Undercover: A Painful Lack of Security Jobs

An IT security pro's personal tale of a long and bloody job hunt and what it says about the industry's current state of affairs.

We can blame it all on this dastardly economy, but even in good periods, qualified individuals find it difficult to land a job as an executive.

Just recently, I applied for a job as a director of information security. The position reported directly to the company's hiring manager (CIO). It was widely advertised at the company so many of my friends and colleagues knew who the hiring manager was. I had already contacted the CIO directly -- and had subsequently been introduced to him and recommended by other CIOs who knew him well, so the hiring manager immediately e-mailed me to say to contact the HR director for an initial phone interview and to call him later that same day.

Both interviews went extremely well, with conversations lasting well over an hour. We covered their challenges that I could address and gravitated to small talk on our past experiences. We clicked and had long, enjoyable conversations. The CIO said he would bring me in for a face-to-face meeting the following week once he had a chance to interview other candidates.

Deep down I was overly cautious, having been burned in the past, as I explained to another candidate who had applied. I said, "It would appear to you I'm a natural shoe-in or on the CIO's short list by knowing so many people and from the work I do. But it is getting to the point that it no longer matters who and what you know, not even if you're a close friend of the hiring manager."

Being well-known in the industry and the local IT community, I knew who these other candidates were, and we shared much information. It is a small world.

In the weeks that passed, I sent the CIO two follow-up e-mails, I also e-mailed the HR director in California. All three were met with silence. I also left the CIO two voice mail messages -- one on his office line, the other on his personal cell phone -- and neither was returned. After three weeks, I received a phone call from the HR director telling me the CIO was unsure about the position. He was contemplating diminishing the role to a lesser grade and I was, of course, overqualified, and so were the other candidates.

The HR person did offer to help me network. He was just as puzzled as I was, and I explained what many information security executives go through. Through subsequent conversations with the other candidates, I learned that the CIO hired someone in an engineering role.

I was not surprised. This has happened to me on countless occasions, as it has with many others across the country.

Here are some of the problems we job seekers are up against.

Corporate Russian roulette

Is it the current economy that forces companies to ask employees to do more for less? Is it the misconception that companies don't really know or understand the enormous value that the CISO/CSO can bring to the table? I have notes recorded in a vast database where I keep track and document every detail of every job. It is an aggregator of executive-level jobs posted across the country that I and others have applied for. It includes the job descriptions, contact information, conversations, e-mail correspondence and communications with other candidates who applied. Interesting enough, a pattern is emerging where a director's job or even that of a CISO/CSO is diminished abruptly to that of an analyst/engineer role, or the job is placed on indefinite hold.

This characteristic pattern is directly responsible for the myriad security breaches happening at many organizations.

I embarked on trying to find out why this is happening, why so many qualified individuals struggle to find employment as an executive in information security, only to experience the same frustrations I've experienced.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitycareers

More about etworkISO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anonymous

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts