Random Thoughts from the "Peanut Gallery"

From: Ken Pfeil (Kenat_private)
Date: Tue Jun 19 2001 - 11:25:53 PDT

  • Next message: Paul Innella: "Accreditation Opportunity"

    Hi All,
    
    There's been a lot of postings and webpages popping up on the internet
    regarding failed companies by security professionals. This is just a small
    bit of advice to both ex "Dotcom-ers" and recruiters.
    
    To the unemployed security professional (ex dotcom-er):
    First off, you are not alone. There seem to be more and more joining the
    ranks everyday.
    
    You may spend MONTHS searching for the right opportunity. Right now in this
    market, you probably will not find anything worthy of your skill set. Be
    prepared to "settle". Your resume may eventually make it into a stack on
    some entry level HR person's desk, who will scan it for "buzzwords". These
    are the same people who wouldn't know security if it were dating their
    daughter.
    
    Be prepared for the "you don't seem to have enough experience on Widget A"
    speech, even though you've tried to pack 14 years of applicable experience
    into 4 condensed still-readable pages. For example, If your resume has
    strengths pertaining to one operating system, they'll say that you don't
    "have enough experience" in an operating system that you've only got 8-9
    years experience with. That's if you are lucky enough to receive feedback at
    all. If your resume was sent by a recruiter to them, chances are you won't.
    Find out as much as you can about the position BEFORE your resume is sent,
    and fix it to suit the position. If you don't have a "Big Five" background
    in security, you'll probably need it. Believe it or not, many smaller
    companies (where most of the "good" jobs are) rely on the sole opinion of
    "Big Five" (or is it 6 now?) consultants. And a few of those know less about
    security than the HR person (above). Chances are, it'll be the one with a
    "professional axe" to grind with you, or the "clueless one". Be prepared :-(
    
    Your experience at the now defunct "DotCom" is just that, experience. Let it
    go. You probably won't find that level of opportunity in the "real world".
    Case in point: I was Chief Information Security Officer. There are not that
    many positions available like this today. Few and far between. Be prepared
    for a hefty pay cut and demotion in job description and responsibilities.
    Your spouse will have to go back to work, so don't cut off your relationship
    with your children's daycare and lose that slot just yet.
    
    Don't burn bridges with the management of the company you worked for, now
    matter how bitter you feel, or how badly you think things were mismanaged.
    These very same people can do great damage to your career prospects with
    merely a few words, phone call, or email.
    
    Your best bet on finding employment is to network with fellow professionals
    and contacts in your field. This list is an invaluable resource in that
    respect. Use it.
    
    Job Boards suck. Your resume will wind up EVERYWHERE for EVERY POSITION
    conceivable. You will receive many calls, but few offers. Many of these will
    come months or sometimes even years after you've found "gainful" employment.
    
    Keep you nose to the grindstone, for better days are a comin'.
    
    
    For the recruiter:
    
    Do NOT take someone's resume unless you have a position available that
    matches the potential candidate's career interest. We don't want to hear
    about the position unless there is funding for it, and it actually exists.
    "VaporJobs" (Jobs that don't yet exist) will not pay the bills.
    
    Do not send candidate's resume without his/her consent. There are fewer
    things more frustrating that looking like a complete moron all because two
    agencies sent their own marked up version of your resume in for the same
    position at the same company. Companies tend to "file 13" you over this.
    
    Communicate with the candidate regarding his/her candidacy for the position.
    Follow up with him/her. Don't make the candidate call you for a status. If
    the candidate emails you, email them back. If you say "I'll talk to you at
    4pm" to a candidate, call him back. I've "blacklisted" several agencies on
    this alone (You know who you are, don't make me say it :) .
    
    Work on developing a relationship with the candidate. As discussed above,
    the candidate will probably not stay his entire career in one place.
    Especially dotcom'ers. Companies close up shop all too quickly nowadays. So
    you've got your fee. Now what, you're done? Nope. Keep in contact. This
    person may just be the hiring authority at his next company.
    
    Have a working knowledge of the position that you are presenting to the
    candidate. You look really silly to the candidate when you say "Well, I'm
    not the one handling that position so I don't know that much about it. Let
    me forward your resume to Joe Schmo. He'll call you back". Why didn't Joe
    Schmo make the call to you in the first place?
    
    Have a relationship with the client who is searching for a candidate. Be
    able to ask questions. Be prepared for the clueless, buzzword skimming,
    low-level HR person "blackballing" resumes. Many excellent candidates are
    skipped over merely because of the lack of "buzzwords", even though they
    have YEARS of experience. If you know they are qualified, do whatever you
    have to do to get them in for an interview. The candidate will have fond
    memories of your company because of this.
    
    Well folks, this is off the top of my head and I hope my hindsight benefits
    someone. If anyone has any more feedback, I'm all ears. Maybe we should
    start an FAQ?
    
    Best Regards and Good Luck,
    Ken
    
    Ken Pfeil
    Former Chief Information Security Officer
    Some DeadDotCom (I'm legally bound from mentioning the name in a public
    forum)
    



    This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 20:37:05 PDT