This blog post is meant for the army of recruiters trying to fill information security positions.
In the last fours months I have been contacted a few times a week with various opportunities for full-time consulting or permanent employment. Some come in via LinkedIn requests, some by direct phone call, and many others via email. Many of the jobs are in New York City and Jersey but when I consider how much of my life would be wasted sitting on a train or how unpleasant it is to stand on a train platform in the cold of winter, I hit the delete button.
But sometimes I have a lapse in judgement and I attempt to read the job description. Most of the initial contact includes vague descriptions of the job or role along with a catalog of requirements. The list of requirements feels like the list of features you see in the product description on Amazon.com. Often the list of requirements and number of years of experience is so long I wonder if the person you are looking for didn’t invent the last two decades of computing technology. It’s quite clear in many case that you have no idea what information security professionals do. Worse, you have no idea what your client needs.
A rapidly expanding Security company is looking for smart, energetic, and motivated individuals to add to its New York City teams. As a Senior Security Consultant you will help to lead staff …
I see text like the one above and I want to throw up. What do those two sentences mean? How many companies are looking for stupid, listless, and unmotivated employees? How many job applicants are looking to work for slowly expanding companies or even companies in the middle of downsizing?
I have spent hours being interviewed via phone or in person only to discover that the compensation and company culture did not meet my requirements.
I came across your profile and wanted to reach out to you about a fulltime Security Compliance Analyst position with our direct client.
I would very much welcome the opportunity to speak with you at your convenience to provide further detail on this role. If you are interested, please forward your most current resume in Word format along with contact details and billing/salary expectations. If you are not actively looking or if this job is not the right fit, please feel free to pass along my contact information to anyone you know who might meet the requirements.
So great, you tell me nothing about the client or what the job pays but you want me to send you my résumé, contact information and salary expectations.
Ok. Here it is. I expect compensation to be in the range of $180k to $250k, with full medical benefits, a matching 401k, and no less than four weeks vacation. For consulting work, I bill at $150-$300/hour on a contract basis. I will not do W2 consulting. There is no value to me in doing that.
Once I get on the phone do not waste my time telling me all about how great the company or job is. Why mention Fortune 500 list and how many awards your client has? Why would I be impressed by any of that? How does your client’s award help me pay my bills? I don’t want to be “sold” on a job or a company. I’m not looking for a date.
Here’s how I want it to go down. Before you contact me, do some work. Talk to your client. Understand what sort of candidate the client is looking for. Fact check the list of requirements and sort the “must have” qualifications from the “wish list” qualifications. If my qualifications and experience looks like a match contact me.
If you contact me via email, please indicate why you think I am a good match for the role. Be upfront on what the compensation could be. I don’t need exact figures. I just want a salary range, where there is a bonus, medical benefits, vacation etc.
Once we’ve established that the role meets my requirements we can discuss setting up an interview so I can find out what is it really like to work at that company.
I hope my tone doesn’t seem flippant, but when you know the answers to those questions, we can talk.