Category Archives: Information Security Jobs

Acumin rocks into the USA

Acumin, an international information security and information risk management recruitment specialist, which has been delivering expert advice and assistance since 1998, is now expanding its operations into the US market.

The recruitment agency, which is comprised of a number of specialist consultants, delivers a comprehensive range of services across a number of platforms, catering for all sorts of professionals looking to enter the industry, change direction or move up.

This includes governance and compliance; penetration testing, forensics and intrusion analysis; technical security; business continuity management; sales engineering and executive management. Inclusive it most certainly is.

One of the things that distinguish Acumin as a quality recruitment specialist is its experience in the business. Let’s take the US director Jeff Combs as a case in point. With a decade of personal and professional development at Alta Associates in information security recruitment to boot, Mr Combs knows the business inside and out. He spreads his knowledge wide and fair, regularly contributing to CSO Online, the ISSA Journal and SC Magazine’s Skills in Demand.

As such, you can be confident that you’re going to get tailored, accurate and thorough advice, with jobs that are, in a sense, bespoke to what skills you have and where you want to go.

Below is a list of some of the positions waiting to be snapped up by either US residents or Brits looking to move abroad. As you can see from this selection, there is breadth and depth in the jobs available. For more information, visit the website.

Software Services – Product Manager (Chicago, Illinois)

Candidates who are looking to lead the charge in developing software to the exacting needs of a client, will surely agree that this position is one that will interest them greatly

One of the absolute requisites for this position is knowledge and ability to produce a product backlog, with experience in delivering quality assurance procedures.

Along with the skills to engage and work with a wide group of people – from clients to managers to team members – it is essential prospective applicants have a knack of developing swift prototypes and concepts accurately.

IT Security Architect (Sheboygan, Wisconsin)

This brilliant position will suit a talented, proactive and energetic individual looking to add vigour to their career.

You have to be a go-getter, enterprising, with the skills to find, track and manage a variety of security risks and shortcomings that can compromise the integrity of a network.

Ideally, the candidate will be a seasoned pro with a degree to boot. The employer is looking for someone who has spent at least ten plus years in the business, a decade of becoming rather au fait with IT security systems and networks.

Senior Security Consultant (San Francisco, California)

Can you add a tick to the following: CISSP certification? SANS GIAC (GREM, GWAPT) certification? Certified Ethical Hacker certification? Well then, you might be interested in the following job in the fantastic city of San Francisco.

You’ll be working with the crème de la crème of the business, delivering mobile assessments, network and penetration tests and source code reviews, among other things.

As such, the client is seeking a professional with a minimum of three year’s worth of mobile assessment experience; to be savoir-faire in scripting and tool development (for example, Python and/or Ruby); and experience in consultancy in information security.

Would you believe, employees are the biggest cause of data breaches

It’ll be interesting to gauge, statistically of course, the difference between the level of investment that goes in developing strategies, performing regular audits of procedures and investing in security systems aimed at reducing data management breaches coming from outside sources, than those which originate from within.

In other words, are we in the risk management and information security industry more inclined to place a potentially unnecessary emphasis on snubbing out cyber attacks and viruses from non-native sources, than on mistakes made by ‘our own’?

The question may be construed as provocative, but its purpose is not to assail organisations – or for that matter staff – but to understand what the status quo is. We only ask because a new study done in collaboration with Symantec and the Ponemon Institute has revealed that in the US, “negligent insiders” have been found to be the top cause of data breaches. And some of these are deliberate, or malicious, to use a more accurate word.

So, the details: 39 per cent of organisations that took part in the study said data breaches are a result of carelessness; malicious or criminal attacks account for a third of all breaches; those who employ a chief information security officer (CISO) can reduce cost of data breach significantly; and, positively, fewer customers jump ship when such a breach occurs: they stay loyal.

With regards to employing a CISO as one of the key staff members of an organisation, we reckon this is something that will become a lot more prevalent in the foreseeable future. Like, for example, hiring someone to look after finances fulltime, which many businesses already do, CISOs will become part of the norm. This is the information age.

The report estimates that if an organisation appoints an expert and gives him responsibility for protecting data, the average cost of a data breach can be reduced by an astonishing $80 (approximately £50.7) per compromised record. Even hiring via contract – i.e. outsourcing – is highly cost-effective.

“One of the most interesting findings of the 2011 report was the correlation between an organisation having a CISO on its executive team and reduced costs of a data breach,” commented Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “As organisations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”

In the meantime, it is worthwhile up-skilling and educating those about the importance of best practice, highlighting shortcomings that can lead to data breaches and advising staff on how to be careful with the way they deal with data. After all, not every business has the luxury of being in a position to be able to afford hiring a specialist.

A new year, a new you and a new opportunity

At the start of a new year there is a certain impulse to start afresh. Not so much from square one, that would be quite absurd, but from a certain, how can we put it, stage in one’s life? So, as is customary, one will choose to go on a diet after a period of indulgence, we will promise to be more charitable – the older we get so suggests some research – and we’ll give our jobs some deliberation.

With the latter, this is very much a characteristic trend in workplaces up and down the UK, of which our business, the Information security industry, is not exempt. It’s not that we lament our current role – though that can certainly be the case – more that we have a psychological impulse to consider change, to mull over how we can progress in our careers.

“A key issue to consider is whether you will feel more motivated and rewarded by seeking a new challenge in your current role or company than risking a move in uncertain economic times,” John Salt, director of Totaljobs.com, told the Telegraph recently.

“Remember competition for jobs has never been more fierce so if you are going to move companies be certain the role you want is available and you can clearly show why you should get it.”

His thoughts are most astute – this is a challenging time, regardless of where you work and who you work for. Indeed, some of you reading may well be in the unfortunate position of being unemployed. It’s not that you’re without skills or experience, or the lack of impetus to find work. Whether you’re a professional in cyber security, information security or risk management, the current economic environment makes finding work, well, harder than ever before. There are jobs; it’s just that a lot more people are fighting for them.

Companies are also on the lookout for new staff in 2012 and are adopting exciting ways of advertising positions. Take for example an offer of a job for the position of Senior Network Design and Implementation Engineer. The salary is £70,000 to £90,000 (based on experience). The location is London. The client “designs, implements and manages complex IT infrastructures and platforms where it is critical to the customer that their infrastructure has the maximum possible availability”.

So far so good, yes? Well there’s more. If you yourself possess the skills that suit this excellent job, or perhaps know of colleagues, friends and/or associates who would suit this position, then you can bag yourself a cool £500 referral fee (so long as that person is chosen). Not bad eh?

If it piques your interest, the details follow:

The ideal candidate will require the following skills:

Significant experience with Checkpoint/Cisco firewalls and some exposure to switch and load balancer configuration gained in a customer facing business

  • Strong design knowledge and experience of network and security solutions
  • Strong implementation experience of network and security design solutions
  • Strong communication skills and client facing experience

The client lists as responsibilities “design, configuration, implementation of all elements of the managed Network Security service”.

For more information contact James Foster on 020 7510 9042 or email jfoster@acumin.co.uk

A New Year, a new you, a possible new career (or for a good friend of yours) and £500 to celebrate with…it could possibly be the start to a great 2012.

Get Tweeting for Recruitment

It seems like there was never a time when Twitter wasn’t around, such is its ubiquity in contemporary society. From the general public posting ramblings to celebrities waxing lyrical about their lifestyles to the government keeping the public updated about its various endeavours (many of which no doubt centre on the economy!), this social media site has grown exponentially in the last few years.

Twitter has, in short, transformed the way we interact with one another, how we communicate news and information in general and how businesses and organisations conduct their operations. Its success is owed to its simplicity and unmediated real-time nature, USPs that manage to appeal to a wide demographic of people.

The IT security market is no stranger to this medium, which is ideally suited to recruitment. Whether it’s used to source or post job vacancies in, for example, the information security, technical risk or IT forensics professions, or as a means of networking with industry specialists, Twitter is the perfect tool for businesses and prospective employees to connect.

When using Twitter as a recruitment service helpful tips might include utilising hashtags so that tech-savvy professionals looking for work can easily find a job in their given field. For example, let’s say someone is looking for positions in information security – Acumin would post the following “#infosecjobs” in a tweet with an appropriate link to a specific job. This creates an easily searchable trend,  which simply cuts out all the clutter and connects agencies to professionals in a simple and efficient way.

Organisations wanting to headhunt professionals in their sector can take advantage of the many Twitter offshoots, which offer unique ways of engaging with the medium. Take for example http://www.wefollow.com, a user-generated Twitter directory which like the service itself, operates on a simple interface.

Equally, there are ample aggregators out there specifically aimed at bringing together jobs in the information security and risk management sector, which can be discovered by conducting a simple search. Check out, http://www.twitjobsearch.com as just one example of this.

Professionals and agencies working in any given sector can keep a real-time conversation going through their own tweets, @ replies, and retweets. It can be a great tool for keeping abreast of industry developments by following businesses and specialists within the sector. There is a lot of following on Twitter and features such as suggested follows and browsing others’ connections make targeting appropriate sources easier.  To this effect a budding IRM professional might demonstrate gravitas and expertise through posting comments and links about relevant developments in their sector, content an employer might chance upon which also enhances the poster’s own brand.

It’s about the two-way conversation – are you tweeting today?

Follow us on Twitter: @Acumin

How easy is it for us to find your CV?

Search for advice on writing a CV and one of the first things you will read is that it should be no more than two pages long.  The last thing a hiring manager wants to do is read through reams of paper detailing your every project and anything else you’ve ever done or thought about doing in your life; brevity is encouraged, you must engage your reader to keep their attention.

Much of this advice is good. CVs should be succinct, on-topic, and objective. Follow the old mantras about CV writing down to the line though and you are left with a document that will look pretty uploaded on your favourite job boards, but will often see you overlooked for roles for which you are perfectly suitable. A CV is no longer a record of your most worthwhile achievements; it is now a digital resource, a way of indexing your experience.

Ask most jobseekers what they do with their CV once they have finished writing it, and I doubt many will tell you that they print it off, read the advertising section of the newspaper, and then start sending out copies in the post. Typically you will upload it to your favourite job board or send it across to a trusted recruiter. That’s the hard part done, you’ve ‘got yourself out there’, now it’s just a waiting game until the right role comes along, right?

Wrong. Too many candidates fail to consider how life is on the other side of the fence, how we engage with their CVs. This is particularly true when recruiting information security and risk management professionals, who can have very niche skills and responsibilities. So here it is…

Whether it be sat on Monster.co.uk or a recruitment database, it is important to consider how it is accessed. I can tell you that if I know you as a information security candidate, I might search for you by name, but otherwise your suitability for the roles I am working on depends completely on your CV’s ability to match my search. Any recruiter with a little training will understand Boolean search strings, and now in order to ensure you are considered for the most relevant jobs, candidates must too.

CV writing should now be seen as SEO. Consider the meta keywords that will bring you up in the searches for the roles you’re interested in and consider the search hits that will display your profile above your competition. It’s also important to understand the value of your skills, too often I learn about a candidate’s experience with an in-demand technology only when I have invested the time to speak to them.  All recruiters know those calls when a candidate will phone in and enquire as to why they haven’t been contacted about a role for which they believe they are perfect, considering the above, the reason for this becomes quickly apparent.

CVs aren’t telling us enough.  For example, a candidate might simply mention ‘security monitoring’ in one of their roles, when actually they have good knowledge of IDS, IPS, and SIEM systems – which are highly sought at the moment as they tick a few of the required boxes for PCI compliance. Or what about the information risk hot topic of the day, application security, expertise in this area can see some candidates command impressive increases in their salary. Whilst ‘application security expert A’ gets his pay rise, ‘expert B’ is failing to get interviews. I bet you know by now which candidate has written their CV with search terms in mind, who has discussed their experience in a way that makes it clear what they have been doing, and who details their specialisation most effectively.

Ultimately, your hiring manager or recruiter only knows what you tell them, and your CV is your primary form of communication. Your job search may end up a success but think about the exciting opportunities you might have missed out on due to an inability to consider what happens to your CV once it leaves your hard drive. Whilst a strong understanding of the market is going to help, overcoming this is relatively easy – technical skill profiles or project overviews are certainly one way to progress yourself up the search results, particularly in product heavy roles such as IT security engineering. For some, particularly technical security contractors, you might consider writing a version of your CV that is considerably longer than you would normally like, with a simple disclaimer that it is a keyword-optimised document. Another useful measure to take when uploading your CV to a job board is to utilise ‘personal summary’ or ‘about me’ sections to search optimise your profile.

It’s time to stop thinking about how your CV looks, but rather how people will find it.

– Ryan Farmer

rfarmer@acumin.co.uk