Hi Clement, CIL- I've left the bottom part intact for clarification purposes. > -----Original Message----- > From: Clement Dupuis [mailto:cdupuisat_private] > Sent: Wednesday, June 20, 2001 7:17 AM > To: securityjobsat_private > Subject: RE: Random Thoughts from the "Peanut Gallery" > > > Ken, > > I think that it is not all that bad for everyone out there. Making bold > general statements about recruiters and other consulting companies is > presenting a picture that is not necessarily true. What bold general statements did I make? Did I single out any specific companies? No. The material was presented mainly for effect and evidently "hit home" with a great number of professionals in the field (Who's basic consensus was "Thanks, that needed to be said"), As well as some recruiters who are established in this field and do a fine job at infosec recruiting. Your Mileage May Vary... > > It is obvious from your message that you are bidder about your > situation but > that does not mean other people are all in the same situation and that all > recruiters are twits. Nor did I ever even remotely state that. I'm not bitter at all (not any more). I was at first when I was first laid off without notice (as many people are), but if you read below, that is what I caution against. I don't consider all recruiting agencies to be "twits". Any recruiters that I've spoken with in the past wanna "chime in" on this one? Clearly as with any profession, it is a "mixed bag". There are also, however, an number of agencies that do not seem to have a clue when dealing with an InfoSec professional. As one humorously mentioned to me off-list: "Their modus operandi seems to be sending as many resumes as they possibly can and hoping that they will get a hit on one of them. Well if you throw enough crap against the wall, some of it is bound to stick." (Thank you Dan). It was not to codemmn the industry as a whole, but as a subtle reminder of some of the things we as candidates expect. > > I have seen recruiters that are very good at what they do and > they establish > a very close relationship with you. Yes, I agree, if you post your resume > on all of the job board out there, your resume will endup being submitted > twice for the same job with a different style to it. Read the fine print > before you submit your resume anywhere. Agreed. Just be aware that if you DO post to a job board, it WILL get around. Sometimes years later. The internet is funny that way. It has a very persistant tendency to it :-) If you don't believe me, look up this message 3 years from now. It'll be around SOMEWHERE. > > You also have to keep in mind that if you had a once in a lifetime > opportunity to quickly fastrack to the coveted position of > Security Officer > with a startup or some dotcom, it does not mean that you qualify > to become a > security officer in any other company or in any bigger company. Only your > experience and applicable skills and accomplishment will open > doors to such > positions. The point here was: "Be prepared to RE-ENTER the "real world". But your skills are more than just some really cool keywords. If you can judge someone's skills merely from a piece of paper, you're a much better guy than the rest of the world. And for the record, it wasn't a "fast track" to the "coveted position". I EARNED every bit of it. I've got the "battlescars" to prove it. You can talk to anyone who knows me. > > Last but not least, I have seen big five consultants that are damn good, > just like any other field out there, you have good and bad > apples. Making a > general statement saying all big five consultants are useless or comparing > them to bad recruiters is not giving a real view of what is going on. I > know some big five consultants that could most certainly teach you a few > tricks. Again, a mixed bag. I know also know some VERY fine people working in the big five. But I also know a few duds. My point was that this type of background will never HURT your chances when comparing apples to apples. Where did I ever state that they were useless? > > The best point in your posting is about Networking, you have to let you > close friends know that you looking for employment, it is sometimes very > strange how offers comes by. > > In my view there is tons of jobs opportunities if you talk to the right > people and have the right skills. You certainly have a right to your view, as do I. Talking to the right people is a matter of finding the "right people". And I think that is a large point in having a forum such as this. > > It is not as bad as you describe for everyone out there. No it isn't. Not for everyone. But that depends on what chair you are sitting in and your viewpoint. > > Clement Best Regards, Ken > > > > -----Original Message----- > > From: Ken Pfeil [mailto:Kenat_private] > > Sent: 19 juin, 2001 14:26 > > To: securityjobsat_private > > Subject: Random Thoughts from the "Peanut Gallery" > > > > > > Hi All, > > > > There's been a lot of postings and webpages popping up on the internet > > regarding failed companies by security professionals. This is > just a small > > bit of advice to both ex "Dotcom-ers" and recruiters. > > > > To the unemployed security professional (ex dotcom-er): > > First off, you are not alone. There seem to be more and more joining the > > ranks everyday. > > > > You may spend MONTHS searching for the right opportunity. Right > > now in this > > market, you probably will not find anything worthy of your skill set. Be > > prepared to "settle". Your resume may eventually make it into a stack on > > some entry level HR person's desk, who will scan it for > "buzzwords". These > > are the same people who wouldn't know security if it were dating their > > daughter. > > > > Be prepared for the "you don't seem to have enough experience > on Widget A" > > speech, even though you've tried to pack 14 years of applicable > experience > > into 4 condensed still-readable pages. For example, If your resume has > > strengths pertaining to one operating system, they'll say that you don't > > "have enough experience" in an operating system that you've only got 8-9 > > years experience with. That's if you are lucky enough to receive > > feedback at > > all. If your resume was sent by a recruiter to them, chances are > > you won't. > > Find out as much as you can about the position BEFORE your > resume is sent, > > and fix it to suit the position. If you don't have a "Big Five" > background > > in security, you'll probably need it. Believe it or not, many smaller > > companies (where most of the "good" jobs are) rely on the sole > opinion of > > "Big Five" (or is it 6 now?) consultants. And a few of those know > > less about > > security than the HR person (above). Chances are, it'll be the > one with a > > "professional axe" to grind with you, or the "clueless one". Be > > prepared :-( > > > > Your experience at the now defunct "DotCom" is just that, > > experience. Let it > > go. You probably won't find that level of opportunity in the > "real world". > > Case in point: I was Chief Information Security Officer. There > > are not that > > many positions available like this today. Few and far between. > Be prepared > > for a hefty pay cut and demotion in job description and > responsibilities. > > Your spouse will have to go back to work, so don't cut off your > > relationship > > with your children's daycare and lose that slot just yet. > > > > Don't burn bridges with the management of the company you > worked for, now > > matter how bitter you feel, or how badly you think things were > mismanaged. > > These very same people can do great damage to your career prospects with > > merely a few words, phone call, or email. > > > > Your best bet on finding employment is to network with fellow > > professionals > > and contacts in your field. This list is an invaluable resource in that > > respect. Use it. > > > > Job Boards suck. Your resume will wind up EVERYWHERE for EVERY POSITION > > conceivable. You will receive many calls, but few offers. Many of > > these will > > come months or sometimes even years after you've found "gainful" > > employment. > > > > Keep you nose to the grindstone, for better days are a comin'. > > > > > > For the recruiter: > > > > Do NOT take someone's resume unless you have a position available that > > matches the potential candidate's career interest. We don't want to hear > > about the position unless there is funding for it, and it > actually exists. > > "VaporJobs" (Jobs that don't yet exist) will not pay the bills. > > > > Do not send candidate's resume without his/her consent. There are fewer > > things more frustrating that looking like a complete moron all > because two > > agencies sent their own marked up version of your resume in for the same > > position at the same company. Companies tend to "file 13" you over this. > > > > Communicate with the candidate regarding his/her candidacy for > > the position. > > Follow up with him/her. Don't make the candidate call you for a > status. If > > the candidate emails you, email them back. If you say "I'll > talk to you at > > 4pm" to a candidate, call him back. I've "blacklisted" several > agencies on > > this alone (You know who you are, don't make me say it :) . > > > > Work on developing a relationship with the candidate. As > discussed above, > > the candidate will probably not stay his entire career in one place. > > Especially dotcom'ers. Companies close up shop all too quickly > > nowadays. So > > you've got your fee. Now what, you're done? Nope. Keep in contact. This > > person may just be the hiring authority at his next company. > > > > Have a working knowledge of the position that you are presenting to the > > candidate. You look really silly to the candidate when you say > "Well, I'm > > not the one handling that position so I don't know that much > about it. Let > > me forward your resume to Joe Schmo. He'll call you back". Why > didn't Joe > > Schmo make the call to you in the first place? > > > > Have a relationship with the client who is searching for a candidate. Be > > able to ask questions. Be prepared for the clueless, buzzword skimming, > > low-level HR person "blackballing" resumes. Many excellent > candidates are > > skipped over merely because of the lack of "buzzwords", even though they > > have YEARS of experience. If you know they are qualified, do > whatever you > > have to do to get them in for an interview. The candidate will have fond > > memories of your company because of this. > > > > Well folks, this is off the top of my head and I hope my > > hindsight benefits > > someone. If anyone has any more feedback, I'm all ears. Maybe we should > > start an FAQ? > > > > Best Regards and Good Luck, > > Ken > > > > Ken Pfeil > > Former Chief Information Security Officer > > Some DeadDotCom (I'm legally bound from mentioning the name in a public > > forum) > > > > >
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 12:31:16 PDT