Security Manager's Journal: Ready to hire, but coming up empty
Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?
Computerworld - For the past few years, I've been short-staffed. As a result, I've had to do a lot of the security work myself. For example, I've created my own security awareness program, performed SOX functions on my own, gotten internal buy-in for patching and vulnerability management, and even read through firewall logs, among other things. In fact, I so rarely am able to delegate work to other people on my team that this column might be called One-Man Security Department's Journal rather than Security Manager's Journal. But all that is about to change.
I've gotten approval to hire three new people. Evidently, the dam that was built against new hires when the economy was at its most dismal has been breached. I had an intuition that would be the case, so during the fall budget season, I pitched several new staff positions. I'm thrilled to report that they were all approved! With those positions filled, I'll be able to get a lot more security work done. That's good for me and the company.
But I've been quite surprised to find that there aren't very many experienced security professionals looking for work in the areas I'm trying to fill. I had thought that after so many years of a rough economy, people would be lining up at my door when I was finally ready to hire. But that hasn't been the case. Did the dam burst at other companies well ahead of mine?
Optimally, I would like to hire people whose abilities I already have confidence in. With that in mind, I started out by approaching people I've worked with before or otherwise know to be highly competent. But most of my friends and colleagues weren't even open to the idea of changing jobs. Of the few who were willing to talk, none did anything more than talk, and after a few conversations, things went nowhere. That taught me that my friends and colleagues are doing just fine. I was surprised, because in the past, people had been a lot more dissatisfied with their jobs and more willing to consider grabbing a new opportunity.
Next, I asked my contacts whom they knew that might be interested in my jobs. A second-level recommendation is not as reliable as knowing somebody personally, of course, but there's still some value in having a trusted colleague vouch for somebody. But I was surprised again -- nobody I know has any friends or colleagues who are looking for work. That's a lot of people not looking for work.
That left me no choice but to go to the street. I engaged a few headhunters I know (they have gotten me jobs in the past). Unfortunately, recruiters often don't really know the people they bring for interviews. They find resumes on job boards and pre-screen the candidates, but they can't vouch for them. I have to rely on references and background checks. A reference from an unknown third party is never going to be as frank as one from a friend, but it's the best I can do right now.
Across the nation, overall unemployment remains high, but this experience has me thinking that those of us who practice information security are living in our own bubble of prosperity. On that note, I wish you and yours all the best in the new year.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
To join in the discussions about security, go to blogs.computerworld.com/security.
More by J.F. Rice
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
- Security Manager's Journal: Thinking about passwords
- Security Manager's Journal: Android panic
- Security Manager's Journal: Auto-forwarded emails could be a huge problem
- Security Manager's Journal: Our network infrastructure has fallen far out of date
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts