IT security pros with the right skills are in big demand. Last year, the employment rate for information security managers averaged .9%, as we reported in High CISO employment rates means shortage for security industry. That's as close to actual full employment as one can get.
But this doesn't mean getting hired is a given. In interview after interview, CISOs and others in the industry express frustration over how difficult it is to find security pros with the right skills. And by right skills we're not just talking technical acumen, but also the ability to work with the business, generate creative ways to help drive the business forward in a secure way.
To get some answers on the best ways to prep for an interview and show that you're the right fit, we set out to ask quite a few security hiring managers, CISOs, IT security recruiters, and others who often find themselves in the interviewing process what they believe it takes to ace the interview.
Here's what they had to say:
Put a Shine on Your Soft Skills
When it comes to interviewing well: personality matters. "You can be the greatest pen tester on earth. You could write flawless code in your sleep. You could be god's gift to mankind when it comes to fuzzing. In most cases, that's a plus but if you can't articulate yourself or work with other people, you are not going to make it," says Ian Amit, director of services at IOActive, Inc. Amit recalls candidates who looked quite well on paper, but in person just didn't have what he felt it took to build solid relationships. "They were too uptight, wound-up, or blah personality," he says.
Don't just answer questions intelligently, ask intelligent questions
Eve Adams, senior talent acquisition expert at Halock Security Labs, who also helps to staff positions for Halock clients, says it's just as important to ask intelligent questions of the person who first contacted you about the job, be that a recruiter or hiring manager. "What are the major security challenges the organization is facing? What's the next problem you're trying to solve in the security sphere: compliance, secure coding, or infrastructural issues? Does the organization plan to expand or streamline its security team," she says. Questions like these not only display keen interest in the role for which you're interviewing, but will help you to suss out whether this position truly makes sense for you, she adds.
Prepare to interview for attitude as well as aptitude
Most of the experts we spoke with agreed that no one is expected, as a new hire, to know everything about everything: both nuances about the business and specialized technical skills can be learned over time. And this advice holds for both senior and entry level positions.
Sign up for Computerworld eNewsletters.