Security Manager's Journal: Ready to hire, but coming up empty

For the past few years, I've been short-staffed. As a result, I've had to do a lot of the security work myself. For example, I've created my own security awareness program, performed SOX functions on my own, gotten internal buy-in for patching and vulnerability management, and even read through firewall logs, among other things. In fact, I so rarely am able to delegate work to other people on my team that this column might be called One-Man Security Department's Journal rather than Security Manager's Journal. But all that is about to change.

I've gotten approval to hire three new people. Evidently, the dam that was built against new hires when the economy was at its most dismal has been breached. I had an intuition that would be the case, so during the fall budget season, I pitched several new staff positions. I'm thrilled to report that they were all approved! With those positions filled, I'll be able to get a lot more security work done. That's good for me and the company.

But I've been quite surprised to find that there aren't very many experienced security professionals looking for work in the areas I'm trying to fill. I had thought that after so many years of a rough economy, people would be lining up at my door when I was finally ready to hire. But that hasn't been the case. Did the dam burst at other companies well ahead of mine?

Optimally, I would like to hire people whose abilities I already have confidence in. With that in mind, I started out by approaching people I've worked with before or otherwise know to be highly competent. But most of my friends and colleagues weren't even open to the idea of changing jobs. Of the few who were willing to talk, none did anything more than talk, and after a few conversations, things went nowhere. That taught me that my friends and colleagues are doing just fine. I was surprised, because in the past, people had been a lot more dissatisfied with their jobs and more willing to consider grabbing a new opportunity.

Next, I asked my contacts whom they knew that might be interested in my jobs. A second-level recommendation is not as reliable as knowing somebody personally, of course, but there's still some value in having a trusted colleague vouch for somebody. But I was surprised again -- nobody I know has any friends or colleagues who are looking for work. That's a lot of people not looking for work.

That left me no choice but to go to the street. I engaged a few headhunters I know (they have gotten me jobs in the past). Unfortunately, recruiters often don't really know the people they bring for interviews. They find resumes on job boards and pre-screen the candidates, but they can't vouch for them. I have to rely on references and background checks. A reference from an unknown third party is never going to be as frank as one from a friend, but it's the best I can do right now.

Across the nation, overall unemployment remains high, but this experience has me thinking that those of us who practice information security are living in our own bubble of prosperity. On that note, I wish you and yours all the best in the new year.

This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at

Join in

To join in the discussions about security, go to

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags managementNetworkingsecurityIT careers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by J.F. Rice

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts