Friday, January 30, 2015

So you want to hire an InfoSecurity professional? [Part 1]

The following posting is an opinion piece.  It's based on personal experiences and anecdotal information.  deal with it.

So your organization is looking to hire one or more Information Security Professionals.  Maybe you are growing your InfoSec organization, adding to your IT organization, or realizing that, yes, you need to create an InfoSec group.  (all those big breaches in the news have you running scared)

Do you have a good idea of what you need in terms of skills, knowledge, and experience?  Do you have a good idea what kind of role you are trying to fill?  Do you have an idea of salary candidates with the skills you need are expecting?  You best figure this out soon. (hopefully you've consulted with professionals to help you out, and I don't mean recruiters.)  Here are some things to consider.

Now, a word of warning.  It may seem that I am stating the obvious at several points, and in a condescending manner.  But the sad thing is that in speaking with recruiters and HR people is that they don't seem to understand these points.  As an infosec professional, this p*sses me off, and so I feel I need to state the obvious for those who don't get it.