10 Reasons How HR Will Measure The Security Professionals Get Hired
Sign in

10 reasons How HR will measure the Security Professionals Get Hired


Security Careers: 10 Reasons Why Security Professionals Get Hired
Top security executive outlines what he looks for in new hires. How do you measure up?

1. Results focus (i.e., a demonstrable track record of getting things done)
I am looking for people who can demonstrate to me that they not only know and understand information security, but they have implemented successful programs or have led business-driven initiatives to successful completion. When I interview candidates, I routinely dig deep in this area to try to gauge whether the individual truly has a track record of success.

2. Passion
Frankly, I expect to hear from candidates that they are passionate about information security -- but that’s not necessarily what I want to know. What I really want to know is, what is their passion? It could be music, sports, or art. It doesn’t matter -- I just want to know that the individual has depth and is passionate about something. From my perspective, someone who has a passion for something -- anything -- is a person who I find interesting and will excel professionally.

3. Operational experience in multiple IT disciplines
Operational experience provides a critical foundation in IT management. Knowledge of and experience in operational processes -- in areas such as mainframe operations, networking/communications, logical access, and application development -- provide valuable and tangible experience that enriches the individual’s capacity to understand complex IT-related business problems.

4. Commitment to continuous personal development
Candidates often come to me and say how interested they are in information security -- but when I ask them what steps they have taken to learn about the profession, they tell me that they plan to sign up for training at some point. I like to see people who have shown commitment by actually completing training or are achieving a professional certification. Participation in security-focused user groups, volunteer work, or other related areas of academic study also demonstrates this commitment.

5. Self-awareness
It's often difficult for me to give direct feedback to an individual who earnestly believes he or she is the best candidate -- but is clearly nowhere near ready for the job in question. Self-awareness is a leadership trait that requires individuals to take stock of their skills, understand how they are perceived by their peers and their managers, and develop a personal development plan. Seeking feedback, accepting constructive criticism, and demonstrating a willingness to act on this feedback are all fundamental to success in a security position.

6. Strategic thinking
Sun Tzu, in the oft-quoted "Art of War," had it right when he said, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." The ability for individuals to understand how their tactical efforts support and influence the success or failure of the strategy is important -- and it becomes increasingly more important as you move up the food chain. Here, I’m looking for the candidate to talk to me about how his or her strategic focus enabled the team to achieve a stretch goal, and how his or her tactics and direct leadership influenced a positive outcome.

7. Ability to lead change
Leading change is a fundamental leadership skill. As innovation marches forward, so, too, do the threats that we have to deal with. Dealing with the constantly evolving threat landscape requires innovation by information security professionals, who often must help to re-engineer business processes or deploy new technologies to mitigate the ever-evolving risks. I expect a candidate to be able to articulate his or her experience as a leader of change. I want to know how they did it -- and what the outcome was.

8. Ability to strategically influence others
This leadership trait seems to come naturally to my 11-year-old daughter, who seems able to get me to do whatever she wants. She knows what makes me tick. I look for individuals who are resourceful, who can leverage their personal network of peers, and who can mobilize and garner support for projects or initiatives in support of my overall strategy. I ask candidates to describe instances when they used their strategic influencing skills, what techniques they used, and what the outcomes were.

9. Communication skills
Effective security awareness communication, management reporting, and trend analytics are some of the key aspects of a strong information security communication program. It is difficult to find security professionals with the ability to speak articulately, to interpret complex trend analysis, and to draw conclusions from that data tailored to a specific audience (e.g., techie groups versus non-techie groups). Nonetheless, when done right, this kind of skilled communication yields amazing results. Candidates should be able to describe their communication techniques and demonstrate their abilities.

10. Strong personal ethics
At the end of the day, we are in the business of trust. I demand a high degree of personal ethics. I believe that as information security professionals, we must hold ourselves to a higher standard. As a CISSP, myself, I know that I am held to a code of ethics. A professional credential that stipulates such a code, while no guarantee, is a good start toward finding the right candidate.

start_blog_img