InfoSecLeaders on Securabit Podcast- Tonight

December 15, 2010

Wanted everyone to know that I (Lee) am going to be a guest of the Securabit podcast this evening.  I will be discussing and answering questions about career planning, the employment market, compensation, and general information security career advice.  I will also be giving a preview of the Professional Development Track at the RSA Conference, which will be offered on Monday afternoon, prior to the standard conference sessions.

If you have any question that you would like to have answered anonymously (similar to Career Advice Tuesday format)  -please send them today to lee@infosecleaders.com – I will be happy to try to incorporate them in the discussion.

Posted by lee | Filed Under Advice, Social Media | Comments Off 

Infosec Recruiting Social Media Experiment – “Unique Entry Level Opportunity for Future Infosecleaders”

August 13, 2010

Mike and I have often debated the power and practical applications of social networks.   Mike regularly urges me to utilize social media in our recruitment process – and I regularly object.   In addition, we have read and fielded many questions about entry level positions and “breaking into” the information security industry  – and the fact that there are not many solid entry level roles (1st or 2nd jobs) for bright, talented “future” infosecleaders .

Recently, I have come across an opportunity through my recruiting business where we have the opportunity to combine the two – and I have decided to utilize Twitter and our blog to introduce this opportunity to the Infosecleaders community, and  find the right candidate for our customer.

I am looking forward to seeing the outcome.

Here is the position description:

The Client

The client is a well respected, highly specialized security consulting firm that has Tier 1 clients – most of them based on the West Coast.  The position that we are searching for would be based in Seattle  (near their corporate HQ))- and there would be limited travel.

The client has been in business for close to a decade.  They are comprised of some very well recognized information security professionals who built their careers at some of the leading edge security companies in the earlier part of this century.

The client offers a flexible work environment, predicated upon the maturity of the candidate and the ability to service their customers.  The client is supportive of a constructive industry presence – whether it is related research, public speaking at local or national security events, or writing.

The Basics

Our client is looking for an information security professional with both aptitude and passion, and an interest in software security and a desire to learn about security in the software development life cycle.

The candidate that we are searching for will ideally have some work experience – 1-4 years, or have recently graduated from a respected university (either bachelors or masters or Ph.D) with a degree in computer science, computer security, or other related disciplines.  Ideally the recent graduate would have had some practical experience through the course of their studies.

Experience in environments that include information security consulting, software development, quality assurance, web app development or penetration testing – would be beneficial – but not a hard and fast requirement.

It would be great if the candidate came with a good foundation of technical skills  – but if your skills are just good – but you have aspiration for them to be great – that could be acceptable as well.  If this is the case, we will ask you to demonstrate examples of this desire during our pre screening process.

The Opportunity

The opportunity is two-fold.  The first component of the opportunity is a bit more process focused and requires that the candidate to have some good organizational skills – serving as a central point of contact for the management of the operational tasks of a technical information security engagement.   The opportunity will enable the candidate to get a first hand look into enterprise software security and how secure software development is done correctly. (This would be the part where you “pay your dues.”)

The second part of the opportunity is the ability to learn and evolve. (here is where aptitude and passion come into play) The candidate will undergo guided training by the senior members of the team in areas that include software security,web application security, penetration testing, and reverse engineering.  (This will be the part where you accelerate your career.)

The idea, is that after some time – the candidate will evolve into a security professional with developed expertise in these areas.  They will develop customer skills, organizational skills, consulting skills, and have exposure to world class clients.

Compensation

The salary for this role will range between 55-85K – depending on the amount of work experience and the quality of education.  I would say that the sweet spot is probably between 65-75K.   

The candidate would also be eligible for a bonus – based on their performance and company success.  The company has a demonstrated history of  paying bonuses to their employees.

The company pays fully for individual/family medical benefits (health care and dental) – this is fairly unique in these economic times.

The company is willing to assist in the relocation to Seattle – as a guide, if you rent an apartment and can place your stuff in a u-Haul – you will be fully covered.  If you own a home – this will be quite difficult.

Procedure:

My first expectation for this experiment is that people will only apply to the role if they fit the parameters that I have outlined in the description above.

For example – If you do not want to live in Seattle – please do not apply.   If your salary demands are over 85K – please do not apply.  If you do not have an interest or aptitude toward software security -please  do not apply.

If you do fit the requirements, please submit your resume  (word or Adobe format)  to lee@ljkushner.com – in the subject line please write “Recruiting Social Media Experiment”.  I would also like to know what about the opportunity is particularly appealing to you.

All qualified submissions will receive a call from either myself or one of my experienced information security recruitment professionals – within 3 business days – to conduct a more detailed interview and to answer particular questions about the client and opportunity.

If you do not receive a call in 3 business days, please call my office directly at 732-577-8100 – sometimes e-mail gets swept inot junkmail folders.

As always, resumes will not be submitted to our client without your consent, after learning more about the opportunity.   Confidentiality is always observed.

Experiment:

I am going to provide some regular updates (via the blog)  on this experiment to chart the progress and share some issues.  If it is successful, I may begin to utilzie this method more – for some unique opportunities.

Lets see how it goes.

Lee Kushner

Posted by lee | Filed Under Recruiting, Social Media | Comments Off 

Blog Writing Results in Job Interview

May 29, 2009

Many times over the past year, we have provided advice regarding developing a public brand and professional image by utilizing social media.   Recently, I have been able to see this in action. 

(Due to the level of confidentiality involved in the interview process, I can not reveal the identity of my candidate, his blog, or his twitter feed, but the following will serve as a summary of the events that took place.)

The candidate’s career had taken him on a journey where Information Security was not the original function of his employment, but through his own personal interests, accomplishments, and commitment, his position had evolved into the company’s only dedicated information security professional.  In his current role, he is well respected by management and has been capable of affecting positive change in both the areas of technology and business process.   However, information security had only become his full time job function for the past six years, and some recent changes in corporate direction had caused him to begin searching for a new opportunity. 

My client is the Information Security leader for a company that has a sizable commitment to Information Security.  Due to this level of commitment, he was searching to hire a Senior team member to assist in carrying out their Information Security initiatives.  The key term here is Senior, and the definition as it applied to his team.

The client was pretty stern in the fact that Senior meant having a minimum of ten years dedicated to the Information Security profession.  This was a derived from his experiences in leading his organization and what he found to be effective in both hiring and retaining talent in his organization.

Remember – what I believe is not important in this situation.  He is the customer, he is the Information Security leader, it is his team, and my job as a recruiter is to carry out his wishes and find the candidate best suitable for him.   I have to trust that he knows his organization a lot better than I do, and his experiences hold the key to his success in team building.  I also know that if we locate a candidate that meets his criteria, my candidate has a better chance of career satisfaction and longer term success.

Here is the problem – my candidate only was able to demonstrate 6 years of dedicated experience on his resume, and my client wanted a minimum of 10.  When I spoke with my client, I urged him to reconsider his stance, and give my candidate credit for the other years of experience when Information Security was only a portion of his job function.   In addition to that, the candidate had made us aware of some industry activities that he had participated in, conferences he attended, and his personal blog,  He also let us know that he was a guest on a few security related podcasts.  As part of our candidate presentation, we referred the client to these resources.

The next morning, we received a note from the client expressing how impressed he was with the candidates written communication skills, his thought processes, and the content contained on his blog and twitter feed.  He said that it was possible that his initial impression may have caused him to overlook a solid candidate, and  asked us to coordinate an interview and initiate the interview process.

What I can tell you, is that this is purely a case where it was not the resume that opened the door, it was his blogging and his demonstration of his knowledge in the public forum that provided him with the opportunity for consideration. 

At this time, we are only at the beginning of the process and a lot is yet to be determined.   I will let you know the results in a later blog entry.

“Keep Blogging!”

Posted by lee | Filed Under Advice, Social Media, Story | Comments Off 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent Posts

  • “Why The Show Must Go On”
  • Career Advice Tuesday – ” Noone Will Come Work For Me”
  • Career Advice Tueday – “Getting Past the Gate-Keeper”
  • Career Advice Tuesday – “Three Experiences – One Resume”
  • CAT – Clearing Some Things Up – Advice and Predictions for 2012
  • Career Advice Tuesday – “Infosec Leaders Need To Be Good Recruiters”
  • Career Advice Tuesday – “Surprise Bonus”
  • Career Advice Tuesday- ” Help! New CISO Has A Bad Reputation”
  • Career Advice Tueday – “On The Road Again?”
  • Career Advice Tuesday – “Should I Audition?”

• Categories

  • "The Other Side of The Desk"
  • Advice
    • Career Advice Tuesday
  • Behavior
  • Branding
  • Compensation
  • Interviewing
  • Leadership
  • Networking
  • Personal
  • Planning
  • Position Selection
  • Recruiting
  • Resume
  • Security Industry
  • Skills
  • Social Media
  • Story
  • Survey
  • Uncategorized
    • Presentation

• Archives

  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009

• Links

  • Anton Chuvakin
  • Exotic Liability
  • Liquid Matrix
  • Martin McKeay
  • PaulDotCom
  • Room 362 - Mubix
  • Securosis - Rich Mogull