Information Security Professionals: As the CEO of an executive recruitment firm that specializes in Information Security and Secure Electronic Commerce, I disagree with your generalizations about "headhunters" and particularly two statements: 1) You state that "telling a headhunter your skills is dangerous" - on the contrary, misrepresenting your skills, compensation, and background is unacceptable. If you misrepresent any of these items, an employer has the right to fire you, even if you have accepted a position. Rule #1 about interviews and working with "headhunters": NEVER LIE! 2) You talk about searching the web for "honest job listings." The web is a place where you blindly submit a resume to HR departments, who generally do not understand the skill sets of an information security professional. By posting a resume on the web, you are guaranteed to get phone calls for positions that are not applicable to your skill sets. If you can find a "headhunter" that serves as career counselor, as opposed to an "apartment finder", than you have a valuable asset. Some things that you should ask before you work with a "headhunter": 1) What do you know about the Information Security Industry? 2) What are your policies on confidentiality? 3) Who will my resume be sent to? HR or a direct hiring manager? 4) If I decide to take an interview, what will the process be like? 5) What is my career path with this position? 6) What will my responsibilities be if I accept this position? By the way, certifications and degrees are nice, but employers want to know what you have actually accomplished. A knowledgeable recruiter will be able to articulate your past experiences whether it was on a college campus, an internship, or as an employee. A search firm who has contacts within the industry is valuable, but the search firm that can advise you how to position your career and grow your skills, is invaluable. I apologize on behalf of all of the qualified information security recruitment firms on your unfortunate dealings with "headhunters". Sincerely, Lee Kushner L.J. Kushner and Associates, L.L.C. (732)577-8100 Suite 302 36 West Main Street Freehold, NJ 07728 www.ljkushner.com -----Original Message----- From: ari [mailto:edelkindat_private] Sent: Wednesday, February 16, 2000 6:43 PM To: SECURITYJOBSat_private Subject: Re: Job question. A computer science degree means little in the computer security or unix administration fields. On the job, what really matters is whether you have the proper skills. Headhunters (recruiters) do value a degree, however, and some even go so far as to turn away applicants without one ("My client stated they want an applicant with a degree."). In many cases, the type of degree does not matter; some will accept someone with a degree in botany for a unix administration or security position. Telling a headhunter your skills is very dangerous. If you don't have "work experience" (this excludes volunteering and self-education) to back up your claims, they won't let you _near_ a senior (and quite possibly not even junior) level position. But when it comes to entry-level positions, your skills mean everything: if you have too many, you're overqualified, and they send you away. Some recruiting firms will offer you packaged computerized tests in your field (...or a similar one, by their standards). From my experience, taking these tests is generally a bad idea. In doing so, you're asking for someone who is completely ill versed in your field (they know media hype, and that's about it) to evaluate you, and you will have no idea of the outcome. I once took a test at a recruiting firm in unix administration. When i hailed the test administrator and showed her the several errors i had found in the test up to that point (some questions had no acceptable choice, some had two, and in others, even the examples wouldn't work), she said "Oh, yeah, some other people said that too," and left. At that point i got up and walked out, as i had more important places to be. If you're looking for your first job in a field of which you have a lot of _practical_ experience, and you don't want to be completely bored, you may want to try foregoing the headhunters and going for direct communication with the employment contacts of various companies (though some will only work through recruiting firms, unfortunately). Go to various unix or security sites and visit the employment section. Check UGU (www.ugu.com) periodically (i.e. every day) for honest job listings (many entries are from headhunters, but they're generally easy to spot). And of course, weed through the postings on the securityjobs list for ones you can actually use. If you really must go through a headhunter despite all of this, here are some things to keep in mind: 1. Be very careful with your resume. Some require that you state an objective, and some (usually the more enlightened ones) will throw away any papers that list them. You will probably want to give them your resume without an objective first, and if they complain, resend it with the objective. Always give them only what they need or want to know; they usually hate extraneous information. 2. As far as skills on resumes are concerned, very few (albeit some) headhunters are impressed by lots of skills. Most that i've seen have taken out a pad of paper, written down my past jobs (and perhaps one or two skills), and held that as my resume. 3. Many people who go to headhunters will be less knowledgeable than you, but will lie on their resume. They will probably end up getting the jobs that you are qualified for. You can live with it, or you can lie on your resume too. When i was in this situation, i chose not to lie; i ended up getting a job through UGU instead. 4. Keep your references handy. If a headhunter agrees to send your resume to a client, they will not then wait around for you to send them your references if they have others waiting as well. 5. Headhunters generally like certifications -- any of them. If you have an MCSE, you will be much better qualified for a position relating to security or unix, as far as many headhunters are concerned. I'm sure (i hope) there are some headhunters who know their elbows from... well, other body parts... as far as unix, networking, or security is concerned, but (no offense to headhunters) most do not. Any information held within this document is based on my experience with the headhunting (recruiting) industry and with company employment contacts. I have personally experienced at _least_ two cases of any incident mentioned herein (with exception to the note about the unix administration test; i have taken more than that one test at more than that one recruiting firm, in fact with a very similar outcome, but that exact incident happened only once). Please note that i am in no way trying to demean or offend headhunters. They are as essential as apartment brokers. Take that as you will. ari P.S. - Whether you can expound your dabbles in "The Dark Side" at an interview depends on who you're interviewing with. But no, you would definitely not want to try this with a headhunter. jasonthomasmurphyat_private said this stuff: > I don't know if this is the proper forum to ask or to discuss this question > but here it goes. > > I am a recent graduate with a degree in Computer Information Systems > (Computer Science Degree where a Business minor substitutes for the Math, > Physics, and Chemistry classes) and have been looking for a job for about > the last 6 weeks and have noticed a pattern. About every Computer Security > job posting I read is for a Senior position. I have yet to see a Junior or > entry level Computer Security job posting, although, I think being a Network > Admin is a at least Junior Computer Security job. > > Now my question is, how do I break into (No pun intended) the Computer > Security field? I have been following the Computer Security Scene for about > 10 years as a hobby/passion and I never have had job in the Computer > Security field. How do I convince job recruiter that know Computer Security? > I can not state at a interview that I have broken into machines and have > done some activities that would be considered illegal or at least immoral. I > also can not prove that I have done work for other people (Helping people, > clubs, organizations that need security help). What can I do to get > recognized? > > So what should I do? Any help or recommendation of any kind would be greatly > appreciated. > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:13 PDT