Security Job – Director Cyber Security / NERC CIP Solutions & Business Development

Job Type: Full-time employee
Job Location:  Either TX or could be based anywhere USA. Call for details
Compensation: Base of $120,000 up to mid $100,000 plus bonus.  (Call for details)
Telecommute: Possibly –  this is an option for the right candidate.
Education: Strongly prefer a BS Degree. MBA a plus
Travel %: 30%
Relo Paid: Yes – case by case basis
Status: US Citizen or Green Card – Sorry, no Visa Sponsorship
Insurance / Benefits:  Available day one
SecurityHeadhunter.com, a Security Search Firm, has been engaged to conduct an exclusive search for a Director Cyber Security / NERC CIP Solutions & Business Development. My global reaching client is a leader in providing innovative software solutions and services to industrial facilities worldwide. Their software solutions and services not only improve Human Reliability, but enhance regulatory compliance, increase safety and improve facility profitability. My client, who has a reputation of engineering several industry first solutions, has now developed a very unique NERC CIP / cyber security solution that will truly improve a company’s ability to be in compliance with their Security & NERC CIP regulations, and other guidelines in a much more effective and time efficient manner.

The candidate I seek will have a solid Cyber Security background coupled with both a solid understanding of NERC CIP. They will also be someone who is engaged in  and business development experience to be able to help drive my client’s cyber security solution to the power industry and other markets from a technical and business platform.  Having experience with automation such as SCADA, DCS, PLC is a plus.

Role Description

In this role, you will have responsibility to further define and market this unique cyber security solution.  Tasks will include:

  • Assisting / leading development of a business plan and marketing plan to educate the market on this unique solution.
  • Determine software and services requirements for the solution to be delivered.
  • Work to become a recognized industry expert on Cyber Security and NERC, attending multiple trade group related events and so forth.

Qualifications

The successful candidate should have the following qualifications:

Minimum 5 to 10 years experience in the field of cyber security, with solid experience in NERC CIP and business development.

  • Prefer a 4 year Bachelor degree in related technical field (Computer Engineering, Electrical Engineering, Computer Science, etc.).  MBA a plus but not a requirement
  • Preference will be given to candidates with automation experience (DCS, PLC, SCADA, etc.)
  • Excellent written and verbal communication skills, experienced in delivering technical presentations to industry groups.
  • Experience in both technical “hands-on” work, as well as business roles (sales, marketing, business development, etc.).

To confidentially discuss many more details of this position, please contact Wils Bell directly at 407-365-2404 or email a confidential resume to: Bell@SecurityHeadhunter.com

Wils Bell
President
SecurityHeadHunter.com

POB 620298 * Oviedo, FL32762
Direct: 407-365-2404
Bell@SecurityHeadhunter.com l SecurityHeadhunter.com

 

Follow me on Twitter for the latest news, jobs, and breaches.

Breaches & Security News

Follow me on Twitter @Security_REC for news, jobs and…

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Security Breaches & Security News

To follow Security Breaches and Security News throughout the day, follow me on Twitter 

Massachusetts hospital to pay $750,000 for 2010 data breach

Senator wants more info on data breach at federal government’s retirement plan

Malicious PowerPoint File Targeting Flash Player Vulnerability

California IT technician sentenced to nearly five years for identity theft

Survey Shows Consumers Still Openly Risking ID Theft

Linkedin Hacked: A Few App Suggestions For Protecting Your Online Passwords

LinkedIn Investigating Password Leak That Could Affect 6.5 M

Top 4 Malware-Related Issues for 2012

What’s the Meaning of This: Flame Malware

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

Hackers Don’t Like to Work Weekends

Serco: ‘Sophisticated’ Attack On U.S. Govt. Pension Plan Nets Info On 123k

N.J. Mayor, Son Accused of Hacking Political Web Site

Company Fined for Distributing Malicious Android Apps

WHMCS victim of social engineering; over 500,000 client records stolen, deleted from server, and dumped publicly

IXESHE Malware Avoids Easy Detection to Remain a Persistent Threat

FBI Tells You Everything You Wanted To Know About Online Frauds But Were Too Afraid To Ask

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Latest Infosec News

Follow my Twitter feeds for daily breach and security news.

Researchers uncover causes of MilitarySingles.com hack

NASA denies Iranian cyberattack

Absinthe 2.0 Jailbreak for iOS 5.1.1 Devices Released

New York Lawmakers Want Anonymous Comments Banned

FBI Warns Top Firms Of Anonymous Protest Hacks on May 25

The Virtual Sky is Falling!

Internet Fraudster Back in US After Being Fugitive for 12 Years

Join the Fight Against Cyber Spying Proposals in the Senate   

UK’s new cookie law came into effect Sunday

Yahoo and TalkTalk confirm human error as weakness security link

Flame proves cyberwarfare is active

Why Boards of Directors Don’t Get It

Mass. Hospital Pays Breach Settlement

Insider Case Exposes Security Lapses

Fighting Hackers With Public Relations

Olympic-themed spam emails carries malicious PDF  

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Where’s that document I signed?

Several years ago when you started that new position it was a very exciting time.  That first  morning down in Human Resources getting ready for your orientation and filling out and signing paperwork.   There was the health insurance paperwork,  the life insurance paperwork, the tax withholding paperwork, the retirement account paperwork, and perhaps  the employee conduct handbook. Was there anything else that you signed?

Hey, what about that Non Compete Agreement / Non Disclosure Agreement paperwork. Did you sign one of those also? Chances are you did, but what exactly did it say?

Now, fast forward to present day. Do you know where your signed copy of your agreement is located? Just what were those restrictions or limitations you’re subject to if /when you leave this employer.

According to a lot of people I have asked that question to recently, very few people know the exact location and can put their hands on the agreement today. Some folks have no idea where it is or did they even keep a copy, while others think maybe they might be able to  find it, but aren’t sure.

These type agreements should be considered a very important document to you for many reason.

Most people who know exactly where it is , simply scanned it after they took it home and it’s on the hard drive AND backed up. Others have it in the safety deposit box. It doesn’t really matter where you keep it as long as it is safe and you can put your hands on it when needed.

Having to call your employer’s HR department and ask for a copy just might alert someone as to your career plans.

The point of this whole article is that it only takes you a minute to save your signed agreement securely so you’ll be able to access if and when the times comes. It could and can save you a lot of headaches and other issues down the road when you decide it is time for a change and you need to know just what it says.

Just my 2 cents worth.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

Is Global Payments the Only Breach?

Pump Up Your P@$$w0rd$

Real Questions about Huawei for US Rep. Frank Wolf

Active Zeus C&Cs Remain Following Microsoft Takedown

Flight check-in emails lead to Zeus infection

Facebook Users Targeted by Ice IX Malware in Credit Card Grab

Infographic: Infections from 25K Sites Hit 10M Victims in February

US Airways Spam Redirects to Blackhole, Zeus Infection

 Mozilla Adds Older Java Versions to Firefox Blocklist

ACLU finds widespread warrantless cell phone tracking by local police

Ten Takeaways from the Tilded Platform

FTC to Link Do-Not-Track and Big Data Concerns

The Technical Debt Bubble and Its Effect on IT Security

Check Point Fails to Renew Domain Name CheckPoint.Com

LulzSec Hacker Ryan Cleary Put Back in Jail for Emailing Sabu

Anonymous: We Don’t Agree with LulzSec Reborn

Cyber Criminals Top Secret Service Most Wanted List

Shackleford: What’s RIGHT with Infosec

The raid on your medical records 

Sensitive personal information on 800,000 California residents lost between IBM and state office

Rogers-Ruppersberger Cyber Bill Gains Momentum

The First Cyber Shot in a Chinese Jasmine Spring

Wils Bell – President Direct: 407-365-2404 Email: Bell@SecurityHeadhunter.com HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.


Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

Can Health Care Orgs Maintain Trust With Electronic Records?

iOS JavaScript Bug Can Lead to Spoofed Sites

Facebook Warns Users About Timeline Adware

Incident Response and PCI Compliance

Public Key Infrastructure 1998 – 2012

Is a W-2 Considered PHI Under HIPAA?

Department of Defense Developing Cyberspace ‘Rules of Engagement’ Framework

8 Arrested in $4.5 Million Scheme

Key Components of a Social Media Policy

In Australia, secure your Wi-Fi — or face a visit from the police

NSA Chief: Cyber Becoming More Perilous

NSA Chief Denies Wired’s Domestic Spying Story (Fourteen Times) In Congressional Hearing

ISPs Signal Support For Anti-Bot Code Of Conduct

Some Thoughts on Sandboxes

Vulnerability Remediation: No More Traffic Signals

Wireless Security: Wi-Fi Hacking Burglars Get Busted

Hackers Target Social Media for Social Engineering Attacks

Experts Tell Senate: Government Networks Owned, Resistance Is Futile

Verizon: Hacktivists Steal Most Data In 2011

Six High-Risk Flaws Fixed in Google Chrome

Follow-up: Two men who stole bank info from Michaels customers headed to federal prison

Breach Leaves Thousands Of Kaiser Permanente Employees Checking Their Credit Report

Verizon: Hacktivists #1 Breach Threat

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my TWITTER feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Security News & more…

Follow my Twitter feeds for daily breach and security news.

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Security Breaches, Security News & More (week ending 2-17-12)

Follow my Twitter feeds for daily breach and security news.

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches, Cyber Crime & Security News Highlights

** Remember to follow me on Twitter  for daily breach and security news.**

Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions

Anonymous-Linked Attacks Hit US Stock Exchanges

Security practitioners weigh in on the 15 worst data security breaches in recent memory.

Republican senators want to put the brakes on cybersecurity bill

Audit reveals Maryland inmates had access to social security numbers

Local government discloses employee social security numbers

Offer to ‘test’ iPhone 5 is a scam

The escalating cost of US cybersecurity plans

The rise of information stealers and pay-per-install malware

Malware Network Threats Rising, How to Defend Yourself

Senators Unveil Cybersecurity Bill to Empower Homeland Security

Mozilla wants CAs to stop issuing and revoke MITM certificates

Horde FTP server hacked, files modified to include backdoor

Gap in patch priorities vs cybercriminal targets

Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report

Annual Breach Reporting Deadline Looms

Security Falling Short When It Comes To Dealing With Growing Cyber Attacks

U.S. Commerce Department Infected with Malware

Alabama and Texas law enforcement sites fall to hackers

7 Steps to Building a Security Program

78% of organizations that Trustwave investigated had no firewalls at all Adobe’s Security Chief Talks About Driving Up The Cost of Exploits

Symantec Verifies Stolen Source Code Posted By Anonymous is “Legitimate”

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches & Information Security News

Follow my Twitter feeds for daily breach and security news.

 

Ernst & Young loses 401k information of bank employees

Food and beverage industry has unsavory history of data breaches

Disaster Recovery is health industry’s biggest headache

2011 review: CNI targetted, spam down, botnets up

Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Role of Ethics in IT Security

Data Loss Doesn’t Always Mean Getting Hacked

Hackers Infect WordPress Web Sites

VeriSign Hacked – But Why?

Number of patient record data breaches nearly doubled last year

Why Infosec Forced Me to Get an MBA

The Most Technologically Secure Super Bowl Ever

Acts of Terrorism vs. Cyber Threats: New Offense Scenarios

How to Win Friends and Steal Their Facebook Accounts

How To Spot A Fake Facebook Friend Profile

New Guidance on Payments Processing

Healthcare Breaches: Behind the Numbers

Verisign Breached Several Times in 2010

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)

Breaches From Across the Net Week ending 1-13-12

Follow my Twitter feeds for daily breach and security news.

 

 

Wils Bell – President
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

HELPFUL LINKS

  • Twitter (Follow me for latest Jobs, Breaches, and News)
  • LinkedIn (I accept all security professional’s Invites)


Breaches and Security Articles from Around the Web

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

 

Application Security Guide For CISOs

GSA Final Rule Requires Vendor Proof of Security

More than 51,000 security pros employed in Q4, up from 37.000 employed in Q1, study says

FBI Warns: Game Over

Cisero’s sues processor and bank over pass-along fines following alleged breach

Ramnit Worm Threatens Online Accounts

Cyber Attacks May Be Revealed to Investors as SEC Rules Push Disclosures

Researcher Releases New Version of P0f Fingerprinting Tool

Gamers Seek Beta Versions, Download Malware Instead

US and China headed for CYberWar in 2012: 

 

 

 

Breaches & Security News from Around the Internet

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

Top Tech Trends for 2012

Manhattan District Attorney Charges 55 with Cybercrime

Websites, apps vulnerable to low-bandwidth, bot-free takedown, say researchers

Feast of the Seven Phishes 2011

On 2011: The Year of System Failure

Government Can Save Millions Reforming Security Policy

Hackers Publish Information on 90 Million in China

Hackers Release More Information from STRATFOR

The six worst data breaches of 2011

United flyer finds dozens of passengers’ info online

If it’s Friday, it’s time to reset almost 18 million passwords?

Hackers to exploit vulnerable infrastructure in 2012, McAfee warns

Attackers could remotely exploit flaws in Siemens industrial control system app

US-CERT warns about security flaw affecting millions of wireless routers

Japan’s cyber defense weapon: a virus

Breaches & Security Articles from Around the Web 12-14-11

Breaches and Security News from around the web as posted through  my Twitter Account.

Follow me on Twitter

Microsoft Patches Windows Flaw Exploited by Duqu

Restaurant Depot Admits They Were Hacked, Customer Data Stolen

Don’t Fall Victim to Poor Network Segmentation

2,000 live typosquatted domains discovered

The risks of unauthorized access

Top software failures of 2011

RSA breach tops list of 2011’s most significant cybercrimes

Experts tie cyber attacks to Chinese government-backed hacking groups

Homeland Security releases roadmap to improve security in cyberspace

ENISA on Cyber Security: Future Challenges and Opportunities

Cyber Security and Illegal Information Operations

DHS Releases Blueprint for a Secure Cyber Future

Common Errors in Firewall Configurations

FTC Takes on Super Cookies

ENISA Releases DigiNotar Report: Operation Black Tulip

House panel mulls compromise cybersecurity legislation

Adobe patches critical zero-day flaw in Reader and Acrobat

Top Ten Password Cracking Methods

Interviewing Advice

I hope everyone had a great and safe 4th of July holiday.  Our weather was wonderful here in central Florida and several friends joined my wife and me for a party around the pool followed by some great food off the new Weber grill. (It was great cooking over charcoal again after all the years of gas)

The Friday before the holiday, I had a candidate speak by phone with the CISO at a client of mine.  My client is a mid sized organization that realizes they are way behind in their Infrastructure Security and want to bring in a top talent to get them where they need to go.  They had already talked with two other candidates earlier in the week that I had presented and wanted to talk with the third and last person before heading out for the holiday.

 The Candidate Feedback

Friday afternoon, I got a call from my candidate telling me he thought the conversation had gone very well. He was able to answer many technical questions and provide ideas how they would handle the upgrade to new security and so forth. The client really liked his ideas and they seemed to hit it off very well. In fact, they even joked around a bit at the end of the conversation. He felt that my client would want to have him fly in for an interview.

 The Client Feedback

On Tuesday, when we all went back to work, the client called and said they would like to invite candidate #1 and #2 in for on site interviews.  This was great news and I then asked about candidate #3.  Would they also like to invite him in?

The short answer was not at this time.  The client said his skills and experience were great and were equal to the other candidates interviewed through me, but he had turned the client off at the end of their conversation.

Here’s What Happened

During the first 95% of the phone interview, he presented himself well in regards to his current and past duties. He was clear and detailed on the approach he would take to complete the task the position required. They were getting along very well, so well in fact that my candidate decided to share what he though were a couple of humorous anecdotes.

They were funny to the candidate, but the client was not as amused and felt the candidate’s professionalism left something to be desired.

Remember…

When you are on a phone interview you are speaking with a hiring manager / authority.  They are not your friend or buddy today. They may become your boss soon and perhaps later a friend, but not today.  They are on the other end of the phone to learn about you, your experience and personality.

In this economy, most employers are going to phone interview multiple candidates to screen down to a couple to invite onsite for an interview.

Phone interviews need to be handled as professional as an on site interview since they are generally the first step in the process. To be eliminated from the interview process for telling what you think are humorous stories is purely a waste.

In coming days, I’ll right a posting about the no-no’s on interviews both phone and on site.

Security Job: Application Security Consultant

Applications Security Engineer

(Client will consider someone on a telecommuting basis that is “VERY”  experienced in Web AppSec source code review with solid

utilization of source code review tools.)

Job Type: Full-time salaried position

Job Locations: Telecommute

Compensation: $90,000 to $115,000 salary, maybe more

Telecommute: Yes

Education: BS strongly preferred, but not required.

Travel %: minimal

Relo Paid:  Possible assistance available on a case by case basis

Certifications Preferred: CISSP is NOT required, but would be a plus

SecurityHeadhunter.com, a Security Search Firm, has been selected to conduct a search for a Web Application Security Consultant. Our client is looking for a person who has a passion for Web AppSec and understands that this area continues to evolve. The successful candidate needs to have solid Web AppSec experience working performing secure code reviews. Should have experience with one of the leading source code review tools such as Fortify, AppScan, HP Web Inspector or Hail Storm.

A true understanding of the OWASP Top 10 is also needed.

Successful candidate needs to be able to work with and relate to software developers during any and all remediation processes.

Any experience as a software developer working with Java and /or .Net would be very desirable.

RESPONSIBILITIES & DUTIES

  • Conducting web application security source code review / analysis and application vulnerability assessments on both new and existing web applications.
  • Successful candidate will have solid experience performing assessments and testing combined with researching exploits and vulnerabilities
  • Solid understanding of best practices and methodologies of source code reviews.
  • Ability to prepare formal security assessment reports for all applications.
  • Participate and lead when necessary conference calls with internal business customers to review security assessment results.
  • Consult with these internal business customers on remediation options and the retesting of security vulnerabilities that have been fixed and republishing your report to indicate the results.
  • Ability to communicate complex security subjects in easy-to-understand terms.
  • Desire to stay current with emerging technologies and industry trends.
  • Ability to work in a fast paced, challenging and sometimes stressful environment while keeping a cool head.
  • Ability to look at the big picture and help in finding acceptable solutions and remedies.
  • Strong focus and ability to dealing with internal users and customers
  • Solid written and verbal communication skills.

To be considered for this position, please contact Wils Bell directly OR email a confidential resume to : Bell@SecurityHeadhunter.com

Wils Bell
President
SecurityHeadHunter.com, Inc.
POB 620298 * Oviedo, FL 32762
Direct: 407-365-2404
Email: Bell@SecurityHeadhunter.com

Web: SecurityHeadhunter.com

“A Security Search Firm”

Traditional Recruitment Methods in the Security Niche

About two weeks ago I got a call from a firm on the west coast.  This call came from the Director of Information Security and he was frustrated with the fact he had an open senior security position that he had been trying to fill for several months. He had seen very limited resumes thus far and the few he saw were not even close to being a match. I should mention that I get calls like this often from both hiring managers and Human Resource managers.

When I asked how the hiring manager was trying to identify potential talent he stated  the  internal staffing department had been running many adds on the job boards. They also had several recruiters working on the position, but those recruiters didn’t really have a grasp of security or the position itself. Needless to say the hiring manger was frustrated with the whole process and the time that has passed with no good candidate presentations.

Trying to use these traditional types of recruiting for security positions is a little like casting a wide net and see if you catch anything.  Sure, there are times you may get lucky, but many other times you don’t.

The world of recruiting has changed over the last 20 years. It has moved into the electronic world. There are 1,000’s of job boards and social networks like Facebook and LinkedIn. With all this technology you would think that hiring staff for your company is simple.

Well, judging from the comments and conversation I have with many employers that is not the case. Having all the electronic technology in the world does not help if it does not produce the required results.

I hear from Fortune 100 companies and down that identifying “good” talent that meets their security job requirements is getting harder and harder. As I mentioned earlier I get many calls from firms that had an open position for several months simply because the limited talent they see is not close to being a match.

Recruiting in the security niche must be targeted and direct.  Casting a wide net and hoping to catch a perfect candidate is a poor solution for recruitment.

This is where, in my opinion, so many employers are missing out. If the traditional resources you have utilized are NOT producing solid results then why not change those resources. You may very well find that a change is just what your open security positions needed.

Wils Bell

President

SecurityHeadhunter.com, Inc.

SecurityHeadhunter.com is always open to answering questions and discussing security recruitment with both employers and security talented professionals. Feel free to visit us at SecurityHeadhunter.com or call us at 407-365-2404. Let our extensive experience in the Security Search Firm industry work on your behalf.

Are you too perfect to be an effective security manager?

If you’re scratching your head about why users are ignoring security policy, maybe it’s time to review your mistakes – and share them with people

By Michael Santarcangelo

Ever spend time working on policies, solutions and messages only to be ignored or cast aside? Worse, after spending the time to build a solution, are people simply not responding?

Last month I shared the “pink sticky approach” and why it often backfires and complicates the situation. There is more to the story. I learned about the “pink sticky approach” after keynoting a conference. During an open panel, a woman stood up to ask for help improving compliance with the privacy policy. She described how she used the pink stickies and was confused why it led to less compliance instead of more.

To read the full article by Michael on CSO Online click: http://tinyurl.com/23naft3


A Funny Thing Happened During the Interview

A Unique Security Interview

During a conversation today I was reminded of a situation that in some regards was funny and on the other hand was actually rude. It does have a lesson to those employees of companies involved in the interview process.

Here’s what happened. I had a position here in Florida for a senior hands-on technical Security candidate. The client was a solid company with operations around the USA, Caribbean and Central and South America. Even though this company had many bilingual employees due to their different business locations, it was not required on this particular position.

Since the candidate (let’s call them Dave”) I recruited was available ASAP,  had recently relocated to Florida and was local, the employer scheduled an in-house interview for one afternoon. ( I’d known Dave for several years since I recruited him for another opportunity when he lived in the Carolina’s. Still has his Carolina accent.)

The day of the interview arrived and Dave was off to meet everyone. Dave called me on his drive home from the interview  to share his thoughts of the company, the position, the people, etc. He met with Human Resources and got all the HR information and was taken on a brief tour of the facility by another HR representative on the way to interview with the technical security staff  and manager. Dave was taken to a conference room where  the manager and 2 project managers were all waiting to conduct a group interview, even though the interview  itinerary was stated differently, but no big deal.

Here’s where it begin to get a little funny and rude at the same time.  All three employees of the client were asking Dave questions related to the job.  As usual, the questions started out relatively easy and progressed quickly to more difficult questions since Dave was able to answer correctly without any issues. He knew he were doing well. He knew he knew more than the project manager he would report too. He knew the manager thought he would not be challenged for long in the job. He knew he blew away all the other candidates  interviewed thus far, and many other insights.

Now you ask, why would these employees conducting the interview discuss these comments directly in front of Dave. Simple, they were speaking Spanish. Yes they were interviewing in English, but discussing amongst themselves their comments about the candidate. How rude was that, but the fact that Dave was able to understand about 75% of the Spanish was the funny part.

Yes, here’s someone with a Carolina accent that had a real good handle on understanding Spanish. He had worked for a firm in the past with many Latin American clients and  spent 5 years travelling south and picked up Spanish enough to understand people fairly well.

Dave thought it was a real insightful interview situation that most people would never experience, while also being rude.

One we jot to the actual job,  regardless of the rudeness factor, Dave stated that the client indeed had some real security  issues, as I had indicted. Once those issues were resolved over the next many months, the job would not be challenging.  Even though he was ready to go to work, this was not going to present a long-term opportunity. (The client still made him an offer, even though I said it was not necessary)

The overall  problem I saw was the client was discussing Dave and his answers and comments right in front of  him in a language they thought he did not understand. Whether he understood or not I felt and he felt it was rude. Would that have been the normal work environment and atmosphere. In fairness, I did share with the CIO that Dave turned down the position based on opportunity, but for future reference he night want to discuss with his managers their interview style.

I supposed the moral of the story would be never assume anything, like you are not being overheard or understood by those around you.

Have a great Wednesday.

A Cattle Call Approach to Recruitment

I Wish Employers Understood

A couple of months ago I heard about a company rebuilding their web presence and was in need of senior  Security Architect.  I called the CISO and left a voice mail  introducing myself and SecurityHeadhunter.com as a Security Search Firm. I indicated I would send my company Brochure and a link to the SecurityHeadhunter.com web site for their review. I was pleasantly surprised a few days later when I had a voice mail from the CISO (let’s call them John”) saying he would like to talk. When we spoke I had high hopes of picking up the search, which I hand already seen on their career page.

Well, I reach John and yes one of his managers was indeed still  looking for a security architect. They were frustrated in the fact this position had been open for over 7 weeks and the resumes from HR were not close to what was needed skills wise. I was sure my expertise could help identify quality talent, I told John. That’s when the shoe hit the ground. I was informed that all recruitment services must go through the HR department.  John had no control over that aspect of the process, but would  introduce me to the manager, which they connected me with while I was on the phone. Once John got off the call, the other shoe hit the ground. “I appreciate John introducing you, but we have a list of  approved vendors.  Please send your information and we’ll keep it on file” I was informed. I don’t go away that easy, so I let the HR manager know that I am not a general recruiter. I am president of SecurityHeadhunter.com and as the name implies we a  Security Search Firm. We have the ability and expertise to fill this job. Didn’t matter what I said. They had their vendors and they would let me know if I could help in the future. I let John know the outcome of the call.  He was also disappointed.

About 2 weeks ago I got a call from someone in HR (not the manager) asking if I could be available that afternoon for a conference call with the HR Manager and 2 Security managers to discuss the position since they were not getting the resumes they needed. Of course, I could and I was emailed the details to call for the CC.

At 2 pm I called in to enter the CC, but the code number to join the conference I was given was wrong.  I quickly reached the HR rep from earlier and was given the corrected code and called again. It was now 3 minutes after 2pm and when the automated system let me into the conference it announced to me “You are caller number 14  in the conference”.  You have to be kidding I thought. Am I just one of lots of recruiters on this call?  I must be part of a  “Recruiting Cattle Call”. What a waste of my time, but since I was already there I’ll listen.  The  HR Manager was already discussing  salary and other HR information before the  Security Managers detailed the job. It was good information, but nothing I didn’t already understand from a technical standpoint. The Security managers then asked for questions from those listening. I had a couple questions, but  I thought I would sit back and listen to what others asked. Like I suspected about 8 people (recruiters) asked question that made it so clear they had no idea what a security architect is and how to screen their skills.  At this, why would I want to spend valuable recruiting time on a search for an employer that utilizes the Cattle Call recruiting method. I did conduct a quick follow up call with the HR rep and was informed the others on the call were their approved vendors, the same ones that have not filled the job yet.

Time is money and the recruiting process is no different. Employers should try to fill their open jobs on their own if possible, but after 3 months of the efforts of the approved vendors with no success, perhaps it’s time to engage a “Security Headhunter” to fill the position.  In this case, it appears that the approved vendors just are not specialized in getting the correct talent  and I would not work on a search with 10 plus other firms. My time is to valuable to spend in a cattle call search process.

If you are not getting qualified resumes in your recruiting process, then you should change your process.

Moral of the story:  Make the decision to bring a “Security Search Firm” into your process at this point. You’ve given your other resources plenty of time with no success. Sometimes, as employers, you need to make an investment in your search with an exclusive search  that will actually results in a “search assignment” where candidates are recruited for your specific  job, not simply posting jobs to the Internet and see who replies.

I shared these thoughts with the HR manger and the CISO, but nothing yet. (the position is still open)  Perhaps next month the employer will decide to move forward on a real search assignment.

Have a great Monday!

Slow Feedback Is Bad PR For Your Company

Slow Interview Feedback

Last week I had 3 people interviewed in person at three different organizations for 3 different types of positions. Even though each position and organization is different, they all have one thing in common.

Virtually “NO” timely interview feedback.

The problem of getting client feedback in a timely manner is probably the biggest complaint I hear from candidates I represent on search assignments. I have spoken with other recruiters I know in other industries and I hear the same thing from them. It is happening, or rather not happening across all search types to even include Retained Search.

As most of my clients know, when they engage SecurityHeadhunter.com to perform a search assignment for a senior level position, critical hire or hard to fill position, we don’t run out and post jobs to a bunch of job boards. We actually recruit candidates that are generally working and happy in their current job. They are top candidates that will only make a move that is right for their family and career goals.  They ARE NOT actively looking for a job, rather they are interested in hearing about the employer opportunity and once again determining if this new opportunity AND company are a fit for them.

During the interview employers are looking at the candidate for a match, but remember that the candidate is also looking very hard at the employer. What kind of first impression does the employer make on the candidate.

We all know the old saying “There is never a second chance to make a first impression” and when employers wait 4-5 days or a week or longer to provide feedback, this leaves candidates with less than a great impression of that employer.

I understand that everyone is busy.  Just staying up with emails and all the other electronic media can be overwhelming, however when an employer has an open position the goal is to fill that position. To fill the position, interviews must take place and to get candidates to want to work for your company and accept your offer employers must sell the candidates on their company. Dropping the ball on feedback is no way to sell your company to a prospective hire.

All I am trying to say here is that if an employer decides to interview a candidate and go through the time and expense it takes for the interview , then get feedback about the interview out ASAP. Not only will that make my job easier, but the candidates will realize that you are not only serious about filling this position, but you are professional in how your company deals with candidates.