Home » Security Leadership » Career/Staffing

Make Yourself a Dream Security Job Candidate

A sharp suit and a set of acronyms won't be enough to land a top position. Leading recruiters share the specifics that make CSO job-seekers easy to place.

June 01, 2006 — CSO — Although security pros still find new jobs through personal networks, recruiters also hold the keys to many executive-level positions. The best recruiters know the job market better than anyone, and they know which candidates have the skills and talents that are most in demand. To help CSOs (and would-be CSOs) gauge how well they stack up, we asked four top recruiters—some with an expertise in information security and some with a corporate security bent—to describe the signs that indicate they've got a dream candidate on their hands. They told us the skills and capabilities that make a job seeker easy to place.

Joyce Brocaglia, founder and CEO of Alta Associates in Flemington, N.J.

We look for what I call a triathlete: someone who has strong technology skills and who has a lot of business acumen and understands risk. On top of that, the ï¿½overriding thing CSO candidates need to have is leadership.

The best way to differentiate themselves is to be able to describe a situation, the action they took and the results that were accomplished in a way that displays an overall ï¿½understanding of risk. If they just rolled out two-ï¿½factor authentication, I want to hear how they socialized the organization, how they worked with business lines in getting them to understand risks and benefits, how they managed the project and the team, and ultimately what the results were. I don't care about how many nodes and this and that. Did they display an understanding of the problems or risks before they implemented a solution? Did they tailor the solution to meet the risk appetite of the business?

CEOs are looking for somebody who has a holistic approach to risk and the ability to convey ideas that add value to the business. Candidates need a broad understanding of areas like business resilience, privacy, governance and compliance. Information security alone isn't enough.

Jeff Snyder, president of Human Capital Solutions in Woodland Park, Colo.

I can tell in 10 minutes if someone is a great candidate. It starts with the way their résumé is written; it starts with the way they correspond by e-mail. You have people who shoot out four or five words, who don't spell check or know what a ï¿½complete sentence is. And you have some who write more formally. When I do get to the phone, the people who can very specifically articulate their accomplishments separate themselves from the pack very fast.

Generally speaking, this caliber of person is not without a job. From a recruiting perspective. I'm not looking for someone who's unhappy. I'd rather find a person who loves his job, but the job opportunity I have available represents another career step. That's the best placement you can possibly put together. The time to make [job change] decisions ideally is before you have to. I prefer people who haven't put together their résumé in a couple years. Clients prefer someone who's not looking for a job.