Security Manager's Journal: Ready to hire, but coming up empty
Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?
Computerworld - For the past few years, I've been short-staffed. As a result, I've had to do a lot of the security work myself. For example, I've created my own security awareness program, performed SOX functions on my own, gotten internal buy-in for patching and vulnerability management, and even read through firewall logs, among other things. In fact, I so rarely am able to delegate work to other people on my team that this column might be called One-Man Security Department's Journal rather than Security Manager's Journal. But all that is about to change.
I've gotten approval to hire three new people. Evidently, the dam that was built against new hires when the economy was at its most dismal has been breached. I had an intuition that would be the case, so during the fall budget season, I pitched several new staff positions. I'm thrilled to report that they were all approved! With those positions filled, I'll be able to get a lot more security work done. That's good for me and the company.
But I've been quite surprised to find that there aren't very many experienced security professionals looking for work in the areas I'm trying to fill. I had thought that after so many years of a rough economy, people would be lining up at my door when I was finally ready to hire. But that hasn't been the case. Did the dam burst at other companies well ahead of mine?
Optimally, I would like to hire people whose abilities I already have confidence in. With that in mind, I started out by approaching people I've worked with before or otherwise know to be highly competent. But most of my friends and colleagues weren't even open to the idea of changing jobs. Of the few who were willing to talk, none did anything more than talk, and after a few conversations, things went nowhere. That taught me that my friends and colleagues are doing just fine. I was surprised, because in the past, people had been a lot more dissatisfied with their jobs and more willing to consider grabbing a new opportunity.
Next, I asked my contacts whom they knew that might be interested in my jobs. A second-level recommendation is not as reliable as knowing somebody personally, of course, but there's still some value in having a trusted colleague vouch for somebody. But I was surprised again -- nobody I know has any friends or colleagues who are looking for work. That's a lot of people not looking for work.
That left me no choice but to go to the street. I engaged a few headhunters I know (they have gotten me jobs in the past). Unfortunately, recruiters often don't really know the people they bring for interviews. They find resumes on job boards and pre-screen the candidates, but they can't vouch for them. I have to rely on references and background checks. A reference from an unknown third party is never going to be as frank as one from a friend, but it's the best I can do right now.
Across the nation, overall unemployment remains high, but this experience has me thinking that those of us who practice information security are living in our own bubble of prosperity. On that note, I wish you and yours all the best in the new year.
This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com.
To join in the discussions about security, go to blogs.computerworld.com/security.
More by J.F. Rice
- Security Manager's Journal: Trapped: Building access controls go kablooey
- Security Manager's Journal: We manage our threats, but what about our vendors?
- Security Manager's Journal: With Heartbleed, suddenly the world is paying attention to security
- Security Manager's Journal: A rush to XP's end of life
- Security Manager's Journal: Security flaw shakes faith in Apple mobile devices
- Security Manager's Journal: Cyberattacks just got personal
- Security Manager's Journal: Target breach unleashes fresh scams
- Security Manager's Journal: Giving thanks for SIEM
- Security Manager's Journal: Hashing out secure applications
- Security Manager's Journal: Why the shutdown is like the cloud
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!