SecurityRecruiter.com's Security Recruiter Blog

Business Voice Mails

noreply@blogger.com (Jeff Snyder) — Thu, 29 Jul 2010 21:45:00 +0000

Forgive me for writing about this topic again when I addressed it a few weeks back but the past week has brought the issue to my attention again.

Two times last week, voice mails were left for someone at SecurityRecruiter.com. The names of the people leaving the voice mails were unfamiliar but we would have been happy to return their calls.

Both calls were made from cell phones that at the moment the messages were left, had poor signals. In both cases, we were able to make out the name but not the phone number.

In both cases, if these callers had provided their phone number more than one time in the voice mail, we would have returned both calls even if we couldn’t make out the person’s name.

The next time you’re leaving an important voice mail, stop and think about your delivery. Are you communicating clearly? Are you providing enough information for the recipient of your call to get back to you? Are you leaving a compelling enough message for the recipient to want to make a priority out of returning your call?

We get one chance to leave a first impression. Whether we were impressed with the voice mails mentioned above or not, we can’t return calls to phone numbers we can’t understand.

Security Recruiter Blog

Verbal and Written Communication Skills for Technology Professionals

noreply@blogger.com (Jeff Snyder) — Thu, 29 Jul 2010 19:55:00 +0000

Verbal and Written Communication Skills for Technology Professionals

Written by Jeff Snyder of SecurityRecruiter.com for the June 2010 edition of Technical Support Magazine for NaSpa.

Security Jobs: Sr. Business Analyst, Fraud Management, Jersey, City, NJ

noreply@blogger.com (Jeff Snyder) — Mon, 26 Jul 2010 20:54:00 +0000

New Fraud Analyst Jobs on the Security Jobs page of SecurityRecruiter.com

Senior Business Analyst, Fraud Management

Location: Jersey City, NJ
Type: Full Time

Reporting directly to the Sr. Manager of Fraud Management. The incumbent drives the identification of fraud trending analysis and reporting of company wide weekly, monthly and quarterly fraud loss, fraud saves and recovery metrics. This position will have a close, cohesive partnership with several business units, including Accounting, Corporate Security and Product.

Creates and manages a database of all fraud cases. Ensures integrity and accuracy of data.
Develops and prepares daily, weekly, monthly and quarterly metrics reporting for management.
Responsible for charging off fraudulent accounts and general ledger reconciliations with Accounting.
Responsible for all fraud recovery and fraud saves reporting.
Analyzes losses to identify fraud trends and root cause and make appropriate recommendations to mitigate fraud to management.
Assists management in identifying and recommending workflow improvements and efficiencies based on reporting metrics.
Partners with multiple business units to obtain reporting data and expand current reporting methods and metrics.
Other duties as assigned by manager.

Job Requirements

Minimum Professional and Technical Skills:

Strong Leadership skills to provide direction to fraud analysts.
Strong operational background in both banking and brokerage.
2- 4 years experience in a progressive financial reporting position.
Flexibility to adapt to constant change with the ability to manage multiple assignments.
Strong verbal, written, interpersonal, organizational and project management skills.
Strong analytical skills including ability to research, schedule, analyze and present investigative findings, and have a propensity for details and accuracy.
Requires solid technical and analytical skills in financial analysis, preferably experience with fraud loss trend analysis and metrics reporting.
In depth knowledge of Microsoft Office applications is required with heavy emphasis in Access, Excel and Power Point.
Enjoys working in fast-paced and rapidly changing environment. Flexibility to adapt and able to manage multiple assignments while working independently.
Detail oriented with strong analytical aptitude.
Ability to work under pressure, often against tight deadlines.
Proven ability to utilize creative talent to develop and create new reporting models encompassing multiple requests from different business units.

Minimum Education, Certification, Training:

2 to 4 years experience in a brokerage or bank corporate security department or related fraud/risk position.
BA or BS from a recognized college or university.
Knowledge of financial services, securities, brokerage industry.
Fraud/risk detection/prevention, investigations, money laundering and SAR experience is a plus.

Security Recruiter Blog

Security Jobs: Fraud Operations Manager, Jersey City, NJ

noreply@blogger.com (Jeff Snyder) — Mon, 26 Jul 2010 20:48:00 +0000

New Internal Fraud jobs and External Fraud jobs on the Security Jobs page of SecurityRecruiter.com

Operations Manager, Fraud Operations

Location: Jersey City, NJ
Type: Full Time

The incumbent reports directly to the Senior Manager of Fraud Management and manages a team of analysts that monitor and identify fraud events domestically and internationally.

Ensures that the company is operating, both internally and externally, at an appropriate level of fraud prevention and detection and communicates fraud events in a timely manner to Investigations and management.
Manages a team of analysts focused on the reviewing of reports and information regarding customer accounts and activity suspected of being fraudulent, both domestically and internationally.
Identifies risks and/or operational gaps and develops appropriate solutions or system changes to mitigate exposure.
Develops and provides ongoing training on fraud prevention trends and issues, as well as documenting department wide operating procedures.
Manages the integrity of Department’s fraud database and provides Ad Hoc reporting metrics to business units on fraud losses, fraud trends, and fraud recoveries.
Other duties as needed.

Job Requirements

Minimum Professional and Technical Skills:

Strong Leadership skills to provide direction to fraud analysts.
Strong operational background in both banking and brokerage.
Ability to lead and make sound decisions in crisis situations.
Ability to effectively communicate within all levels of the organization.
Flexibility to adapt to constant change with the ability to manage multiple assignments.
Strong verbal, written, interpersonal, organizational and project management skills.
Self-motivated, willingness to assume additional responsibilities.
Strong analytical skills including ability to research, schedule, analyze and present investigative findings, and have a propensity for details and accuracy.
Strong reporting skills with heavy emphasis towards Microsoft Access and Excel.

Minimum Education, Certification, Training:

4 to 6 years experience in a brokerage or bank corporate security department or related fraud/risk position.
2+ years of Supervisory/Management experience.
A Bachelors Degree or equivalent experience in an area of relevant to this position.
Fraud prevention/risk, money laundering and investigative experience and/or certification.
CAMS, CFE or CFS desired.
Series 7 & 63 licenses desired.

Additional Details

We offer a competitive and comprehensive benefits package.

Security Recruiter Blog

Security Jobs: Network Infrastructure Data Center Consultants ( Multiple)

noreply@blogger.com (Jeff Snyder) — Thu, 22 Jul 2010 13:15:00 +0000

One of our clients at SecurityRecruiter.com is growing at a rate that is hard to believe if all you do is listen to the bad news on the evening news. When is the last time you heard about a company that is hiring over 1000 primarily 6-figure professionals? We're working with a practice leader who has 70 projects on the table but only has enough staff to address a hand-full of his client's demands.

Consider joining a consulting practice that is doubling in size every three months. If you have network architecture experience at the enterprise level and have delivered consulting services in the past, we have multiple positions to fill in the realm of Network Infrastructure, Security Architecture, Threat and Vulnerability Management and Identity Management.

Network Infrastructure Data Center Consultant

US: Any Major City

Compensation: $80,000 - $100,000 Range

Travel: 80% plus, Typically Monday through Thursday, home Friday

Education: BA/BS required with a Masters in Computer Science or Management Information Systems Preferred

SecurityRecruiter.com has been engaged by one of the world’s largest management consulting firms to fill a variety of growth positions for the firm. These roles revolve around data center operations, cloud computing, threat and vulnerability management and identity management.

Consultants who take on these roles will have the opportunity to see the equivalent of multiple years worth of career growth for every year they invest with the firm. These positions require heavy travel equivalent to 80% or more. Efforts are made to have consultants either working from home on Fridays or taking the day off if billable hours for the week have been accumulated before Friday.

Network Infrastructure consultants will be joining a practice that is currently doubling in size every few months. The practice leader has more business than his current staffing levels can handle. Opportunity for consultants to learn and grow by serving Fortune 1000 companies is tremendous.

Network Infrastructure consultants will deliver technical engagements that include solution development.

Responsibilities include:

• Delivering engagements that include infrastructure platforms (hardware, software, services), enterprise security, storage, voice, video, networking technologies, virtualization, cloud computing, data centers, etc. Consultants will work with clients to provide recommendations to optimize their environments.

• Coordinate analysis activities in client environments to include recommending solutions, leveraging database and spreadsheet tools.

• Identify and recommend to the client technical toolset and instruments to complement analysis activities.

• Deliver reports and presentations to clients.

• Provide support to the sales cycle.

Job Requirements:

• A Bachelor or Masters in Computer Science or Management Information Systems is preferred.

• Demonstrate a deep knowledge of Internet / DMZ, Remote Access, SONET / DWDM, MPLS, MAN, WAN, WLAN, LAN (switching and routing).

• Demonstrate a minimum of 3-5 years experience in technical infrastructure including information security.

• Demonstrate previous experience as a developer coding in C, C++ and/or Java with SQL.

• Demonstrate previous experience providing enterprise level consulting experience.

Security Recruiter Blog

Security Jobs; Network Infrastructure Data Center Manager (Multiple Positions)

noreply@blogger.com (Jeff Snyder) — Thu, 22 Jul 2010 13:00:00 +0000

One of our clients at SecurityRecruiter.com is growing at a rate that is hard to believe if all you do is listen to the bad news on the evening news. When is the last time you heard about a company that is hiring over 1000 primarily 6-figure professionals? We're working with a practice leader who has 70 projects on the table but only has enough staff to address a hand-full of his client's demands.

Consider joining a consulting practice that is doubling in size every three months. If you have network architecture experience at the enterprise level and have delivered consulting services in the past, we have multiple positions to fill in the realm of Network Infrastructure, Security Architecture, Threat and Vulnerability Management and Identity Management.

Network Infrastructure Data Center Manager

US: Any Major City
Compensation: $110,000 - $130,000+ Range
Travel: 80% plus, Typically Monday through Thursday, home Friday
Education: Bachelor degree required, Masters preferred

SecurityRecruiter.com has been engaged by one of the world’s largest management consulting firms to fill a variety of growth positions for the firm. These roles revolve around data center operations, cloud computing, threat and vulnerability management and identity management.

Managers who take on these roles will have the opportunity to see the equivalent of multiple years worth of career growth for every year they invest with the firm. These positions require heavy travel equivalent to 80% or more. Efforts are made to have employees either working from home on Fridays or taking the day off if billable hours for the week have been accumulated before Friday.

Network Infrastructure Managers will be joining a practice that is currently doubling in size every few months. The practice leader has more business than his current staffing levels can handle. Opportunity for consultants to learn and grow by serving Fortune 1000 companies is tremendous.

Responsibilities include:

• Requires 5-7 years of progressive experience evaluating, delivering and managing complex infrastructure engagements. Big 4 or similar consulting experience is required.

• Managers deliver technical infrastructure engagements that include assessment, design, planning, implementation and optimization.

• Managers work closely with customers to understand their technical infrastructure needs relative to platforms (hardware, software, services), enterprise security, storage, voice, video, networking technologies, virtualization, cloud computing, data centers, etc.

• Managers will drive customer engagements based on delivery, performance, reputation protection and revenue generation.

• Assisting and creating selling processes to include RFP responses and statements of work.

• Managers will manage multiple client engagements simultaneously.

• Manage large teams of staff on large and complex client engagements where delivery time frames can be short.

• Provide clients with technical architecture recommendations, infrastructure design and process recommendations.

• Facilitate the delivery of workshop sessions for client engagements.

• Contribute to the sales process by identifying new engagement opportunities, by developing new engagement opportunities and by helping to write, present and deliver proposals.

• Provide staff performance management to consultant teams.

Job Requirements:

• Demonstrate experience leading large, complex infrastructure implementations under short delivery time frames.

• Communicate in a highly articulate manner including the ability to write reports, proposals and the ability to communicate with customer’s senior leadership.

• Demonstrate strong knowledge and understanding of architecture, engineering and operations experience around: Internet / DMZ, eBusiness, Mobile Communications, SONET / DWDM, MPLS, MAN, WAN, WLAN, LAN (switching and routing), DNS, CHCP, Load Balancing, Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, etc.

• Demonstrate deep understanding of platforms to include both hardware and software, virtualization, cloud computing, voice / data technologies, desktops and data centers.

• Demonstrate experience delivering visionary, out of the box presentations to “C” level executives.

• Prefer past experience speaking at vendor forums on technical topics.

• Demonstrate the ability to thrive and deliver under pressure.

• Past global experience is appreciated

Security Recruiter Blog

Security Jobs: US Federal Government Cyber Warfare Jobs

noreply@blogger.com (Jeff Snyder) — Wed, 21 Jul 2010 16:44:00 +0000

Federal Government - Cyber Warfare Jobs

A call came in yesterday from one of my Washington D.C. insiders. He had just left a meeting in which the topic of Cyber Warfare was heavily discussed. The end result is the government coming to realization that the 30,000 cleared and certified Cyber Warfare professionals needed to protect our Nation from electronic warfare may not exist.

What I mean is that there are not 30,000 security professionals holding clearances walking around without jobs. Even for those who hold clearances, there are not enough properly educated, trained and certified Cyber Warfare professionals available to fill all the jobs in government service.

At SecurityRecruiter.com, we're working with a partner to solve the education and training part of this problem.

Furthermore, on the SecurityRecruiter.com website, we'll soon have a publication available that explains the process of obtaining a government clearance.

SecurityRecruiter.com does not create the training, education and certification opportunities we represent. Rather, we're always looking for the best training, education and certification options in the industry to introduce to our website visitors. Stay tuned as we're in the process of making significant changes to SecurityRecruiter.com on-line to provide a more useful visitor experience.

Security Recruiter Blog

Security Jobs: Too Many To List!

noreply@blogger.com (Jeff Snyder) — Thu, 15 Jul 2010 22:45:00 +0000

Tomorrow morning, I'll be sharing a conversation with someone who is at the CISO level. His organization has engaged SecruityRecruiter.com to work on more than 25 newly created information security jobs.

These new positions will generally accommodate information security professionals who are in the $100,000 to mid $100s in base salary.

Relocation will not be necessary or available as these positions will require exensive travel. A sampling of positions we'll soon have on the Security Jobs page of SecurityRecruiter.com include:

Network Infrastructure and Data Center Associate, Manager and Director level openings
Threat and Vulnerability Management from the hands-on security consultant level to the management level
Information Security Identity Management technical consultant and Manager level opportunities

There are 30 total positions to be filled. Stay tuned as we get the priorities of our client sorted out. As jobs are written up, they'll land in the Security Recruiter Blog and on the Security Jobs page of SecurityRecruiter.com.

Security Jobs: Security Consultant, Falls Church, VA

noreply@blogger.com (Jeff Snyder) — Tue, 13 Jul 2010 13:00:00 +0000

New Security Jobs on the Security Jobs page of SecurityRecruiter.com.

C&A Security Consultant - Job Code CAFC02

Location: Falls Church, VA
Type: Full Time

Certification Agent (CA) Support for Certification and Accreditation (C&A)

The contractor shall provide personnel to perform CA duties in support of the C&A process at our client's work site. The Certification Agent assigned to an Information Technology system shall serve as a subject matter expert for security. The CA shall provide security solutions and interpretations of security policies as they relate to specific architectures and projects. The CA shall establish rapport and develop a relationship with the project development teams. A CA shall typically serve in that for more than one system.

The CA shall perform duties including but not limited to:

* Supporting audits.
* Monitoring timeliness of accomplishment of required actions and documents pertaining to the C&A of the system throughout its life cycle.
* Ensuring that an IS security analysis is a conducted to determine appropriate security requirements during the design stage of an application.
* Ensuring that the IS design meets a specified set of security requirements.
* Assisting developers in ensuring IS security requirements for all applications comply with all laws and regulations and are appropriate and sufficient.
* Creating the Security Assessment reports for the C&A process.
* Ensuring IS security plans and other C&A documents are developed for all applications following dhs and cbp mandated procedures and tasks, such as using RMS.
* Providing written justification, when appropriate, to the Chief, STP branch for approval by the assistant commissioner, office of information and technology to obtain a written waiver of policy for mandated security features.
* Coordinating with he assigned Information systems security officer on deployment of new systems and modifications of legacy systems.
* Pluses are familiarity with the DHS-mandated certification & accreditation and compliance tools, RMS & TAF, experience with HSPD 12, firewalls, and Oracle databases.
* All candidates must be capable of obtaining and maintaining a US Government security clearance.

Security Recruiter Blog

Security Jobs: Security Consultant, ACF2, St. Louis, MO

noreply@blogger.com (Jeff Snyder) — Mon, 12 Jul 2010 22:34:00 +0000

New Cyber Security Jobs available on the Security Jobs page of SecruityRecruiter.com.

AIS Security Analyst - Job Code AIS02

Location: St. Louis, MO

Type: Full Time

Job Summary:

The contractor shall assist with the implementation and administration of software security products in a z/OS environment, to include, but not limited to, the Computer Associates (CA) product CA-ACF2.

The requirement for on-site Technical Support is two-fold. First, Technical Support is required to sustain the U.S. Army Materiel Command (AMC) Legacy Logistics systems at DECC St. Louis. The second segment of support required under this Statement of work involves the installation, operation and maintenance of Telecommunications devices, cabling, circuits and routers.

Duties and Responsibilities:

* Read and apply applicable Security Technical Implementation Guides (STIGs), administer the respective security product on multiple z/OS LPARs, resolve conflicts with site ISSMs.

* Assess the operating system environment in which the respective security software product is installed to determine whether it is compliant with governing STIGs and Department of Defense (DoD) regulations.

* Assess customer requests for system privileges, authority and/or data access. Determine if access is appropriate; if access is granted, utilize the capabilities of the respective security software product to affect the request. If access is denied, document rationale for denial. Provide feedback to customer, as appropriate.

* Provide expertise, assistance, and on-the-job training, as requested, for all aspects of the implementation and administration of the respective security software product.

NOTE: In accordance with DISA standards, a contractor employee(s) may receive an administrative duty appointment as an Information System Security Officer (ISSO). The Administrative appointment as an ISSO specifies the following responsibilities:

* Ensuring compliance with DISA Security Technical Implementation Guides (STIGs) and local information systems security procedures approved by the Chief, Security Division or the Information System Security Manager (ISSM).

* Administering systems access based on approved personnel security investigation/clearances, appropriate ADP authorization, and need-to-know considerations.

* Preparing, maintaining, and distributing plans and instructional guidance pertaining to systems security and operations.

* Providing systems-specific security awareness training for appropriate DECC St. Louis personnel.

* Reporting security incidents to the Chief, Security Division and/or the ISSM, and assisting in reporting, investigating, and resolving such incidents.

* Routinely reviewing audit records as prescribed by Task Manager and reporting any deviation of security practices to the Chief, Security Division and/or the ISSM.

* Ensuring that appropriate Terminal Area Security Officers (TASOs) are appointed.

Requirements:

* Must possess security certification for the Information Assurance Technical (IAT) I
* Must be a U.S. Citizen
* Must be eligible for an IT-I clearance and a minimum of a Secret level government clearance

* System Security Expereince
* ISSO Experience
* DISA/DISA DECC IA Experience
* U.S. Army Legacy Mainframe Applications Experience

About our customer: Our client is a 24x7x365 provider of Information Technology (IT) services across multiple platforms. Originally established as a mainframe computer operating site, it has evolved to host a variety of applications and systems across multiple platforms. Our client is responsible for “Full Service” hosting of U.S. Army Legacy mainframe applications, and supports a variety of War fighting customers in various ways (i.e. Systems Administration, Information Assurance, etc.). In addition, provides on-site support to non co-located Computing Services Activities who are responsible for the management of applications and systems that are physically located at client site in St. Louis.

Cameron Herold: Let's raise kids to be entrepreneurs | Video on TED.com

noreply@blogger.com (Jeff Snyder) — Mon, 12 Jul 2010 20:50:00 +0000

Entrepreneurial Kids!

For anyone who is or has ever considered taking action on their entrepreneurial ideas or for anyone who has kids who show entrepreneurial tendencies, I strongly recommend slowing down for a few minutes to listen to Cameron Herold. Thank you to one of my facebook connections for sharing this presentation on his facebook page over the weekend.

This is what Cameron's talk is all about:

"Bored in school, failing in class, at odds with peers: This child might be an entrepreneur, says Cameron Harold. At TEDxEdmonton, he makes the case for parenting and education that helps would-be entrepreneurs flourish - as kids and as adults."

Cameron Herold: Let's raise kids to be entrepreneurs Video on TED.com

As I listened to Cameron's presentation, I related to his stories in numerous ways. Not my normal blog topics on security jobs and security recruiting but maybe somebody will get a kick out of this information before I share loads of new security jobs as the week progresses.

At age 7, I carried a bucket, sponges, car wash soap and towels to neighbors homes where I proceeded to knock on their door to talk them in to having their car washed.
At age 8, my dad wouldn't yet let me use the lawn mower yet so I couldn't start my lawn mowing career just yet. However, I did have a wagon and my neighborhood had a monthly large trash pick-up. I pulled my wagon around looking for bundles of newspaper. At first, I just put the papers in my wagon and took them home. Then, I figured out that if I simply knocked on the door and told the home owner that I was recycling newspaper, they'd save and bundle their papers for me and would leave them on the front porch.

Can you picture the site of a green 1972 AMC Gremlin driving down the road with newspapers stacked to the ceiling? My dad drove me to the recycling center once a month with one load, then two loads, then three loads, and more of newspapers so I could collect a few dollars. He probably caused more wear and tear on his shocks than I made in recycling fees but I'm thankful that my dad supported my desire to work at a young age.

At age 9, I noticed that the monthly large trash pick-up produced lots of old bicycles and bicycle parts. My parents aren't with me any longer but I owe them many thanks for allowing me to fill their basement with used bicycle parts. Thanks to my dad for letting me use his tools. I rebuilt bikes with junk parts and sold them to my friends.
Somewhere around the ages of 9-10 I shoveled snow for money. This activity lasted through high school. Find something that nobody wants to do, put a price tag on it and you'll eventually find a buyer!
At or around age 10, I remember delivering newspapers in multi-story apartment buildings near our Washington DC area home. The bag for the Sunday Washington Post very likely weighed more than I did at age 10. Somehow I got the papers delivered though because there was a profit to be made soon after delivery.
Sometime around or soon after age 10, my dad finally let me cut grass. It wasn't enough to cut my parent's grass, I figured out that many people in the busy Washington DC suburb where we lived didn't have time to cut grass so my grass cutting business was born. This was a great business that I carried all the way through junior high and high school.
While working my way through college, I started a landscaping company. This was a trunk venture in that I ran the business out of the trunk of my 1977 Plymouth Volarie. I knocked on doors to get the business and then hired fellow students to work with me.

If you're wondering, as you listen to Cameron's presentation, he is talking about me. Can you tell why I enjoyed his talk? I'm the guy who as a kid was always in trouble, always at odds with other kids and had what seemed like a permanent chair in the Principal's office of my elementary school.

Baseball helped tremendously to channel my attention and energy and to help me focus in other areas of my life. I sincerely wish that somebody had recognized and understood how to nurture my entrepreneurial drive. Even to this day, my entrepreneurial drive and passion isn't always understood by those around me who have jobs but my friends who also own businesses they've started from scratch seem to get me more often than not.

Today as an adult, it is volleyball, softball, hockey, biking, tennis, skiing and other non-sedentary activities that helps to channel my energy and to keep me both fit and out of trouble. Professionally, I created SecurityRecruiter.com a while to fill a void that wasn't being met the way SecurityRecruiter.com meets it today. We provide both information security and corporate physical security recruiting expertise to global companies up to the Fortune 100.

I very well may have an entrepreneurial child. There is no doubt that she has a lot of energy and she has a short attention span much like the attention span described in Cameron's presentation and the attention span I had as a kid. His talk spoke directly to me. I hope you enjoy it.

Security Recruiter Blog

CISO and CSO Reporting Structures

noreply@blogger.com (Jeff Snyder) — Wed, 07 Jul 2010 17:53:00 +0000

While working on a recent CISO recruiting assignment through SecurityRecruiter.com, I was fortunate to speak with many different CISOs across the country. There is always a lot to learn from working with these successful security professionals who have made it to the top of the corporate information security profession.

One recent conversation with a CISO really stood out because the reporting structure described to me was somewhat different. A CISO in a financial services organization explained that his reporting structure that previously aligned with the CIO’s office had been shifted to the Chief Legal Counsel.

I asked the CISO what such a reporting structure change meant to his future. He described the structure as being one where he no longer had to sell security business propositions. Instead, in his experience, the Chief Legal Counsel was entirely focused on reacting to legislation, rules and regulations.

In this CISO’s opinion, the days of sitting down with line of business owners to determine how to align security and risk management programs with the needs of the business were gone. Instead, he described his new job as that of being entirely reactive to regulations at the expense of being proactively focused on creating best practices security programs. This is one CISO's point of view. I wonder if other CISOs who report to legal have experienced similar circumstances?

Reporting structures for CISOs are all over the map. The same can be said of the CSO office. A CSO of a global Fortune 10 financial services company recently shared his reporting structure with me. This CSO came out of a finance and operational background prior to stepping into security. Most of his peers have a career in military, law enforcement or a federal agency before stepping to a CSO position.

He explained that while he is closely aligned with the CEO of this global company because of his strong business background, the boss he has reported to has changed five times over the past five years. He has reported to human resources, risk, compliance, finance and legal. No particular reporting structure stood out as being better than another to this CSO. He concentrates on serving the needs of his line of business customers and on focusing on where the CEO wants to take the organization.

I’ll share more insights on CISO and CSO reporting structures as I talk to more “C” level security leaders.

Security Recruiter Blog

Controversial Cyber-Bill Passes Senate Homeland Security Committee - Security from eWeek

noreply@blogger.com (Jeff Snyder) — Wed, 30 Jun 2010 13:00:00 +0000

Controversial Cyber-Bill Passes Senate Homeland Security Committee - Security from eWeek

U.S. Outlines Security Strategy for Online Identity - Security from eWeek

noreply@blogger.com (Jeff Snyder) — Tue, 29 Jun 2010 16:06:00 +0000

U.S. Outlines Security Strategy for Online Identity - Security from eWeek

Questions: From an Information Systems Security Student at DeVry

noreply@blogger.com (Jeff Snyder) — Tue, 29 Jun 2010 13:00:00 +0000

Question from an Information Systems Security student:

Hello,

I am considering going into computer security. Would you please tell me, what is the reality of me finding work in this industry with a Bachelor of Science in Computer Information Systems, with specialization in Information Systems Security from DeVry University, and no experience in the industry?

From the research I've done it appears most companies are requiring extensive experience, however, DeVry is trying to assure me that they will find me work within six months of graduation. Basically, I am trying to decide if I should change my major before it's too late. Any advice would be greatly appreciated.

Thank you,

Patrice

Patrice,

Moving into computer security is a smart move. Looking at the government alone, more cyber security jobs are being created than there are qualified people to fill. Though I do not handle entry-level information security jobs, I would tend to agree with your research.

I see many schools creating information assurance, information security, cyber security, cyber warfare, etc. programs. There is most definitely a need in both the commercial and government sector for students entering the workforce with this type of training.

If you have a passion for computer work and you are good at it, don’t change your major. You might need to change your expectations though regarding how long it may or may not take to find your first job.

If I were in your shoes, I would specifically ask people at DeVry to direct me to people who graduated from your program in 2009. Find out how long it took or perhaps how long it is still taking them to find their first entry level security job.

My biggest concern for new graduates is precisely what concerns you. That is the concern that you may finish a computer security related program and then have a difficult time finding an employer who is interested in hiring an entry-level employee. Like any other profession, once you find the first job and you begin to master skills, you’ll be off and running for as far down the road as I can see in the information security or cyber security profession.

The best I can do is to suggest that any security professional who reads the Security Recruiter Blog direct their HR department to the SecurityRecruiter.com Security Jobs page if they have internship or entry-level positions to post. We’ll post these types of jobs for free as a way to connect companies with entry-level graduates.

If your company has an entry-level information security job or cyber security job, why not post it with SecurityRecruiter.com for free so we can connect the dots between people like Patrice who need entry-level security jobs and those who have entry-level security jobs to fill?

Jeff Snyder, Security Recruiter Blog

Question: From a Security Masters Degree Student

noreply@blogger.com (Jeff Snyder) — Mon, 28 Jun 2010 17:51:00 +0000

Question from a Security Masters Degree Student:

Hello, I would like to introduce myself, I am James and I am pursuing a Security Technology Management Masters of Professional Studies.

I am very interested in learning about opportunities in the security field. My situation is that I am an older student with many years of corporate management experience. I would like to take advantage of any possibilities while I continue to work and go to school so I can prepare for after my degree is achieved and also I would be very interested in any opportunities to enter the field today if possible to learn and obtain hands on experience.

I would appreciate your thoughts and direction and I am flexible on relocation.

James,

Thank you for forwarding your question. I wish that I had an instant answer to your question but I do not. SecurityRecruiter.com is frequently retained by companies that have executive level security positions to fill.

Companies do not turn to us to direct security candidates who are completing security degree programs to them. We'd be happy to do this but the request has never come to us from a school that offers a security degree program nor from a company that might hire a new security degree graduate.

I sincerely hope that security professionals who might read this security recruiter blog post who have ideas to share would do so. Feel free to leave your advice to James in the comments section of the blog or feel free to send your comments directly to me, Jeff Snyder.

Security Recruiting: How Does It Work?

noreply@blogger.com (Jeff Snyder) — Thu, 17 Jun 2010 17:15:00 +0000

What’s it Like to be a Security Recruiter?

I was recently introduced to someone through a mutual friend. I was introduced as being a “headhunter”. The person who made the introduction was deeply familiar with my work as a security recruiter but the person to whom I was introduced didn’t know what the term headhunter meant.

Security Headhunter

Sometimes people use the term headhunter and then quickly apologize as if the term headhunter was a bad word. There are all flavors of headhunters out there, some good, some great and some are really bad. I explained to my new acquaintance who is not a security skilled business professional by the way that great headhunters are people other business professionals should seek out and get to know but one can’t assume that all recruiters are great just as not all people in any profession are great. A great headhunter can open doors that advance another person’s career at the right place and in the right timing.

Security Recruiting, Similar to Real Estate

To describe the recruiting work I’ve done for 20 years, I had to break it down to the most basic elements. Not because the person to whom I was introduced wasn’t smart. The person to whom I was introduced was very intelligent but had never before worked with a truly professional recruiter or for that matter an outstanding headhunter.

To describe the work of a headhunter or a third party recruiter who is not affiliated with any one hiring organization, I often use the analogy of real estate to get my point across. Most people have dealt with a realtor or have sold a house so if they get the real estate analogy, they’ll soon understand the recruiting explanation.

My friend Dave Brown owns a Coldwell Banker operation here in Colorado that is known as The Dave Brown Team. Dave lists a lot of homes and after 25+ years of selling homes and commercial businesses in Colorado, he sells many of the homes he lists to his own buyers rather than having to share the deal with another real estate broker. Some recruiters take on and fill their own searches while others take on searches and then rely on other recruiters to come up with candidates.

In this picture, Dave has a seller. The seller is the person whose home Dave has listed. Dave has to then go find a buyer for the listed home. Sometimes, Dave’s listings are homes that were previously on the market in a “for sale by owner” fashion. Dave is called on after the home owner fails to sell their home without the help of a realtor because he has 25+ years of experience in finding buyers for his seller’s homes. Specialized recruiters are often called on when a company (seller) that has an opening is in distress and is struggling to fill a job.

What SecurityRecruiter.com Does

When SecurityRecruiter.com is retained to fill a security job, we’re taking the job on from the seller, or the company that has a security opening to fill. We then have to turn around to find a buyer for our seller’s job. We’ll call this person the security job candidate.

The security jobs we’re retained to fill are sometimes positions that have not and will not be advertised by our clients. Companies that retain our services at the front-end of a search process want a search done with precision recruiting and their expectation is that we’ll create a candidate pool of 2 or more fully qualified candidates who can all do the job. It is then our client’s job to determine which of the fully qualified candidates represent the best fit with their organization.

Another flavor of security job that lands on our desks at SecruityRecruiter.com is a security job that has been open for 9-12 months or longer. In this case, the company has tried the “for sale by owner” method which typically entails posting jobs on job boards and little else. The company in this case has typically done everything possible to not pay a search fee. This type of company comes to SecurityRecruiter.com with the expectation that they’ll be tapping into our direct recruiting resources and 20 years of recruiting expertise that they don’t have in-house to tap into themselves.

Tough Security Jobs to Fill

What these companies need is an approach that includes direct security recruiting.

In this tough economic time, one might think it would be easy to fill the security jobs we’re fortunate to have on our desks. This is what the person I was introduced to assumed before he heard my entire story.

As I continued to explain that at SecruityRecruiter.com, our services are sought after by companies that have anything from highly confidential security jobs to fill to security jobs that are so difficult to fill that the candidates we’re challenged to find can often be considered a needle in a haystack.

I continued to explain to my new acquaintance that when companies have specific security jobs to fill, they often times have little to no room for compromise when they’re hiring and that is why they call us.

Requirements Are Very Specific

For example, to fill a current bank industry CISO job that is on my desk, my client requested that our cold call recruiting be focused towards banks that are valued between $10B and $50B in assets. Research quickly surfaced approximately 70 banks in the US that fall between $10B and $50B in total assets. Some are larger than our current client and some are smaller.

Once we identified the information security leader or in some cases, the information security leader(s) in these in these banks, we then cold call recruited to find the cream of the crop. This is where the headhunter term comes from I guess. I don’t think of my job as one of hunting heads but I guess that is what we do. We just do it with a style of relationship building that should leave those whom we recruit feeling respected and appreciated and not hunted.

From time-to-time, highly skilled security professionals make themselves known to us by way of following the SecurityRecruiter.com brand. They call, send email, send LinkedIn invitations, send resumes, etc. I shared with my new acquaintance that my vision in building SecurityRecruiter.com was to build a brand that security professionals would not forget. In fact, in my vision, I thought some security professionals might even introduce themselves to us. This part of my vision has worked and continues to work.

I explained to my new acquaintance that we’re hired to do investigative work to identify prospective candidates whose professional qualifications will match up to our client’s needs. Once our research identifies a prospect, we then have to cold call recruit these people to find the few who are qualified and who might be ready to make a move at the time of our call. By returning our recruiting calls and engaging with us for even a short time, at the very least, the security professionals we’re calling on are people we can build relationships with that might become fruitful for us and for them in the future.

He Had No Idea!

By this time in the conversation with my new acquaintance, I could almost see his eyes crossing, telling me that he was challenged to understand how we could first win the business of the seller, the company that has a job to fill and then start with nothing in terms of a list of prospects and end up with a pool of prospective candidates whose qualifications are closely aligned with our client’s needs and desires. Keep in mind that these prospects also have to be interested in potentially making a professional move at the time of our call. Lots of dynamics at play here. He couldn’t understand how we found the right people to call in the companies that had jobs to sell. More than that, he couldn’t understand how we found the needles in the haystack.

I explained that in 20 years of recruiting, I’d learned a few things about winning business and that I’d invested many years into building networks that contain some of the world’s strongest security professionals. We have a pretty deep book of relationships to turn to in the security sector when a new search lands on our desks.

My new acquaintance was a bit confused and clearly mentally exhausted as he tried to process all the new information he had never been exposed to before. Though my work had been explained, I don’t think my new acquaintance really understood.

Conclusion

The companies that retain SecurityRecruiter.com to recruit high-level security talent for them don’t have to understand what we do or even how we do it. They simply have to work with us to create crystal clear expectations around their expectations for our delivery of security talent and we’ll get it done. We’ve been doing this type of direct recruiting work for 20 years and are privileged to work with many of the top security professionals in the industry.

Security Recruiter Blog

Security Interviews: A Director of Corporate Security Interview Story

noreply@blogger.com (Jeff Snyder) — Wed, 16 Jun 2010 17:50:00 +0000

Recently, I shared a conversation with a Director of Corporate Security job candidate whom I know very well. He lost his job with a Fortune 100 company in 2009 and has been looking for a new security job for quite some time.

After every interview experience, this candidate calls me to tell me about his experience and to find out what in the world he may have possibly done wrong to have not gotten the job. I’m not psychic and since I haven’t been sitting in on all of his interviews, all I can do is listen.

The other day however, he told me a story of an interview process he recently had with a major electrical power company. These companies are under tremendous compliance pressure from the US Government and based on what a former college roommate told me the other night, he sees even more regulations coming.

Tom (my college buddy) works for one of the largest power companies in the Midwest. Although Tom is a mechanical engineer, he tells me that his job has become approximately 99% compliance oriented. Not what he envisioned doing when he left The University of Kentucky but his comapny is under so much regulatory pressure, Tom was given an opportunity to move into the compliance and regulatory space to expand his career and he took it.

Back to the Corproate Security Director level candidate. He sent his resume to a power company that has a job opening posted. Someone in Human Resources contacted him. He was invited in for a face-to-face interview. He bought his own plane ticket and covered all interview expenses out of his own pocket assuming that the company would reimburse him as most companies normally do when a candidate is invited in for an interview.

He probably shouldn't have assumed anything but he did.

He arrived at the power company for his interview and met with the HR person first. Towards the end of the HR interview, he asked how he might acquire an expense form. The HR person looked at him in confusion and asked why he might need an expense form.

Imagine that you’re the candidate at this point. Isn’t is painfully obvious why you might want an expense form ? You have just incurred interview expenses? The HR person told the candidate that her company never provided reimbursement for interview expenses. The candidate’s jaw dropped and so did his enthusiasm for potentially joining the company. Not knowing how what she had just done, the HR person sent the security job candidate a loud and clear message suggesting that her company that was making loads of money doesn't take care of its people.

The interview process had barely started and the candidate was mentally ready to go home.

The candidate’s next interview was with a group of people. I’d give you their titles but after spending an hour or more in an interview process, nobody on the company side disclosed their title. Nobody offered a business card. This candidate had never before been to an interview where everybody kept their identity concealed. What are they hiding he thought? Another loud and clear message that this group of people didn't have their game together.

When I prep security job candidates for interviews through SecurityRecruiter.com, I always walk through the entire interview agenda so the candidate knows precisely who they’ll be meeting and they know a little bit about the interviewer’s background. I don’t tell them what to say, how to say or to whom to say anything. I simply want my security job candidates to be well-prepared for their interviews. More often than not, they’re not just well-prepared, they hit a home run.

Nobody can properly deliver a message if they don't know who is sitting in their audience.

Put yourself in this security job candidate’s shoes. You’ve been through the HR part of the interview and you now know that you aren’t going to get reimbursed for hundreds of dollars of travel and lodging expenses. Keep in mind that you’ve been out of work for a year so your money isn’t growing on a tree in the back yard.

You get to the core interview team and everything is a mystery.

Some employers need to wake up and smell the coffee. Yes, our economy is still in bad shape and we’re dealing with wars and oil spills as a nation. Despite all of the struggles that exist in our world, security skilled professionals are in demand and the best of them are nearly always gainfully employed at a competing company.

Regardless of what kind of hiring an employer is doing, a process needs to be in place for handling security job candidates. The best of these people are generally gainfully employed and they’re not going to leave their current job to join a company that doesn’t have its act together.

Back to my friend who works at the Director of Corporate Security level. After listening to him for a while, I came to the conclusion that he didn’t necessarily do anything wrong in this particular interview process. He stepped into a very large, very well-established company that needs more training with regards to handling security job candidates than the candidate needs interview training.

When you’re on the job market and you’re looking for a security job, as difficult as it might be to walk away from a job offer, be sure you're interviewing prospective employers to determine if they’re right for you as much as you’re being interviewed by the employer.

Security Recruiter Blog

Security Jobs: Security Consultant, Mexico City, Mexico

noreply@blogger.com (Jeff Snyder) — Tue, 15 Jun 2010 20:00:00 +0000

Senior Security Consultant, Mexico City

Mexico City, Mexico, Central America and the Caribbean
Relocation, Six Figure Income and Benefits Included

JOB DESCRIPTION

Based in Mexico City, the Senior Consultant, Security Consulting will lead on the day-to-day delivery of security consulting services to Control Risks clients in Mexico, Central America and the Caribbean reporting to the Practice Head.

The incumbent is also a fee-earning consultant with advanced experience and skills who commands substantial revenues through work generation, direct fee earning on more complex tasks, and resource management.

In addition, Senior Consultants are business developers whose financial contribution to the organisation is greater than they are able to provide through their own fee earning capabilities alone.

The Senior Consultant, Security Consulting provides expert consultancy advice to clients, in the areas of security risk management as well as organising, managing, and coordinating consultants and sub-contractors in the delivery of client tasks.

RESPONSIBILITIES

• Lead and service multiple assignments as full case manager responsible for entire project cycle.
• Service particularly complex or multi-faceted tasks, either alone or in coordination with the practice head.
• Lead assignments where a number of consultants are engaged, direct project teams.
• Work closely with consultants in the Americas and around the world on the delivery of client tasks.
• Delegate aspects of assignments to junior team members.
• Manage subcontractors.
• Attend meetings with clients and potential clients.
• Write proposals and reports for clients and potential clients.
• Make presentations to clients.
• Achieve client satisfaction.
• Develop new client relationships.
• Domestic and international travel, as necessary, to serve clients.
• Ensure that client invoices are accurate, complete and timely.
• Keep practice head regularly advised of sub-practice business activity.
• Act as deputy to the practice head.

LANGUAGE REQUIREMENTS

• English and Spanish (essential)

QUALIFICATIONS AND SKILLS

Essential:

• Superior English writing skills

• Management experience

• University education preferred

EXPERIENCE

Essential:

• 3-5 years private sector background in security or business risk consultancy, or minimum 8 years experience in armed forces, law enforcement, or intelligence

• Deep understanding of Security Risk Management methodologies

• Experience of living/working in Latin America

ADDITIONAL QUALITIES

• Drive, enthusiasm and commitment
• Self-starting, allied with pragmatism and common sense
• Logical thinking with an analytical and organized mindset
• Pro-active, prepared to give more than expected of him/her
• Able to ‘think outside the box’
• Inherent integrity and instinctive appreciation of ethical behaviour and ‘where to draw the line’
• Flexibility, total commitment (not a ‘9- 5er’) and a strong team player
• Ability to interact successfully across and with various cultures

Apply on-line at the Security Jobs section of SecurityRecruiter.com

Security Recruiter Blog, Mexico Security Job, International Security Job, Mexico Security Consultant

Security Resumes: Security Resume Writing, a Success Testimonial

noreply@blogger.com (Jeff Snyder) — Tue, 15 Jun 2010 13:00:00 +0000

An Unsolicited Security Resume Writing Testimony

Writing a security resume for a senior security job in today’s age, is quite different than it was even 4-5 years ago. The competition is fierce and the average recruiter receives 100-150 resumes for every job that is vacant. I have heard of some HR recruiters that have received over 500 resume for just one position. So what does this mean to you and why am I writing this in Jeff Snyder’s Security Recruiter Blog?

I am a senior level security job candidate with 25 years of law enforcement and 11 years in the global corporate security world. (I found myself out of work due to a major reorganization in my last position).

I have had my resume written several times by “alleged professionals” and had purchased numerous books on how to write a “perfect resume”. I was receiving OK responses with my so called professional resume but thought it should have gotten a little more attention.

What was I doing wrong?

What I learned was, there is no such thing as a perfect resume. You need to have someone who sees thousands of resumes as part of their job to review what you were presenting as your professional history, especially in a specialized field such as security.

When you send that resume to some HR person, it goes through about a 10-15 second quick scan to see if it meets the needs of the job announcement/qualifications. If not, it goes in the garbage or not qualified stack.

Gee…I thought an executive security recruiter such as Jeff should maybe have a look at my so called professional resume.

At the time, I was interested in a position that Jeff had posted on his SecurityRecruiter.com web site. I thought, what the heck, I will send Jeff my resume and use his service to review what I had written.

Jeff was very proactive and re-wrote my resume for a fraction of what I had paid others to do. When I received the new resume back form Jeff, I found that Jeff did an outstanding job in re-formatting my resume and was able to capture 30 plus years of experience in a very detailed, concise and professional manner.

I was very impressed. I felt I had wasted my money and time on the so called professional resume writers. I found that I needed someone in the security sector to review mine.

After receiving my new resume, I applied for the position the Jeff had open. Not only did this new resume land me an interview for the position that Jeff had posted (only the top 3 candidates were selected for a face-to-face interview) but it has generated outstanding response from other corporations.

Ultimately, I was not chosen for the position Jeff had to offer but I have had more interviews and responses after having Jeff re-write my resume than I have had in months. I am currently interviewing for 3 jobs at the same time. Amazing!

What Jeff provided me was an extremely well written security resume and I am able to make minor changes to it and can apply for a variety of positions. I have been extremely satisfied and I should have had my resume re-written years ago by Jeff.

Jeff will work with you every step of the way and ensure that you are happy with the results of your security resume. If you are considering applying for a position in security for a senior level or executive level position, I encourage you to send your old resume in for a critique prior to sending in your old resume in response to a security job posting.

I can’t thank Jeff enough for the security resume writing service. I have been told by many companies, that my resume is outstanding and it is getting results beyond my wildest expectations.

Regards,

David Gulosh (CCSO)

Teamwork in Business is Critically Important

noreply@blogger.com (Jeff Snyder) — Mon, 14 Jun 2010 13:00:00 +0000

I’ve been accused of being a thrill seeking adrenaline junky. I admit to being what I’ve been accused of being. There aren’t enough dayd in the week to play all the sports I’d like to be playing but I’m doing a pretty good job of maximizing the time that is available. While some of my sports are individual sports like skiing or tennis, I also play hockey, softball and volleyball on a regular basis.

Last night, my red jersey hockey team played a team I honestly thought we would not be able to beat. I play on Tuesday nights on a green jersey team with four guys from the team we played last night. They’re all very talented and quite frankly, I didn’t think my red team had as much talent.

To my surprise, we beat the maroon team 3-1 and I attribute the win to three periods of all-out skating and outstanding teamwork by everyone on my team.

I’ve been working on a retained search to recruit a Chief Information Security Officer for a strong and growing bank. During yesterday’s progress call with the CIO and an HR VP from my bank client, I heard many references made using the words collaboration and teamwork.

In order for my bank client’s CIO to succeed in his job, he needs to surround himself with a CTO, a CISO and likely others I can’t name who are all working as part of a team to accomplish agreed upon business objectives. No teamwork, no success.

If you don’t play softball, volleyball or hockey, you might not understand how critically important it is to have the right players in the right positions and for everybody to work together as a well-oiled machine.

Since I do play these sports, it is very easy for me to see the parallel between teamwork in sports and teamwork in business. One person who thinks they can get the job done entirely by themselves on a sports team or in a business environment will do the team more harm than good more often than not.

In this picture, I didn't hit a homerun. I did get a solid tripple and then someone else on the team hit a single and got the RBI. I was just the lucky one who got to cross the plate. The tripple didn't score a run but the triple followed by the single did turn into a run. By the way, this softball team I'm on had not won in its first few games. A great team effort on Wednesday turned into a win. Teamwork at it's best!

The security job candidate who wins the bank CISO Job will no doubt be an information security executive who understands how to align security and risk management programs with the needs of the business and one who is an expert at building, managing and guiding a highly skilled team of security professionals.

If any one part of the CISO job candidate’s set of skills is weak, they won’t make the final cut.

Security Recruiter Blog

LinkedIn: InMail

noreply@blogger.com (Jeff Snyder) — Thu, 10 Jun 2010 16:45:00 +0000

I thought a few readers might appreciate a quick update on the value of LinkedIn tools based on my own personal experience from five years ago and from recent months. The topic today is LinkedIn InMail.

I can still remember the time over five years ago when it was exciting to see my personal LinkedIn network grow from 100 to 200 to 300, etc. direct contacts. Today, it grows at the rate of 20,000+ people per day on a global basis.

The numbers mean very little unless value can be attached to the numbers. For a security recruiter or for a recruiter of any kind, numbers are of great value but only if potential recruits can actually be reached to build a relationship.

The path of least resistance for recruiters and sales people today is through email or in the case of LinkedIn, through an InMail. Or at least it might seem to be a path of least resistance until you send email to someone who receives hundreds of emails per day and your message gets lost in their overwhelming pile of data.

Through LinkedIn, there is a tool called an InMail. As a LinkedIn user, you have to pay to use InMails. InMails are essentially an electronic cold call to someone who uses LinkedIn. In theory, the idea makes a lot of sense. Send an InMail that is automatically attached to your LinkedIn profile and recommendations if you have them and the person on the other end should want to communicate with you based on seeing a profile of who you are and what others have to say about you.

In theory, this mode of reaching out to a stranger makes a lot of sense. If you send an InMail and it isn’t reviewed by the intended recipient within 7 days, the InMail is credited back to your account. The problem is that you don’t automatically know that the InMail wasn’t read unless you go back and audit all the InMails you may have sent last week.

While working on a major recruting assignment, it is very easy to send out 40+ highly targeted InMails in just a couple of days. This is precisely what I did by the way.

When I first tested InMails five years ago, LinkedIn had somewhere between three and five million members. The rate of InMails being opened within 7 days was approximately 20%. That means that after waiting a week for the recipient of my InMail to respond to me, I figured out that 80% of my InMails had never even been seen. They weren't rejected, they simply weren't seen.

Just so you know, my InMail score is 5 stars. That means that for the people who have opened and read my InMails over the past 5+ years, they've always found my InMails to be highly targeted and highly relavant to their interests.

Five years later or over the past few months, I’ve tried using InMails again while working on a retained Chief Information Security Officer recruiting assignment. The results are very similar to five years ago in that 80% of my InMails had not been reviewed by the intended audience after a week. I had to go back to every LinkedIn profile I sent an InMail to and manually determine that my InMail had not been read. To me, this was a monumental waste of time.

As a sales person who needs to reach a certain number of new relationships every day, this method of sending an electronic message, crossing my fingers and waiting added up to insanity. The behavior won't be repeated again soon.

InMail, Email and Direct Mail all have value but if you really want to reach someone for the first time, consider picking up the telephone and calling them. At the very least, you know that you left a voice mail in the intended person’s voice mail. If you get them on the phone, you immediately know that they’re interested or they’re not interested in your message. You don’t have to wait for a week or more to determine that your message has never been reviewed.

Secruity Recruiter Blog

Security Careers: Transitioning from the FBI to Corporate Security

noreply@blogger.com (Jeff Snyder) — Tue, 08 Jun 2010 20:32:00 +0000

FBI to Corporate Security Transition

Through a conversation today with a retiring FBI agent, many of my thoughts and theories were confirmed. When my phone first rang, the FBI agent was hoping to get my point of view regarding his attempt to leave the FBI and to enter corporate security. Over the past few months, this FBI agent had run into multiple road blocks. He was calling for a reality check of sorts and hoping that I might be able to confirm some of his suspicions.

This FBI agent has interviewed with several very prominent companies and has come in second to other candidates each time. He has been scratching his head wondering what he needs to do to get the type of internal investigations job he is seeking in the corporate security sector.

He thinks his investigations skills are as good or better than any other investigations professional in the world and can’t understand why any company wouldn’t want his talent on board. After spending an hour on the phone with this candidate, I learned enough about him to agree that he is very talented and that some company out there should be thrilled to death to have his skills on board. He convinced me that he understands the need to adapt to a corporate culture which will be much different than the FBI culture he was accustomed to for over 20 years of service.

My observation on the corporate security side of an organization is that hiring has been done though the buddy system for many years. Call it a fraternal style of hiring that doesn’t exist on the information security side of a corporation.

To one who does not recruit for a living, it might seem that recruiting a corporate security professional is no different than recruiting an information security professional. From the outside, it may look that way but in order to be successful recruiting on both sides of a corporate security organization (logical and physical security), a security recruiter must understand the different dynamics that exist in every company. This is the kind of work we do at SecruityRecruiter.com.

The FBI agent went on to tell me about one specific interview process where he thinks he lost out to an internal candidate. As his story goes, he was recruited very aggressively through the first few interviews and then, he ran into an interviewer who had once had a bad experience with what he described as a “hard charging FBI agent” who had previously failed at the company.

This interviewer was cold and somewhat abrasive, suggesting that he may have made his mind up to reject the FBI agent candidate I was talking to before he ever arrived at the interview.

The FBI agent asked me if in my experience, I had ever run into a situation where one of his colleagues had failed to integrate properly into the corporate security environment, thereby making it difficult for the company to hire another FBI agent in the future. By asking this question, I could tell that he was starting to connect the dots.

Many FBI, Secret Service, Law Enforcement and Military professionals have been hired into corporate security positions. Sometimes, as high as the CSO level. Sometimes this approach to hiring has worked out well and many times, corporations have figured out that there is a significant culture shift that a retiring federal worker needs to master before they can be successful in a corporate setting.

The FBI agent went on to tell me that everything I was suggesting to him had crossed his mind. The feedback I provided mirrored what he had figured out but didn’t entirely know how to articulate.

In recent months, I have received similar calls from retiring FBI, Secret Service, Law Enforcement, US Marshal Service and Military candidates. Many of these professionals can and will make successful transition into corporate security careers. However, the ones who do not successfully transition into corporate security careers can typically blame their lack of success on a lack of understanding of how to function in the corporate culture.

The FBI caller agreed and suggested that he had seen evidence of both good and bad hires from federal agencies just in the relatively short time he has been interviewing for his first corporate security job.

We’re now working together to determine if there is anything the FBI agent can do to improve his job search approach so that one day I can write a story that explains how the FBI agent acquired his first corporate security job.

Security Recruiter Blog

NaSPA Fall 2010 Conference, Chicago, IL

noreply@blogger.com (Jeff Snyder) — Mon, 07 Jun 2010 17:32:00 +0000

Through a conversation on Friday of last week, Leo Wrobel, President of (NaSPA) Network and Systems Professionals Association extended an invite to me to consider speaking at his organization’s Fall conference taking place in mid-October in Chicago, IL.

Leo explained that the emphasis of this year’s conference was going to focus on careers and employment. When I asked Leo what he might like for me to speak about, he responded by asking me to talk about what employers are looking for when they call to engage our recruiting services.

Leo’s association has been around for two decades. The membership of his association would have been called system programmers back in the 80s. I started recruiting IT professionals in 1990 and as part of my experience, recruited IBM Mainframe system programmer at one time.

Many in Leo’s association became UNIX system administrators and/or LAN/WAN networking professionals in the 1990’s. I placed these types of professionals in the 1990s as I made my way into information security recruiting starting as far back as 1995.

Today, NaSPA’s membership includes system professionals, telecom professionals, disaster recovery and business continuity professionals and information security professionals.

What employers are seeking from each of these groups of professionals is the same, strong verbal and written communication skills coupled with an understanding of the business they’re employed to serve.

Leo requested that I think about putting on a breakout session at his conference. Again, I asked him what value I could contribute to his audience. He suggested that perhaps my breakout session could cover technical resume writing or security resume writing. Ironically, I’m just about to deliver an article to ITBusinessEdge covering Security Resume Writing. This article was created at the magazine’s request.

I think Leo is on the right track with his requests. There will no doubt be lots of deeply technical subjects covered at the Fall NaSPA conference. Leo is asking me to cover the non-technical soft skills that employers specifically ask SecurityRecruiter.com to deliver when they engage our retained security recruiting services.

My understanding is that the cost of attending this Friday / Saturday association meeting will be very low. If you’re a technology professional and are in or near Chicago, stay tuned and I’ll provide more solid information as it comes to me. This association meeting could be an opportunity for you to receive training across a variety of technology domains for a very low cost.

Security Recruiter Blog, Jeff Snyder

A Life Update Blog from Jeff Snyder at SecurityRecruiter.com

noreply@blogger.com (Jeff Snyder) — Thu, 03 Jun 2010 21:53:00 +0000

Recently, while interviewing a candidate for a bank Chief Information Security Officer retained search, the candidate told me he has been following my blog for some time.

Once the interview was complete, we spent some time talking about each other families, hobbies, summer plans, etc. The security job candidate found out that I was headed to Phoenix over Memorial Day weekend to play in an adult hockey tournament. As I talked more about my 6 month old hockey career, the candidate asked me why I didn’t write about such things in my blog.

Truthfully, I didn’t really have an answer. I didn’t think anybody would care that at age 42, I picked up ice hockey for the first time in my life and have now played in excess of 50 games since January. In addition to learning to play hockey, I’ve met no less than 50 new people through the five different teams I’ve played on over my short career.

Here you go Steve!

I took off last Thursday by car to get to a 9 PM game in Phoenix on Friday night. Along the way, I made a brief detour to Sedona, AZ before arriving in my final destination of Scottsdale, AZ. Here are a few images of Sedona.

The weekend in Phoenix was quite an experience. The tournament has been going on for 23 consecutive years and draws players from as far away as Vancouver, Calgary, Cape Cod, etc. With over 80 teams playing, it took four different rinks in Phoenix to accommodate all of our games.

I scored the first goal of the tournament for my team but that wasn’t enough. We played two teams that were better than us but we held our own in close losses. Our final game was against a team that had no business being in our division. They belonged two divisions higher than our division. This team had beaten other teams by scores of 7-1 and 7-2. We figured that our odds of winning were slim so we decided to at least work to keep the scoring down. Our final score in a loss to this outmatched team was 4-2.

I drove to Phoenix so I had many options when it came to how I might drive home. I chose to drive through Northeastern Arizona, Southeastern Utah and Southwest Colorado. I’d always wanted to visit Monument Valley in Utah and on this drive I did! I hope you enjoy these next few photos.

After driving through Monument Valley in Utah, I soon came to Cortez, CO where I had to stop on a 65mph two lane highway for a cattle drive. Seriously, a herd of cattle was being moved from a pasture on the north side of the highway to a pasture on the south side of the highway about a half mile down the road. Traffic was stopped on both sides of the roads while the cows did their thing.

Next up is the Pagosa Springs / Wolf Creek Pass area of Southern Colorado, just north of the New Mexico border. This is one of my favorite parts of the state because it snows 400-500" every winter at the top of Wolf Creek Pass. I've been accused of being a powder hound and I'll have to admit that the label is accurate. I chase storms in the winter for the sole purpose of finding knee deep powder.

This photo shows one of the Collegiate Peaks near Salida, CO. This puts me less than 2 hours from home.

I got back home to Colorado on Tuesday afternoon and had another hockey game on Tuesday. This game was with a brand new team that had never played together before. We skated short with 8 skaters instead of the normal 12-14 and beat a well-established team by the score of 9-1. For my friend Steve, I scored a hat trick and had two assists in this inaugural game for the Green team. Give me a couple of weeks and I’ll let you know if we’re really that good!

Off to hockey tonight with my Red team and then hockey again on Sunday afternoon with my Blue team. Just can’t get enough hockey!

Oh, one more thing. I credit hockey with my 10lb weight loss since January. I’m shooting for another 10lbs to lose before very likely taking on the challenge of joining a national ski patrol program I’ve been invited to here in Colorado next winter.

Security Recruiter Blog, SecurityRecruiter.com, Jeff Snyder