Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

InfoSec Recruiting Secrets

InfoSec Recruiting Secrets
By

Jeff SnyderJeff Snyder

If you're looking for information security recruiters, it's hard to miss Jeff Snyder. In this Toms' IT Pro interview, the veteran IT recruiter advises aspiring and experienced security professionals.

Jeff has over has over 20 years of experience in InfoSec recruiting, and his name is often whispered among top professionals looking to make a move. 

Jeff directs his own ship, under the flag of SecurityRecruiter.com which he launched in 2001.  He has written for several industry trade magazines and is frequently sought after at networking events.

Having caught up with Jeff at ISSA LA in late September, we invited him to share his thoughts regarding the information technology security profession with Tom’s IT Pro.  He offered up a lot of advice to aspiring IT security pros and answered a barrage of questions covering a range of topics: from employer demands in new skills to certifications, pay, tenure and interviewing.

Mikhael: What are some new skills that you’ve seen demanded of IT security professionals in the last two to three years that were not posted on requisitions before?

Jeff:

  • Some of the new technical skills are not so new. Employers continue to seek out security professionals who have application development backgrounds and also application security backgrounds on top. Technical tools that fit into this category include NESSUS, NMAP, AppScan, Snort, Metasploit, etc.
  • As more and more vendors create packaged solutions, employers are seeking experience with SIEM (Security Event and Incident Management) and products such as NetWitness or ArcSight for example.
  • Another area of skill is Threat and Vulnerability management. 

Mikhael: What do you think are the top five mistakes potential candidates make?

Jeff:

  • Failing to understand how their work impacts the business
  • Failing to master relationship building skills
  • Failing to master overall soft skills
  • Sharing resumes that focus too much on technical buzzword lists and not enough on accomplishments and value brought to the business.
  • Not seeking out mentoring/coaching relationships

Mikhael: You mentioned at an ISSA LA event a few weeks ago that companies give more weight to security certifications than Master’s degrees. What are some reasons for that?

Jeff:

  • Companies have not been asking me to deliver candidates who have security focused Master’s degrees.  I’m not sure why.  For mid-level to senior-level security leadership roles, MBA degrees are frequently discussed.
  • Security certifications show an employer where a candidate has built up their areas of subject matter expertise.  A CISSP, for example, tells an employer that a candidate has a general overall understanding of security, but SANS certifications and vendor-specific certifications can show an employer where a candidate has areas of technical depth.
  • If a security professional wants to pursue a Master’s degree in Information Security or Information Assurance or something similar, I think doing so is a great idea.  Just know that employers may not yet understand the value of these degrees to the extent that they’re asking for these particular degrees in job descriptions.

Mikhael FelkerMikhael FelkerMikhael Felker is an IT pro who has worked in Defense, Healthcare, High-Tech and Non-Profits. He teaches, writes, and speaks at numerous Southern California venues about technology. See here to check out all his Tom's IT Pro articles.