Tracking down and retaining the right security people poses problems for companies
- Article 16 of 33
- SC Magazine, May 2009
If there's one thing almost everyone seems to agree on, it's that, despite the recession, few are going to be cutting back on security expenditure.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
So recruitment consultants and agencies are the chief port of call for managers. The main agencies are Acumin, Barclay Simpson and Greythorn, but there are other, smaller firms, such as Harvey Nash and Computer People.
Colley says the agencies vary in quality. "Some go rooting through the house for CVs, while others do a much better job of matching CVs to the position. But if people don't meet the requirements, you just say 'Please don't send any more'."
Graeme Cox, MD and co-founder of Edinburgh-based managed service provider, dns, relies on graduate recruiters for entry-level jobs and on Harvey Nash IT director for Scotland, Rhona Hutchon, for senior posts. "I've built up a relationship with Rhona over many years and I value somebody who understands the culture of my business, so I don't get swamped with useless CVs. If I interview someone, I want there to be a significant chance of success."
Cox says Hutchon's willingness to operate as part of his team means that he has continued to use her, even as she has moved between firms. Before contracting her five years ago, he had used other recruiters in a more ad hoc manner, and wasn't as close to them, viewing their services as a commodity. As a result, they weren't successful. He says he receives calls from at least five recruitment companies a week, offering candidates, and that he would be "swamped" if he tried to deal with them all.
Hutchon says that the secret to her finding the right people is networking and industry knowledge. "Sometimes, the people on the market aren't the top percentile of talent. Through networking, you know who the trusted individuals are and which organisations are the ones that develop good staff." She also uses online advertising, user groups and attending relevant security events.
Another recruitment agency, Computer People, has a database of 400,000, mostly from CVs sent in, from which it draws its list of security professionals. The firm then employs a vetting procedure, including aptitude tests and competency-based interviews, to identify candidates' skills. The result, says Mohammed Lakhanpal, who heads the company's security recruitment team, is that most candidates he puts forward are hired on the strength of a phone interview.
The qualities people are looking for vary from job to job, with some roles requiring technical knowledge and others more business-oriented skills. However, Lakhanpal usually offers candidates with track records on long-term projects that have been on time and on budget.
As with most security recruiters, though, his main criteria include integrity, reliability and an "enthusiastic pride in what they do, someone who's still in love with their job. If it's someone in testing, they want to break something then make it unbreakable."
O'Connor agrees. "They have to have an interest in security and bring an enthusiasm to it. If it's just another 9-5 job, then they're not the right person."
Cox says that despite the trend towards people with business experience but little technical background, he still wants someone with IT experience. "They need to be able to connect with the IT security team. I won't hire technophobes who struggle to open their own laptops."
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages