Working with recruiters by Kris Rides
Fair use disclaimer: I do not own this content. This post contains excerpts (“highlights”) from a longer article used here solely for educational purposes. All credits go to its rightful owner. Please see Citation information.
<When a recruiter gets some face time or dedicated phone time with a decision maker, the recruiter will have … perhaps only the time to highlight one or two résumés. You want to be one of those. Below are the steps that you can take to become one of those highlighted candidates.>
You may also be interested in How to break into information security.
First things first
<First, let me start with few questions every candidate should have thought about, and have answers to, before he or she looks to move jobs or start a new career:
• Why do you want to make the move?
• What does your perfect job look like?
• What locations are you willing to consider?
• If relocating, is everyone involved in that decision on the same page?
• What salary and benefits do you currently get, or what did you get in your last role?
• What salary and benefits are you looking for, ideally?
• For the perfect job (location and role), what’s the minimum salary and benefits you would accept?
Résumé
<Next, you should think about your experience and how you are going to represent that on your résumé … you want a résumé that reflects your personality, not someone else’s.>
<Keep it factual, concise, and easy to read. Here is a little feedback that we’ve heard repeatedly from InfoSec clients we have recruited for, which may help you prepare your standard résumé:
• Don’t include pictures or dates of birth.
• Don’t overdo it with logos, whether for companies or certifications.
• Keep your professional summary to one or two lines that give facts about your experience.
• Submit the copy as a Microsoft Word document. Many clients request that recruiters add a cover page that has the qualification notes they have taken, and PDFs do not allow that.
• Don’t go crazy with your use of columns or fonts. Keep it simple.
• Keep the résumé’s length to two or three pages, no more—no matter how many years’ experience you have.
• Experience from more than 10 years ago does not need to be described in detail. Company name, job title, and start- and end-date should be sufficient.
<Next, think about how you are going to approach your job search. First, look at your network and ensure that you are maximizing it. Then, make sure you keep a good log of your direct applications, as well as where your agency recruiters are sending you.>
Honesty is the best policy
<Here are some examples of the typical areas where candidates are tempted to stretch the truth—and the likely outcomes:
Area: Multiple job applications, or having a recruiter submit yours when you have already applied.
Perceived outcome: Multiple applications increase your chances of getting noticed.
Actual outcome: If the company comes back saying your résumé is a duplicate, it looks like either you have poor control over your job search, or your recruiter hasn’t done his or her job properly … In all my time recruiting, I have never seen a positive outcome from multiple applications. If you are truly unsure, give the recruiter a heads-up; it’s very easy for him or her to find out if a client has seen your résumé already.
Area: Salary.
Perceived outcome: Inflating your current salary will increase the offer.
Actual outcome: Clients will generally require a W2 and previous paychecks to back up your earnings claims. If you lie on your application, you will immediately have the job offer pulled. Also, most external recruiters’ fees are based on a % of the salary that they negotiate for you. This means it is in their interest to try to get you the best offer they can. The better the offer, the bigger chance you will accept—and they will earn their commission. Work with your recruiter to justify an increase in salary; if he or she is a specialist, they can advise you on what’s happening in your market.
Area: Skills and experience.
Perceived outcome: Adding skills, experience, or qualifications will get you past the initial résumé qualification.
Actual outcome: Hopefully none of you are tempted to do this. There is nothing worse for a candidate than a hiring manager finding out that a candidate fabricated or exaggerated qualifications during a technical interview or background check … An honest candidate who says “I don’t know X, but I have worked with their competitors” or “I haven’t got experience in Y, but here is an example of me learning a new product at my last role,” will get much further along in the process.
Area: Changing start or end dates.
Perceived outcome: It will help you avoid those awkward questions about gaps in your résumé.
Actual outcome: If you are successful in getting the job offer, a background or reference check will very quickly show these gaps.>
Finding a good external recruiter
<If you are an experienced candidate looking to break into information security, I recommend creating a strong relationship with external recruiters that specialize in this niche. They will be able to give you advice on your best route into the industry, and how you as an individual can improve your chances of getting into the position you want. Look at who is advertising the types of positions you are interested in, in the locations you want to work. Don’t be afraid to give those recruiters a call, and if you don’t get through the first time, try again. Or connect with recruiters on LinkedIn, Peerlyst, or other professional social media sites and drop them a message.>
Completely new to infosec?
<Although there will be opportunities through recruiters, they are few and far between … so here are some recommendations as to how you can build your experience and maximize your chances:
• Look at the experience and qualities you have and how and where those attributes might apply in the information security field.
• Can you get involved with information security in your current company? An internal transfer is easier than a move to another company—especially if you’re switching gears in your career.
• Use your company network. For instance, is there an information security person internally who would be willing to mentor you as you learn out of hours?
• If you work for a small company with no InfoSec budget, can you apply what you learn in your own time and help your company improve its security?
• If you have heavy experience in a specific industry, remember, a move within the same industry will be an easier change and will maximize the experience and credibility you’ve built up.
• Look for people via social media that have made the same career change as you are looking to make, and see if they will pass on some advice.
• If you’re currently not working, can you volunteer your experience to small companies that may have little or no budget and be willing to let you improve their security posture while you gain experience and references?
• Are you willing to do paid/unpaid internships at companies to build your experience?
<My final note to all looking to either move to, or within, InfoSec, is that there is nothing that compares to building your network. Try to get to as many conferences as possible. Some are expensive, but others aren’t: For instance, BSides holds some of the best free conferences all over the country … Also, don’t forget to attend meet-ups of local chapters of organizations such as the Cloud Security Alliance, ISSA, ISC2, OWASP, etc.>
Citation information
Kris Rides. (2016). Working with recruiters (Ch. 4). In Beginner’s Guide To Information Security (pp. 22-26). Peerlyst. Retrieved from https://www.peerlyst.com/posts/peerlyst-announcing-its-first-community-ebook-the-beginner-s-guide-to-information-security-limor-elbaz
