat it as salary.   Anyone in business who is adding additional people to their services team should have at least six months of visibility into their revenue stream and client base.   He should not hesitate to honor this request.  If he does, my antennae would go up.

You are entitled to request this based on the following factors that apply to your situation:

1)   You are a known commodity.   The employer sought you out.  Knows your work, and knows what they are getting.  There is huge value in this to them.

2)   The business is a small business and it is their responsibility to help you manage your risk – since you are the one that is taking a chance on them.  (As a side note, a company that has been in business for a while would not do this, and should not be expected to.)

3)   They are recruiting you.  You have a good job where you are content.  You have some leverage in this situation so use it.   All you are asking is for them to guarantee their promise.  It should be a simple request.

(Note:  As the audience reads this, understand all three factors need to apply.  Do not think you can require this of a large fortune sized entity, an established security consultancy, or a stable security product vendor.)

In closing, my best advice is to trust your gut instincts.  After these discussions, if there is something telling you not to trust the new entity, stay put.  Tell the employer you would like to revisit the opportunity in 3-6 months.   I am pretty confident that if this particular opportunity is indeed a good one, it will still be good six months from now.

Hope this helps.

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Compensation, Position Selection, Recruiting | Comments Off 

Career Advice Tuesday (Returns) – “Why Are You Leaving?”

September 5, 2012

Dear Infosecleaders:

I’m currently responsible for a security program for a large enterprise. Before taking this role a couple of years ago, security was not a concern for this company, and I believe I’ve made strides in correcting this. However, I feel that I’ve accomplished as much as will be possible given the corporate culture from the top down. The board and company leaders are much more risk tolerant than I am personally comfortable with. This goes beyond a difference of opinions – I have been asked to back down from a number of very basic security policies (i.e. must have a password on a smartphone) because leaders rather deal with a potential security breach than with dissent in the ranks as a result of changing basic behavior. I do not believe that my personal ethics and pride in what I do will allow me to continue to brush security gaps under the rug because they are inconvenient.  As a result, I am slowly beginning to investigate the job market.

My question – when asked the inevitable,  “Why do you want to leave company XYZ”question in an interview, how do I portray my personal integrity and ethics in a way that does not sound like I’m trashing my employer?


 “Looking for the Right Words”


Dear  “Looking”:

First of all, I want to thank you for this question, it is a very good one and it generally requires a delicate response, mainly due to the fact that the interviewer likely has preconceived notions of what an acceptable response would be.

Before I answer, I want to tell you that I think that this is the worst interview question and in all my years as a recruiter, I believe that this question should really be irrelevant to someone’s interest in a particular opportunity and here is why:

 There is really no good answer

“What is a good reason for leaving?” – I mean really, if things were good, would someone really be leaving.   

Here are some common Question/Answer responses:

1)   If you say something like “I got passed over for a promotion” – the interviewer worries that you are not that talented and that if you are not promoted on your timetable you will leave. 

2)    If you respond saying that you are “looking for more compensation” – you are effectively a mercenary.  You are now labeled as greedy and money motivated, looking for a job for all the “wrong reasons”, or willing to move again for the next biggest pay day.

3)    If you say that you “do not like your manager’s style”- then you are all of a sudden difficult to manage and red flags go up

4)   If you say “you do not like the work environment” – you are now a malcontent.  

5)   If you tell them that you want to “work with smarter people” – you are now labeled as cocky and conceited.

6)   If you say that the “commute is too long and the hours are too intensive” – they question your work ethic

7)   If you state that you want “to work for a better company” – you lose a majority of your leverage and negotiation power

8)   If you state that you “have a problem with your company’ s integrity and how they do business” –  You are now either a “whistleblower” or have a “god complex”

Believe me, I can go on and on, but I will leave off at your question and try to help you find a better response.

One of my beliefs about interviewing is that the most successful interviewers are effective storytellers.  The best interviewers are able to share their experiences in a way that points back to an underlying theme that will enable them to reemphasize a key characteristic or skill.  In essence they take something that makes them unique and attractive, and they share experiences that force the interviewer to draw a conclusion aligned with how they want to be portrayed.   This enables the interviewee to get their point across more gently, and allows them to paint a picture of both their skills and their character – focusing on the whole “body of work” and not just one particular experience.

In a situation like this, my advice to you would be to build a theme of “ethics and integrity” and make that your interview story.  You may be able to begin your story with the reason you were attracted to information security as a career.  You then may want to speak about managers that you worked for that reinforced this concept and discuss situations where your ethics and integrity were critical in helping both your employer and team accomplish its goal.   You can even lead up to your current role, and speak about why you accepted it, discussing how when you began the role and established the function, that this was a main driver in making that decision.

Now, if asked why you are looking, you can simply state that the company and the people whom you work for now, are much different than the company that you originally joined.   This will subtly reinforce your “theme/story”.  The interviewer should be astute enough to draw their own conclusion without you having to verbalize this.

You can let the interviewer know that one of the reasons you are interviewing at their company is that from what you have learned and read, it appears that their company’s values align well with your values.   You can then turn the interview around and ask them some questions on how ethics and values effect their decision making process.  Hopefully they will provide you an answer that will make you feel more comfortable about joining their team!

Hope this helps you.


Lee Kushner

If you would like to speak more about this and your pursuit, please either contact my office, or send me a number where I may reach you.

Posted by lee | Filed Under Advice, Career Advice Tuesday, Interviewing, Position Selection, Recruiting | 1 Comment 

Career Advice Tuesday – “Am I Just ‘Changing Golf Shirts’?”

August 7, 2012

Dear Infosecleaders:

I am currently working as a penetration tester for a pretty large company.   Prior to this, I worked for another large company, doing similar work.   My current job is going well, I have a very good mentor, my company has been supportive of my professional development, and I like my hiring manager – as I feel that we have established an open line of communication.   

I do have two complaints.  First of all, I believe I can do more.  Secondly, I believe that I travel way more than necessary to perform my duties.

I recently completed an interview process with a much smaller company that is in the middle of a growth spurt.  Although they are much less structured, the people are very smart, and they have some focus in an area that interests me a great deal, Mobile Security.  I believe that it is set up to enable me to take some leadership in this area.  The position does not require a great deal of travel, and it will allow me more time to get involved in my local professional community.

The money for the position is very similar to my current role, however the position offers some stock, which is a exciting to me.

I have listened you’re your advice in the past about avoiding jobs that just provide the opportunity to “Change Golf Shirts”.  Would like to know if you think I am doing this if I join the new company and accept the offer?

Any advice would be appreciated.


“Tiger Woods”


Dear Tiger:

Based on your description above, I do not think you are “Changing Golf Shirts” at all, in fact, I think that these two opportunities are unique and very different.

Here are my thoughts:

1)   First of all, the company you are joining appears to be a “Start-Up”, and it does not appear that you have any of that experience.   Having the experience working at a “Start-Up” is unique, and I think that if you enter into that environment you will learn things about yourself that you would not have in the larger companies that you have worked for.

2)   The new company appears to have some good alignment with your interests, which is great.  Not saying that your current employer doesn’t, but it appears that you will be able to take more of a leadership role in this area in the new company.  Smaller companies are great for this experience.  Where in a larger company, there are more resources to compete with, a smaller company provides more opportunities to create more of a “Professional Brand.”

3)   You are going to work with “Smart People”.   Not that you do not already, but the only thing better than “Smart People” you know, is “Smart People” you do not know – because if you take this job, your “network of Smart People” just got much larger.

4)   You have some earning potential with the stock options.  No, you probably will not retire, but stock options provide some upside earning potential that you are not getting in your current role.  As a “Pen Tester” there is a standard comp range that you are restricted to, based on the market – so compensation for a new job, is never going to be that significant of an increase, in that case, Stock Options provide you with a possible accelerator of you earnings.  Even if they are worth nothing, there is no risk for you – as your compensation is going to be equivalent.

5)   You can always go back to the big company.  Even if your current company will not have you back, there will be another big company that will take you back, and they will probably be willing to pay you a little more money to go work there, again you do not have any risk.

My feeling to you is to take a shot on the new company, and see where it goes.  Use the opportunity of not traveling to become more involved in your local community, become known to more people, and really sink your teeth into your interest in “Mobile Security” – and become more visible.

If you maximize this opportunity, it will be much better than trading for a  “New Golf Shirt.”

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Branding, Career Advice Tuesday, Compensation, Interviewing, Position Selection, Recruiting, Security Industry, Skills | 1 Comment 

Career Advice Tuesday – “The Ol’ Bait and Switch”

July 31, 2012

Dear Infosecleaders:

For the past two months I have been in the middle of an interview process, for what I believe to be a pretty senior role.   The role was a promotion from my current duties, and it was to provide me with a larger team of people, a bigger scope of responsibilities, and a larger compensation package.

During the interview process, I confirmed that the scope of the role was larger with both the hiring manager, and the hiring manager’s manager.  This was confirmed both on the phone and via e-mail.   I also had detailed discussions with the human resources person at the onset of the interview process about my compensation requirements and what it would take for me to give up my current role (where I am quite happy).  I received assurances that this would not be an issue.

Well, I finished the interview process and the offer was incredibly disappointing.  First of all, the role on the offer was for a lower level (similar to my current job) and the compensation was for 20K salary less than I requested.  

The hiring manager told me that I should “trust them”, and they just had to smooth things over with the incumbents before they made the announcement.  They also blamed the whole compensation thing on the HR team, stating that “they’d see what they could do”, but could not go much higher than the initial offer

Do you have any advice for me?  Should I trust them?  I feel so deflated as this was a job that I saw as the next step in my career  and I feel that I have been “bait and switched” and taken for a fool.


“Cadillac Man”


Dear “Cadillac Man”:

Beware, if you take this job, you are going to get a “Clunker”

There is absolutely no excuse for two hiring manager’s to tell you something in writing about a position, and then not be able to back it up in writing and in an offer.  The concept of “Trust Me” should be applied to minor details of a job offer – like a work at home policy, or extra vacation – but for something as important as the core reason that you were interested in the job, NO WAY!

Secondly, think about the organization that you are heading to.  The hiring manager blamed the HR person.  Whether that is true or not, this is very telling of their personal style and the corporate culture you will be heading into .

At this level of a search, if you were a key hire and being recruited for a “Senior” role then compensation should be something that should be able to be worked out if both sides are reasonable.   Without having the details, maybe a request for 20K more than they offered was a bit aggressive – but I would figure that they would have taken a much different approach.

Also, at this level, if they really want you and you really wanted the job, this process of compromise would be easy.

The translation of their offer  is as follows:  

We liked you a great deal.  We feel that you would be good for the role/level where you are currently performing at (at your other company).  We do not mind paying you a little more to do that role at our company.  It is possible that you will have the ability for a larger role, but it will not be on DAY ONE!   You are welcome to try out for that role once you are an employee and prove yourself in our organization.

However, they have elected to be dishonest with you and try to sway you otherwise.  I can assure you that if you accepted the offer to work for this company, that this would not be the last of the unwelcome surprises.

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Compensation, Interviewing, Position Selection, Recruiting | Comments Off 

Career Advice Tuesday – “On Second Thought”

July 24, 2012

Dear Infosecleaders

Currently I am an Chief Information Security Officer at a medium size company.  About a month ago, I engaged in an interview process to be a CISO at a much larger company, and I was offered the position.   The role was quite appealing, but after some deliberation with my family, we decided that the location was not going to be right for us, so I called the hiring manager (CIO) and told them that I would have to decline.

He understood, but he was obviously disappointed and a little frustrated.

Well, time has passed and I just can’t seem to get the opportunity out of my head.   I really think that it was a very good career move, the money was good, the relocation package was solid, and my husband has become more receptive to the idea, finding certain elements of the location that would appeal to him both personally and professionally.

My question to you would be how could I reengage them?  Is it possible?  Have a ruined my chances?


“On Second Thought”


Dear “Second Thought”:

The answer to your question is – “No, you have not ruined your chances” and “Yes, it is possible to reengage them, and due to the reasons that you provided, and the way you have handled it (as stated), it may be welcomed.

How you reengage them is important, so here are some steps to follow:

1)   Inform your source of introduction.  If you worked with a recruiter, you need to let them know, as they may have some more knowledge on the current status of the search.  They also may be able to get a better feel for how the company really felt about your original decline of their offer.

2)   Call the hiring manager directly.   I am a big believer in going to the source.  The fact that you called the hiring manager to decline the offer, should work to your advantage this way – as it created a communication channel.   When you call them, make sure that you explain to them that the reason for changing your mind is that your family is now receptive to the move, and that was the only reason you declined the role in the first place.   Explain to them why they have come around, and you can include something like : “My husband knew that I wanted this job, and it has all that I have talked about since I declined.  He is fully supportive.”

3)   Do not renegotiate anything:  You lost this privilege when you declined the offer, so do not even attempt to  do so, as this will take away all good feeling.  (Conversely, if they contacted you to reengage, you may have some leverage – but in this case you don’t.)

4)   Give them a quick start date.  Let them know that you could be out there in three weeks or less.  This will show them you are serious, and ready to go.

Sometimes many of the best career decisions have been the result of an elongated decision making processes.  Give yourself some credit for rethinking your original decision.

Let me know how it turns out.   Hope this helps.

Lee Kushner


Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Planning, Position Selection, Recruiting | 1 Comment 

Career Advice Tuesday – “Do I Get On The Plane For The Final Interview?”

June 26, 2012

Dear Infosecleaders:

I am in the middle of an interview process and I am looking for some guidance. 

I was approached about an opportunity from a past co-worker, about joining his new company.  The role that he approached me about was basically similar to my current role as a GRC consultant, but it was a bit different.    My friend’s new company paid about 10% more, had better benefits, provided more training budget, and would allow me to travel less.   When I first learned about the opportunity, I was quite excited, and I felt that this would be the best of both worlds.

For the past three weeks I have been going through a series of preliminary interviews that have all gone reasonably well.  The interviews have tested my expertise and have provided me with opportunities to ask questions.    The answers to my questions have been consistent, and nothing that I have learned has been negative.   Based on my performance and my friend’s recommendation, the company has invited me out for an in-person interview.

Initially, I consented to go on the interview, but I am now second-guessing my decision making process.   After giving greater thought to the opportunity, I have come to the conclusion that there is nothing truly unique about it.  It is essentially the same job, in a smaller environment, but my responsibilities will almost be the exact same.  

At this point I am thinking about changing my mind and not going out to the interview.  What do you think about this?  Do I have anything to gain by getting on the plane?


“Window Seat”


Dear “Window Seat”:

My advice is to definitely get on the plane , and here is my main reason:

You have absolutely nothing to lose and everything to gain,  In essence, you are playing with house money.(Well, the only thing you have to lose is a vacation day – and the assumed risks associated with air travel)


First of all, you have already participated in the new employer’s part of the interview process, and have passed.  You have established your credibility, have answered their questions, and have gone through a process that they have dictated.  In essence, if all of these phone conversations were to assess your skills, the in person interview is going to provide you with the opportunity to assess the new company and the opportunity, and learn first hand the answers to your questions.

They should include the following:

1)   Is this new employer truly better than my current employer?

2)   What freedoms and opportunities can I get in my new job that I cannot receive in my current position?

3)   What is the opportunity for growth?

4)   Is the compensation increase going to be significant?

5)   Is my quality of life going to improve?

While your in person interview is still a test for your skills and abilities, the balance of power has definitely shifted slightly to your favor, as the new company is not incurring the expense to interview you if they don’t believe that it is more than likely you will be an asset to their company

By placing yourself in the situation to ask questions that are important to you – and were the initial reason for your interest in the role – you will enable yourself to truly vet the opportunity.  Gaining a first hand look at the opportunity, and having your questions answered is really the only way that you can truly determine if the position, the company, and the management team will provide you with the framework for an improved career and quality of life.

Once you receive the information and are able to process it first hand, you may arrive at one of three conclusions -  you should remain at your job,  you should join the new company, or you should join the new company if the compensation/offer terms warrant it.

In any of these cases, the decision will be in your hands and you will have the data to make the best decision possible.

Enjoy the complimentary pretzels  (do they still do that),

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Position Selection, Recruiting | Comments Off 

Career Advice Tuesday – No Confidence in the New Regime

June 19, 2012

Dear Infosecleaders:

I am an information security engineer, and about six months ago I decided to change employers.   The main reason for accepting the role was based on the connection and confidence that I had developed with the CISO., during the interview process.

When I initially interviewed for the role, I was on the fence about accepting the offer.  However, I had a dinner with the CISO and we spent the time together speaking about professional development and he assured me of his commitment to expose me to more of the business side of information security.   The trade off was that I had to give him 12-18 months in a security engineering capacity.   During this meeting he even shared with me about his own progression and how he had a mentor who helped him along the way in his professional development and ultimate transition form techie to Info Sec leader.

Well I bought in. 

About a month ago, I learned that corporate decided to make a decision and they have forced him to resign.  In his place, they have brought in someone internally, who is not an information security professional  (we will leave it at that) – and while he understands the company, he has demonstrated to me (and others) that he just does not understand the perspective of information security professionals or relate to them.    I know that many of my peers are actively interviewing and others have “checked out” hoping that the new leader fails.

As part of the transition, I had a meeting with him , and I shared with him the commitment that the former leader made to me to help develop my career beyond information security engineering.,  Although he was polite, my feeling was that he was not going to honor the ex-CISO’s promise to me.

Do I need to begin looking for a new job?  Any advice?


Vote Of No Confidence


Dear Voter:

One of my favorite sayings is that in the end you do not work for companies but you work for people.   In essence the company provides the framework but your manager has the real impact on your success and happiness.

You seem to be experiencing this first hand!

I think that what is particularly hard for you is that your decision to leave a good position was based upon the promises that your ex CISO made to you, and your assumption that these promises are going to be ignored.    It also appears that you do not have any confidence that the new CISO is going to make good decisions which are conducive to the development of the information security program and in essence your career.

Right now, the best advice that I can share with you is that you should give this person a chance.  Considering that your new manager is going to be evaluating your contributions to the company, you should in turn be evaluating their performance as well , as it relates to the development of your career.   Considering that the person is new to the role, and not an infosec professional -  my advice is to be the best information security engineer possible – and really demonstrate your talents, your passion, and your willingness to make positive contributions.   I would make it a point to really embrace the new leader, and demonstrate that you are their to support them.

Given the attitude of your peers, your positive attitude and work ethic should really stand out!

After doing this for ninety days or so, ask for a meeting.  At that meeting, you should revisit your conversation and your career goals.  At that point, you should see how receptive the new leader is.

If the new leader is receptive, you may have found a way to accelerate your career.  Keep working hard and contributing and see if you can produce some measurable results.

If the new leader is giving you lip service, ignoring you, and dismissing your requests – it is time to look for another role.   If the new leader does not recognize or appreciate you and your loyalty during this transition, it is likely that they are never going to connect with you or support your career development efforts.

At best you will be pleasantly surprised, at worse you can dust off the resume!

Hope this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Branding, Career Advice Tuesday, Leadership, Planning, Position Selection, Skills | 1 Comment 

Career Advice Tuesday – “Making Them Wait”

May 29, 2012

Dear Infosecleaders:

I am in the process of making my first job change and I am looking for some advice.  I have spent the past five years of my career working at a corporate information security position, and I am looking to transition to the world of large consulting – for both the experience, the exposure and the compensation.

I decided to interview with a few consulting firms who have advertised similar openings.  One of the firms whom I interviewed with, I really liked.  They have dynamic leader, a solid market presence, and they offered me a competitive compensation package.  On its own merits, it is definitely an offer that I would accept and be happy with.

Toward the end of my process with them, I was the contacted by another large consulting firm, and I went on an initial interview with them – and it also went well.  Although the roles are similar, the second firm is a bit more “prestigious” than the first, and in my opinion has a better external brand.   After the initial interview, the internal recruiter told me that the remainder of the process would take an additional two weeks to complete.

My offer with the initial firm is roughly a week old and is approaching expiration.

I would like to know what my boundaries are here.  I do not want to jeopardize my offer with the first firm, but I do not want to accept the role without hearing the second firm our, and reviewing their offer.   Is asking them to wait an additional two weeks an option?  Am I in jeopardy of “burning bridges”?

Any help would be appreciated.


Mr. Heinz 


Dear Mr. Heinz –

What your are really asking is how long is an acceptable time to “Make Them Wait” for your decision, without burning a bridge.

First some guidelines – an acceptable time to evaluate an offer is a week.  If you were more senior, I could even see that 10 days could be acceptable, maybe even 2 weeks,  especially if it involved a relocation.  But at your level, a week is ample time – anything else is excessive and somewhat disrespectful.

The best thing that I can share with you, is that you definitely have the right to evaluate all of your options before making a job change, you have to remember that the practice leaders of these firms (who will be your managers and bosses) are highly competitive and have a good amount of pride (or else they would not be in charge).  In addition, what would make losing this recruitment battle worse, is the fact that they would be losing out to one of their competitors.

So you need to be careful.

To give you some perspective, I want to introduce a scenario to you, that should be able to provide you with clarity:

You go out an interview with a company.   You interview well and the company states that they like you – and they believe you are a good fit.   At the end of the interview process, they basically say this – Mr. Heinz – you are an excellent candidate, have all the skills to do this job correctly, and we would want you on our team – however, in three weeks we are expecting to interview another candidate with very similar skills, compensation requirements, and personality -  we would like for you to wait three weeks – so that we can compare them to you – and so that we can elect to move forward with either you or the other candidate.

How would you feel?  How would you view the opportunity?  Would you feel good about going to work at an employer where they have essentially told you that you may be a second choice, or a fall back option?

Chances are, your feelings would be hurt.  All of the good will would be sucked out of the interview process and you would want to consider working at other places – not because of the role, but because how you were treated.

This is how the hiring manager at the other firm feels as a result of your actions and intentions.

My advice would be to accept the position with the first firm.

The roles are basically the same.  You are going to gain very similar experiences.  The compensation packages are going to be very similar in the end as well (within about 5K).  The first firm treated you well, you were comfortable, and you liked the environment – essentially what more could you want.  Large information security consulting firms basically have similar brands – and are looped together – there is essentially no branding difference between consulting firms that offer a broad range of security consulting services.

If you turn this position down, you are essentially going to “burn the bridge” because of how you handled the process.

In the future, the way to avoid this is to let all of the firms that you are interviewing with know that you are looking to make a decision by a specific date.  You can tell them that you would like to have all offers by a certain date, so that you can evaluate them side by side.  By setting this expectation, you demonstrate that you are a good communicator, you are well thought out in your approach, and you establish ground rules so that they can control the timeline of your hiring process

In closing, you are a first time job changer, so you should be forgiven for this.  But in the future, you need to learn from this, so that you do not find yourself in this situation again in the future.

Hope this helps,

Lee Kushner


Posted by lee | Filed Under "The Other Side of The Desk", Advice, Behavior, Career Advice Tuesday, Interviewing, Position Selection, Recruiting | 2 Comments 

Career Advice Tuesday – “A Little Nudge”

May 22, 2012

Dear Infosecleaders:

I have been searching on my own for employment as an information security architect for the past couple of months, and I am hoping that you can help me with the mechanics of my job search.

First of all, in a former life I ran security architecture for a notable financial services institution and most recently served as an technical security architect for a professional services and information security product company.  My skills are current, my compensation requests are reasonable, and I have very good references.

The main reason that I am looking for work is that the travel associated with my current role is just no longer conducive to my family situation and the life that my wife and I would like to lead with our young children.

Through a colleague, I was introduced to the hiring manager at a pretty well known company with some interesting technologies that align with my skills.   Upon introduction, I both spoke and met with the hiring manager within a week, was told that that I was a good fit, and that I would be engaged by HR to complete the interview process.   A week later, I had a brief 15 minute phone call with HR, which went well (not much was discussed), and was told that a final interview would be scheduled for the following week.

Well, that was about 30 days ago.   I have not heard back from them.  But, I have heard from another company (a distant second choice) and I have been told that they are going to be making an offer within the next week.

Do you have any advice as how to (re)-engage the initial firm and help get me to the finish line – and to understand if they are going to want t hire me or not?


The Waiting Place


Dear Mordecai van Allen O’Shea:

The answer to your question is simple -  you need to write an e-mail to the hiring manager explaining the situation and ask for their help and guidance.  In the letter you should state the following:

1)   Your last discussion with HR was 30 days ago

2)   It was left that you would be contacted about setting up a final interview

3)   You have a real interest in the role

4)   You have another suitor, who albeit worthy, is not your first choice

5)   You will need to make a decision in the next 10 business days.  (This gives them time to react)

First, the reason that you send the e-mail (initially) is so that the note may be forwarded to others in the company.   (You should follow up with a phone call, for a personal touch)  Second, there is nothing wrong in giving your potential employer the courtesy of a reminder of your candidacy, and providing them with an understanding that you will not be waiting around forever for them to execute.  Finally, the goal of this letter is to inspire an action – either a message that they will be scheduling the final interview,  or some notification that you are no longer in consideration.    By gaining an understanding of this, you can figure out how to deal with the other suitor, and manage the remainder of your job search.

I guess the best thing to share with you is that sometimes people get sidetracked, interview processes get mismanaged, and recruiting takes a back seat to other pressing issues.

You should not be offended by this, and do not take this personally.

Sending a friendly and polite reminder, to inspire an action, is perfectly acceptable, especially if it is handled with tact and respect and gets you to the Places That You Want to Go!

Hopefully this helps,

Lee Kushner

Posted by lee | Filed Under Advice, Behavior, Career Advice Tuesday, Interviewing, Position Selection, Recruiting, Uncategorized | Comments Off 

Next Page »