Security Manager's Journal: Ready to hire, but coming up empty
Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?
Computerworld - For the past few years, I've been short-staffed. As a result, I've had to do a lot of the security work myself. For example, I've created my own security awareness program, performed SOX functions on my own, gotten internal buy-in for patching and vulnerability management, and even read through firewall logs, among other things. In fact, I so rarely am able to delegate work to other people on my team that this column might be called One-Man Security Department's Journal rather than Security Manager's Journal. But all that is about to change.
I've gotten approval to hire three new people. Evidently, the dam that was built against new hires when the economy was at its most dismal has been breached. I had an intuition that would be the case, so during the fall budget season, I pitched several new staff positions. I'm thrilled to report that they were all approved! With those positions filled, I'll be able to get a lot more security work done. That's good for me and the company.
But I've been quite surprised to find that there aren't very many experienced security professionals looking for work in the areas I'm trying to fill. I had thought that after so many years of a rough economy, people would be lining up at my door when I was finally ready to hire. But that hasn't been the case. Did the dam burst at other companies well ahead of mine?
Optimally, I would like to hire people whose abilities I already have confidence in. With that in mind, I started out by approaching people I've worked with before or otherwise know to be highly competent. But most of my friends and colleagues weren't even open to the idea of changing jobs. Of the few who were willing to talk, none did anything more than talk, and after a few conversations, things went nowhere. That taught me that my friends and colleagues are doing just fine. I was surprised, because in the past, people had been a lot more dissatisfied with their jobs and more willing to consider grabbing a new opportunity.
Next, I asked my contacts whom they knew that might be interested in my jobs. A second-level recommendation is not as reliable as knowing somebody personally, of course, but there's still some value in having a trusted colleague vouch for somebody. But I was surprised again -- nobody I know has any friends or colleagues who are looking for work. That's a lot of people not looking for work.
That left me no choice but to go to the street. I engaged a few headhunters I know (they have gotten me jobs in the past). Unfortunately, recruiters often don't really know the people they bring for interviews. They find resumes on job boards and pre-screen the candidates, but they can't vouch for them. I have to rely on references and background checks. A reference from an unknown third party is never going to be as frank as one from a friend, but it's the best I can do right now.
Across the nation, overall unemployment remains high, but this experience has me thinking that those of us who practice information security are living in our own bubble of prosperity. On that note, I wish you and yours all the best in the new year.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
To join in the discussions about security, go to blogs.computerworld.com/security.
More by J.F. Rice
- Security Manager's Journal: Trapped: Building access controls go kablooey
- Security Manager's Journal: We manage our threats, but what about our vendors?
- Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security
- Security Manager's Journal: A rush to XP's end of life
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!