Hi All, There's been a lot of postings and webpages popping up on the internet regarding failed companies by security professionals. This is just a small bit of advice to both ex "Dotcom-ers" and recruiters. To the unemployed security professional (ex dotcom-er): First off, you are not alone. There seem to be more and more joining the ranks everyday. You may spend MONTHS searching for the right opportunity. Right now in this market, you probably will not find anything worthy of your skill set. Be prepared to "settle". Your resume may eventually make it into a stack on some entry level HR person's desk, who will scan it for "buzzwords". These are the same people who wouldn't know security if it were dating their daughter. Be prepared for the "you don't seem to have enough experience on Widget A" speech, even though you've tried to pack 14 years of applicable experience into 4 condensed still-readable pages. For example, If your resume has strengths pertaining to one operating system, they'll say that you don't "have enough experience" in an operating system that you've only got 8-9 years experience with. That's if you are lucky enough to receive feedback at all. If your resume was sent by a recruiter to them, chances are you won't. Find out as much as you can about the position BEFORE your resume is sent, and fix it to suit the position. If you don't have a "Big Five" background in security, you'll probably need it. Believe it or not, many smaller companies (where most of the "good" jobs are) rely on the sole opinion of "Big Five" (or is it 6 now?) consultants. And a few of those know less about security than the HR person (above). Chances are, it'll be the one with a "professional axe" to grind with you, or the "clueless one". Be prepared :-( Your experience at the now defunct "DotCom" is just that, experience. Let it go. You probably won't find that level of opportunity in the "real world". Case in point: I was Chief Information Security Officer. There are not that many positions available like this today. Few and far between. Be prepared for a hefty pay cut and demotion in job description and responsibilities. Your spouse will have to go back to work, so don't cut off your relationship with your children's daycare and lose that slot just yet. Don't burn bridges with the management of the company you worked for, now matter how bitter you feel, or how badly you think things were mismanaged. These very same people can do great damage to your career prospects with merely a few words, phone call, or email. Your best bet on finding employment is to network with fellow professionals and contacts in your field. This list is an invaluable resource in that respect. Use it. Job Boards suck. Your resume will wind up EVERYWHERE for EVERY POSITION conceivable. You will receive many calls, but few offers. Many of these will come months or sometimes even years after you've found "gainful" employment. Keep you nose to the grindstone, for better days are a comin'. For the recruiter: Do NOT take someone's resume unless you have a position available that matches the potential candidate's career interest. We don't want to hear about the position unless there is funding for it, and it actually exists. "VaporJobs" (Jobs that don't yet exist) will not pay the bills. Do not send candidate's resume without his/her consent. There are fewer things more frustrating that looking like a complete moron all because two agencies sent their own marked up version of your resume in for the same position at the same company. Companies tend to "file 13" you over this. Communicate with the candidate regarding his/her candidacy for the position. Follow up with him/her. Don't make the candidate call you for a status. If the candidate emails you, email them back. If you say "I'll talk to you at 4pm" to a candidate, call him back. I've "blacklisted" several agencies on this alone (You know who you are, don't make me say it :) . Work on developing a relationship with the candidate. As discussed above, the candidate will probably not stay his entire career in one place. Especially dotcom'ers. Companies close up shop all too quickly nowadays. So you've got your fee. Now what, you're done? Nope. Keep in contact. This person may just be the hiring authority at his next company. Have a working knowledge of the position that you are presenting to the candidate. You look really silly to the candidate when you say "Well, I'm not the one handling that position so I don't know that much about it. Let me forward your resume to Joe Schmo. He'll call you back". Why didn't Joe Schmo make the call to you in the first place? Have a relationship with the client who is searching for a candidate. Be able to ask questions. Be prepared for the clueless, buzzword skimming, low-level HR person "blackballing" resumes. Many excellent candidates are skipped over merely because of the lack of "buzzwords", even though they have YEARS of experience. If you know they are qualified, do whatever you have to do to get them in for an interview. The candidate will have fond memories of your company because of this. Well folks, this is off the top of my head and I hope my hindsight benefits someone. If anyone has any more feedback, I'm all ears. Maybe we should start an FAQ? Best Regards and Good Luck, Ken Ken Pfeil Former Chief Information Security Officer Some DeadDotCom (I'm legally bound from mentioning the name in a public forum)
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:37:05 PDT