5 Deadly Sins of Job SeekersLooking for Work? Want to Make a Good Impression? Avoid These Mistakes
Information security is to some extent unique, and so are the people attracted to the profession. "This requires a whole different breed of professionals who need to have the utmost integrity and passion to endlessly keep going and manage the risks properly," says Dena Haritos Tsamitis, director of education, training and outreach at Carnegie Mellon University's CyLab. "It takes many different security specialists to get things secure enough, and hiring the right individual ultimately makes all the difference." But to secure that ideal job, information security hopefuls first need to first learn what not to do in job interviews.
Here are 5 common mistakes to avoid:
1. Lack of focus: "A very common theme among security job seekers is the lack of ability to define a career path and stick to it," says Ben Rothke, senior security consultant with BT Global Services. "Every industry has a varied importance for security and risk appetite." Security candidates need to know which sector they are targeting and their skill requirement within the industry to better position themselves. There are two defined career tracks within information security -- technical and business. Candidates need to select one and specialize within that. "If you like your work, passion comes out loud and clear in a job interview," says Steve Katz, a prominent figure in the information security discipline and the world's first CISO. He advises security professionals to reflect on-
- Where they want to go;
- Areas and skills they want to specialize in;
- Understand why information security is important to them;
- Reflect on what they have done in the post positions to deserve this new role;
- What are their expectations from their job role and prospective employer?
2. Lack of preparation: Many job seekers feel that conducting an internet research on a prospective employer is enough to be prepared. "This is totally untrue," says Katz. Fundamental research on a prospective employer is important, but not the end of the process. One needs to be prepared to discuss:
- What they can do to manage and address risks properly;
- How they can communicate the impact of security on business, in terms that make sense to business stakeholders and non-IT people;
- Current challenges involved in the job they are doing;
- What role within information security can they play to improve the image of the business?
- How can they add value to the existing job role by relating past experiences and accomplishments achieved to generate a level of confidence in the prospective employer?
The key question every security job seeker needs to address, Katz says, is "How can I better protect the organization and its business from internal and external threats?"
3. Talk negative about former employer: In a new CareerBuilder survey of more than 2,700 hiring managers, 50% of IT employers said talking negatively about a current or previous employer is the most detrimental mistake IT and security candidates make when interviewing. "Why would anyone want to hire a professional who bashes his own employer or company?" says Tsamitis. Security job seekers should not gripe about their current or past employers during the interview, as "The security world is very small and connections very deep," she says. This also reflects badly on the candidate and results in tarnishing their own image in the eyes of hiring managers and recruiters. Security job seekers need to maintain a clean slate in their online profiles as well and focus more on the strengths they can bring to the company vs. casting blame on other people.
4. Overstated resumes and profiles: This is, again, a very common mistake made by entry and mid-level security practitioners who want to market themselves by boosting their experiences in resumes and online profiles. "Telling employers how great they are without the adequate talent is setting them for failure," says Tsamitis. Security candidates need to understand that they will be drilled to some extent in these interviews and will need to demonstrate expertise by citing examples of their problem-solving skills and showing quantifiable evidence of accomplishments achieved for prospective employers to get a buy-in.
There is nothing wrong in a candidate saying, "I don't know" when asked about a certain technology or area. What matters is how willing and committed they are to look for solutions to problems and issues at hand; "Information security is all about integrity, and if you lose that you lose everything," she says.
5. Appear disinterested: Answering in monosyllables and appearing disinterested is another common mistake made by security folks. Candidates need to showcase passion in their work by being compelling in interviews, says Katz. They need to let their prospective employers know that they will get up at 3 a.m. "to get the answers." They need to be convincing about what they want to do and willing to give examples and delve into details when needed. Asking relevant questions during these interviews can help a candidate stand out;
- Why is information security important to the company?
- Why is this position open for interview?
- What was the career path like for individuals who held this position in the past?
- How committed is the prospective employer to ensure the job role succeeds in its objectives?
- What is the contract for their career advancement?
- What are few challenges involved in this current position?
Each individual is ultimately responsible for their own career. "No one will do it for you," says Katz. "The key is to make sure you are always employable."