The right Information Security Candidate: What Applicants Need To Know

Applying for a job can be an ominous task, regardless of the industry. This is becoming an increasing reality for the information security sector, as organisations tighten their screening processes under pressure to find the very best Chief Information Security Officers (CISOs), risk managers and other Information Risk Management staff.  It is more important now than ever to strike the correct balance between credentials, personality and experience to present yourself as the right person to take on the huge responsibility of protecting sensitive data within organisations that may have been rendered vulnerable by the economic climate.

Prepare the Perfect CV
Without a good CV, it’s unlikely you will get your foot in the door of a key banking or financial institution. Ryan Farmer, one of Acumin’s Consultants for Security Vendors and Consultancies has noticed that CVs which paint the full picture of a candidate’s experience are now increasingly difficult to come by: “It is absolutely shocking how many don’t have targets and achievement data on them.”

James Foster, a consultant for Acumin specialising in Sales and Security Delivery Consultants believes that a broad skill set will appeal to organisations due to the level of flexibility it offers.  “Qualifications that allow the company movement when allocating resource for projects are particularly attractive.”
 
Foster continues: “Organisations are most interested in dual Governance, Risk and Compliance (GRC) and technical profiles these days.  If you’re a consultant, ensure you give yourself as holistic a profile as possible based on your experience, and demonstrate your involvement in winning and delivering projects.

“Combinations of commercial and technical skills are very desirable, so don’t sell yourself short in terms of what business development work you’ve been involved in,” Farmer adds.  “For technical roles, a ‘skills capture box’ listing protocols and products worked with is invaluable.  This experience is your currency.”

Impress in your Interview
A notable CV should be followed by an equally impressive interview, says Foster; “Increasingly, interviews are being conducted around more competency-based questions, so be prepared to give examples of successes, obstacles you've overcome and accounts that you've rejuvenated.” 

Scott West, Acumin’s Principle Consultant, agrees.  “It’s an obvious one, but be prepared for your interview.  Research the company and think of previous experiences that will highlight your strengths within security and risk.”

Communication is Key
While the role of an information security professional is intrinsically complex and sophisticated, it is easy to forget that you will need to discuss the elements of the role with other people within the business. “Be a good communicator at all levels,” says West.  “A lot of people get bogged down in the technical detail of security problems, but if you can’t communicate and don’t tailor the message to your audience, be that the business or other technical colleagues, then your message won’t get across,” he continues.

Farmer believes this is even more important when talking to those outside the company.  “You need to be able to freely and eloquently discuss products, solutions and services with vendors to ensure you implement the right IT security and risk management system for the business.  Retailers may not always know what an organisation does and aren’t always going to take the time to find out.”

Be Enthusiastic
West believes passion is an overriding factor that someone looking for a job in the information security sector should portray.  “Employers like to see people who are genuinely interested and passionate about the information security and risk management fields.” 

“Show enthusiasm, not desperation.  It is clearly a difficult market at the moment with increasing numbers of people out of work, and as a result many candidates run the risk of appearing too keen in an interview,” says Farmer.  “There is nothing wrong with communicating a strong interest in a role, closing the interview and following up with a ‘thank you’ email, but overplaying your interest can arouse doubt and suspicion.”

“And never underestimate the value of social media to help you look for a job.  Using LinkedIn is a subtle, yet effective way of showing organisations that you are looking for a new role.  Don’t be afraid to update your status to reflect this – recruiters and hiring managers do notice,” concludes Farmer.

-- By Scott West, Managing Consultant, Acumin Consulting; Ryan Farmer Specialist Consultant, Acumin Consulting and James Foster a Recruitment Consultant, Acumin Consulting.

---

Acumin will be exhibiting at InfoSecurity at Earls Court on April 27-29, Stand K37.  If you would like to discuss your Information Security career or recruitment challenges, please visit www.infosec.co.uk/acumin to register for free entry.