Playing The Job Hunt GameTop 3 Tactics for Securing a Win
Remember playing blind man's bluff as a kid? Blindfold in place, you'd run around the yard trying to grab "it," bumbling around and occasionally falling down. Looking for a job in a weak economy can sometimes seem like a game of blind man's bluff. You know what "it" is and you hope "it" is out there somewhere, but you can't see "it," and you feel like you're grasping and groping in the dark. The fact is that job hunting today is a bit like a game. It can certainly be confusing and even a little scary at times. And if you haven't played the game in a while, you may be mystified by how the rules and the playground have changed.
See Also: What is next-generation AML?
Looking for your new job doesn't have to involve bumbling and stumbling, but you will need to apply new tactics along the way. First, some good news - information security jobs are available; in certain geographic locations (i.e. larger cities) there are lots of good information security jobs open at this very moment. In fact, demand for certain information security specialists currently outstrips supply in the marketplace. Take heart and know that "it" is out there if you have the skills and experience that are in demand. If you don't have those skills, start working on them - now.
Looking for your new job doesn't have to involve bumbling and stumbling, but you will need to apply new tactics along the way.
In today's environment you will inevitably discover that hiring managers can and will be extremely picky. Bad unemployment reports have convinced many hiring managers that there's an unlimited supply of technical talent just waiting to work for them. Job descriptions are frequently laden with very specific skills and numerous technical requirements that don't always reflect what exists in the real world. Unusual combinations of skills, experiences and industry sectors are not uncommon. There's a reason some position descriptions are called a "wish list."
Candidates who have 85 or 90 percent of what's required can be ignored or simply rejected when the hiring manager has the mindset that people are clamoring for new jobs. In one of my recent searches for a senior level security technology role, the hiring manager acknowledged that my candidate had 90 percent of what was needed. And he even acknowledged that the candidate could probably be mentored and learn the last 10 percent of the technical skills needed for the role. But the client declined to move forward with the candidate and asked that I continue the search. He's convinced that the perfect person is out there. If you're one of those who is "oh so close" to matching the job spec, keep in mind that close only counts in horseshoes. Yes, it's a clichÃ© but it's also a reality that job seekers have to accept.
One of the hottest areas in information security today is in the area of incident response. Every week I field calls from clients and potential clients who want to hire individuals who can respond to data breaches, intrusions, botnets and malware. Heavily regulated industries such as financial services, academia and healthcare have extraordinary needs at this time for individuals who can secure their networks and their proprietary and sensitive data and be ready to respond to and mitigate any damage after an incident. The way that hiring managers are chasing incident response specialists reminds me of another game, the version played by my daughter's first grade soccer team - There's the ball! Let's all run toward it!
Of course, it's not a game. Their personnel needs are real and must be addressed. However, if you're one of the lucky ones who can bring the technical know-how to respond to incidents, avoid displaying a swagger. You may feel like the hottest point guard playing basketball today, but you can be sidelined by saying to recruiters or hiring managers who inquire about your experience, "Google me." Humility and good sportsmanship are always in season.
Here are three things you can do to improve your chances of winning the job hunt game:
- Play Smart: Begin by assessing the competition. You can do this by looking at the profiles of some of your infosec peers on LinkedIn and by talking with people you know. Understand how they've presented their experience and accomplishments. Then determine how you can differentiate yourself, but don't go overboard and overstate your qualifications and capabilities. One thing I'm frequently asked to look for is someone who has built an information security program or a supporting function that falls under the broad infosec umbrella. If you've done that, make sure to include that in the executive summary section of your resume and talk about that experience early in any phone or in-person interviews. Architects and builders are needed. You'll have to demonstrate how you've brought a strategic vision to the function, but avoid calling yourself "a visionary." Remember that hiring managers are looking for humility and teamwork and not visionaries who may be too theoretical or simply impractical and prima donnas who may just be a pain in the neck.
- Bring Your "A" Game: I often hear people lament how time consuming it is to find a new job. Yes, it takes a lot of time and effort, so don't make a half-hearted attempt. If you're not serious about finding your next professional challenge, you're probably not going to find it. So save your energy and don't waste anyone else's time. Develop a detailed game plan for your job hunt. Know what you're looking for, as well as the kinds of companies or environments you want to be in, and lay out a timeline for your activities. When I speak with IS job seekers, I almost always start by asking them what they want to do next. I'm astounded and disappointed often because I frequently hear vague responses. If you've worked in the information security arena you should know the function, know what you're good at and know what you like to do. Distill that into two or three sentences and you will sound like a serious and self-aware candidate to recruiters and hiring managers.
- Play With Heart: Demonstrate your passion. Recruiters and hiring managers are looking for those candidates who love their work and are excited about their contributions to an organization. Sometimes, not always, that passion can help a candidate clear a screening hurdle to be seriously considered. One of my recent candidates has a passion for incident response. He's only had a little IR experience because his employer's incident response team is in its infancy, but this guy knows that's where he wants to focus his career. He's paid for external training and even obtained SANS certification as a Certified Incident Handler. I introduced him to a client who said they needed more experience, but they loved his enthusiasm and indicated they want to have him back in as soon as they are authorized to add a junior level incident response role.
If you're taking stock at this time and trying to figure out how to ensure a successful and lengthy career in information security, my advice is to look at the marketplace. Study what's in demand today. Then try to imagine how today's pressure points will morph and change, and think about what's likely to be the hot topic next year and beyond. Position yourself to be ready to respond to the changes that are surely coming. Look for training opportunities or new certifications that can prepare you to add value in these areas. I can't think of any field that is as dynamic as information security, so it's imperative that you respond accordingly. Stay current with the trends and problems bedeviling companies and organizations today and keep your antennae up for where things are headed. Keeping your eyes wide open, after all, is the opposite of blind man's bluff.
Lavinder is the executive director of Security & Investigative Placement Consultants, LLC. She has more than a decade of recruiting experience that focuses on placing investigative and security management specialists in large corporations and consulting firms.