When we begin a search for an information security professional our first step is to have an in depth conversation with the hiring manager. Regardless of the level of the position, this initial discussion centers around what the organizational chart looks like, where this position sits, it’s roles and responsibilities and expectations for success. Our clients typically have a job description prepared with specific tasks that the position is responsible for executing or over seeing. I’m sure you have seen many of these descriptions posted internal to your organization or externally on job boards. Security postings usually focus on the technical requirements. What many people fail to recognize is that this is just the price of admission and far from a guarantee that the job is yours. It’s true that in the past, if your background matched the requirements profile in an information security job description you were well on your way to landing the job. This was partly due to the lack of qualified, experienced candidates and partly because the profession was not as mature as it is today. Although many people focus on these written requirements when interviewing, it is your ability to fulfill the unwritten requirements that will ultimately land you the job.
The unwritten requirements are traits that you have to make evident to your current employer or have the ability to convey to a potential employer. I speak often about differentiators, your ability to articulate the value you add to the overall success of your team and your company as a whole. One of the greatest differentiator is the soft skills that you bring to the table. It is essential that you recognize the importance of conveying these skills to a potential employer.
Make sure that you can identify and articulate a relevant situation or task, the action you took and the result it had in relation to the following unwritten requirements Although each corporate culture, specific position and hiring manager may prioritize these soft skills differently, these three qualities are always differentiators in landing the job.
Manage by influence
We talk about People process and technology, there’s a reason why people come first. If you can’t positively influence the people, all the processes and technology in the world aren’t going to do it for you. Our more progressive clients are beginning to ask the question, “How do you socialize your security program?” What they want to know is, how you achieve results without having direct authority or staff. You must be able to give examples where you were able to leverage your influence and get positive results. You must be able to highlight your organizational agility. Organizational agility is, knowing who to influence, when and how to get things done through formal and informal channels. Whether or not you are interviewing, assess the strength of your organizational agility and work on making it better. Security is about solving complex problems and the only way that’s going to happen is by bringing people together.
Communicate effectively & articulate business value
The only way you can communicate effectively IS to articulate the business value. Know your audience and talk in a language that they are going to understand. One of the most difficult tasks for a technical information security professional to master is messaging. You have to learn to deliver the appropriate message to the appropriate audience. In order to do this you first have to understand security from a broader risk perspective. Then it is extremely important to tailor your security posture to the specific needs and risk appetites of the business. Speaking in terms of operational risk will give you a common language of understanding. It’s one that business managers have lived with for years. Be prepared to give examples of where you have utilized this common ground to build credibility and gain consensus.
Ability to execute
My clients are all results oriented. At the end of the day you have prove your ability to execute and complete tasks successfully. Companies look for a track record of successful execution in their leaders. Be able to articulate examples of how you were able to find ways to say yes to your internal or external clients and customers. Give specific examples of where you were able to make security an enabler not a road block.
I have also found that there are certain personal attributes that companies prioritize when hiring information security professionals, they are:
Leadership-You must be passionate about your ideas and beliefs, and you must be willing to display the strengths of your convictions. You must be optimistic. You must truly care about your team.
Confidence – Leadership requires confidence, in yourself and in the importance of your mission.
Business Savvy – The ability to understand the business you are defending is critical to making the best decisions
Humility – Without humility, one is unable to recognize their weaknesses.
Displaying arrogance is not the way to build consensus, you’d be surprised how many people don’t get job offers simply because of their arrogant behavior.
Passion – if you aren’t excited about your work, why should anyone else care?
Personal Integrity – Integrity is the foundation upon which our industry is built
Tenacity- with the ever increasing range of challenges we all face, the tenacity to succeed in the face of tall odds is an absolute requirement
Sense of Humor – Because some things are so serious that it helps to be able to laugh at them. And having a sense of humor is necessary for when you need to roll with the punches.
Many intelligent, knowledgeable candidates fall short on interviews because they underestimate the value of their soft skills in obtaining a position. Whether you are interviewing or not, do a little soul searching and ask yourself how you measure up on the unwritten requirements scale. The time to think about where you need improvement is now. Corporations are shifting their culture and adding much more value to technology professionals who display strong soft skills and business acumen. It is just as important for you to let these qualities shine through with your current boss and clients as it is a potential employer.
