Category Archives: Interview Tips

attract cybersecurity talent

Looking to Attract Cybersecurity Talent? Enhance Your Covert Ops. Domini Clark to The Staffing Stream

InfoSec Connect founder and cybersecurity recruiting expert Domini Clark shared her tips on how to attract cybersecurity talent in a recent article in The Staffing Stream.

Excerpt from the article:

Cyber-attacks are on the rise, with a 38% jump in security incidents from 2014 to 2015. Companies in all industries are vulnerable, regardless of size – some 43% of attacks target small business. Attacks can cost into the millions for a single data breach, and more than half of these costs are related to lost business due to customer churn.

Since the best approach is prevention, it’s clear that cybersecurity needs to be part of your IT program. Finding the right talent is not so clear. Cybersecurity professionals are a unique group, so you’ll need a recruitment approach that is different from what you’re using with other positions.

A Unique Profile

The best in the trade think like the criminals they oppose, enabling them to anticipate hacker tactics and identify chinks in a system’s armor. Insiders joke that superstars have an “evil bit” (as in bits and bytes) in the code of their personalities. “Paranoid” is too strong a word, but they tend to be hyper-cautious, and some take pride in operating under the radar.

Very few post résumés, so you’ll need to leverage your best networking skills and hardcore power searching techniques. Be creative, Sherlock. But don’t email a link — they don’t click on links from unknown sources. Send a PDF with instructions for connecting with you.

Sell, Sell, Sell

Some estimate that half of cybersecurity professionals get a recruitment call at least once a week. If you reach out with a standard list of duties and requirements, your message will wash out among all the other background noise. You have to court talent in all areas, especially with hard-to-fill roles. Don’t think of it as a job posting, think of it as a sales pitch. Instead of focusing on what your company needs, lead with the selling points that will engage your target audience.

In general, cybersecurity professionals want the opportunity to:

  • Take on intriguing work that is varied and unique.
  • Try new tools and techniques to keep up with the ever-evolving threat landscape.
  • Do more than just scratch the surface, including taking some deep dives into systems and code.
  • Work remotely, even if only two or three days a week.
  • Receive recognition and rewards, like the rest of us.

Apply Social Media Liberally

The content doesn’t have to be about job openings. Think of social media as digital pheromones that make your company attractive. Have team members in all disciplines share their ideas and insights. Blogs and tweets help establish your company as a thought leader, enhancing your brand.

But be sure to target the cybersecurity community specifically, including forums and discussion groups. Encourage your existing cybersecurity and IT talent to write blog posts and white papers on the topic. Spray those pheromones where they’ll get the best results.

Stay Loose

With a pool this small, you can’t run an effective search if you focus only on screening people out. Loosen the requirements. For example, since security threats are constantly evolving, a degree probably isn’t as important as current experience. Another tactic: Instead of asking for five to seven years of experience, ask for three to five and highlight the opportunity for career growth.

Hopefully you weren’t expecting fast and easy tips for recruiting cybersecurity talent. You’ll have to invest time and money, but you can think of it as insurance against multi-million dollar losses.

Infosec Candidates

InfoSec Candidates Say: You Snooze, You Lose!!

Increase Your Success Rate of Hiring Infosec Candidates

Okay, we all get it, it’s a tight labor market and information security and the demand for infosec talent is far outstripping the supply of information security professionals available.  This is causing a huge shift in mindset for many HR departments round the globe.  No longer can you run a candidate through 5 interviews over 2 months and expect them to be sitting on the sidelines patiently waiting for you to make a decision.

Smart companies are making BIG changes.  After losing top tier candidates to competitors, one company decided to speed up the process and take more risks in order to hire more, better candidates.  What had been at least a three-month interview process with a consensus hiring posture involving four different Directors, has become a two-week process from interview to offer.

In this case, one Director is in charge of the process and the timing is closely monitored by the CEO, who is deeply invested in making hiring work.  Once a candidate is presented to the Director, the clock starts.  Initial interviews are held within days, an onsite interview is scheduled for the next week and the offer is prepared and available for delivery at the time of the second interview with the hope that there is mutual interest.

Here is the skinny on what makes this work:

  • Executive buy-in (this cannot be stressed enough)
  • Flexibility in HR process
  • Risk tolerance
  • Team participation
  • Candidates are prepped for a swift hiring decision
  • Firing decisions with “bad hires” are handled swiftly

Without all pieces in place, this process does not work.  Leadership MUST take the lead in a cultural/process shift of this nature.  Everyone in the organization must know that the risk of losing top tier talent is far more caustic than the possibility of a making a bad hire. Most of us have policies in place that afford us the ability to remove bad hires from our organizations, yet we are loathe to utilize them.

Take a risk.  Your competition is starting to get the hint and you might get left behind!

Overanalyzing Resumes

Stop Overanalyzing Resumes!

Do you work with a hiring manager who is guilty of overanalyzing resumes? If you’ve been in recruiting for more than a minute, you know the manager I’m talking about.  This is the person who has never misspelled anything, never left a word out of a sentence and is remarkably able to pick out the slightest change in font or font size.  What is imperceptible to the rest of the world is glaringly obvious to this person. Continue reading Stop Overanalyzing Resumes!

Interviewing the Employed

Don’t Waste My Time: Interviewing the Employed

Let me paint the picture.  You work for ABC Company and you have a critical hole in your information security team.  You need someone smart, experienced and dedicated – and you need them fast.  However, all of the candidates who actually meet all of those qualifications are already working for someone else and there are at least 50 other companies in the market hunting for this same talent.  Sound familiar? Continue reading Don’t Waste My Time: Interviewing the Employed

interviewing your future boss

5 Tips for Interviewing Your Future Boss

Interviewing is a two way street and everyone knows that the information security market is a “candidate market.”  With more jobs than talent and plenty of positions for most infosec professionals to choose from, it is extremely important to interview your next boss with the same scrutiny as the company is interviewing you.  Making sure you’re not working for an unstable, unpredictable or volatile boss is extremely important.  However, this type of interview must be handled class and savvy.  Here are five tips for interviewing your future boss. Continue reading 5 Tips for Interviewing Your Future Boss