Tag Archives: information security jobs

A new year, a new you and a new opportunity

At the start of a new year there is a certain impulse to start afresh. Not so much from square one, that would be quite absurd, but from a certain, how can we put it, stage in one’s life? So, as is customary, one will choose to go on a diet after a period of indulgence, we will promise to be more charitable – the older we get so suggests some research – and we’ll give our jobs some deliberation.

With the latter, this is very much a characteristic trend in workplaces up and down the UK, of which our business, the Information security industry, is not exempt. It’s not that we lament our current role – though that can certainly be the case – more that we have a psychological impulse to consider change, to mull over how we can progress in our careers.

“A key issue to consider is whether you will feel more motivated and rewarded by seeking a new challenge in your current role or company than risking a move in uncertain economic times,” John Salt, director of Totaljobs.com, told the Telegraph recently.

“Remember competition for jobs has never been more fierce so if you are going to move companies be certain the role you want is available and you can clearly show why you should get it.”

His thoughts are most astute – this is a challenging time, regardless of where you work and who you work for. Indeed, some of you reading may well be in the unfortunate position of being unemployed. It’s not that you’re without skills or experience, or the lack of impetus to find work. Whether you’re a professional in cyber security, information security or risk management, the current economic environment makes finding work, well, harder than ever before. There are jobs; it’s just that a lot more people are fighting for them.

Companies are also on the lookout for new staff in 2012 and are adopting exciting ways of advertising positions. Take for example an offer of a job for the position of Senior Network Design and Implementation Engineer. The salary is £70,000 to £90,000 (based on experience). The location is London. The client “designs, implements and manages complex IT infrastructures and platforms where it is critical to the customer that their infrastructure has the maximum possible availability”.

So far so good, yes? Well there’s more. If you yourself possess the skills that suit this excellent job, or perhaps know of colleagues, friends and/or associates who would suit this position, then you can bag yourself a cool £500 referral fee (so long as that person is chosen). Not bad eh?

If it piques your interest, the details follow:

The ideal candidate will require the following skills:

Significant experience with Checkpoint/Cisco firewalls and some exposure to switch and load balancer configuration gained in a customer facing business

  • Strong design knowledge and experience of network and security solutions
  • Strong implementation experience of network and security design solutions
  • Strong communication skills and client facing experience

The client lists as responsibilities “design, configuration, implementation of all elements of the managed Network Security service”.

For more information contact James Foster on 020 7510 9042 or email jfoster@acumin.co.uk

A New Year, a new you, a possible new career (or for a good friend of yours) and £500 to celebrate with…it could possibly be the start to a great 2012.


Making it along the security highway

How does one succeed in anything, let alone in the information security & risk management industry?

Through CAD?

CAD is, as we understand it, is an acronym for computer aided design, which security professionals might agree makes no sense in the context of progressing in their respective careers.

However, here it stands for something altogether different. Simon Hember, Managing Director of Acumin Consulting recently presented at a well known conference, on the Development of the Information Security Professional, in which he described CAD as:

Clarity – how clear is it in your own mind what it is you want to achieve?

Awareness – is your currency as a professional valuable?

Direction – are you positive that you are heading in the right direction?

Who would have thought that three simple words, backed by three relatively straightforward questions, could be used to weigh up what it is you do in life.

In an age of uncertainty – general economic malaise and the so-called crisis of capitalism – these words take on an ever greater significance.

As security professionals, whether it is working in forensics, cyber security or ethical hacking to name but a few, the choices you make now can have a real lasting impact…for good and for bad.

One of the biggest realisations for such individuals is the pace of change affecting our industry. The choices you make – and indeed, the choices you can make – are affected by what is going on.

In the space of 30 years, we have gone from the introduction of ARPAnet (1969) to the creation of the first computer worm (1979) to the first computer virus (1983) to the invention of the web (1989) to 51 million people globally banking online (2008).

What this highlights is the continuous and in some cases unpredictable changes that affect the industry but also the dualistic quality of things. With every bit of progress – ARPAnet and the web – there’s always an underbelly of wickedness – computer worm and virus respectively. That hasn’t changed – it never will.

As such, you as a professional, well, you’ve never been so in demand. Sure job opportunities will increase, but so too will the competitiveness of securing high-quality, career defining jobs. The kind of work you can look back on when you retire with fondness. “I did some good,” you’ll say reflectively.

Consequently, CAD becomes a part of your philosophy that ensures you know what you’re doing and that you stand out. It’s getting tougher.

“Back in the late 90s when we started recruiting in information security you folks were a scarce commodity,” said Mr Hember.

“You only had to have the word security on your CV and employers were queuing up to hire you. As times have changed, this is not so special anymore.”

Which is not say pack up your bags and exit the building – it’s a wake-up call to take control of your career. Of your destiny if you want hyperbole. In our next blog we discuss how you can start to do this, but for now, a quote to meditate on, from the classic sci-fi movie Terminator 2: Judgement Day.

“The future is not set. There is no fate but what we make for ourselves.”

Get Tweeting for Recruitment

It seems like there was never a time when Twitter wasn’t around, such is its ubiquity in contemporary society. From the general public posting ramblings to celebrities waxing lyrical about their lifestyles to the government keeping the public updated about its various endeavours (many of which no doubt centre on the economy!), this social media site has grown exponentially in the last few years.

Twitter has, in short, transformed the way we interact with one another, how we communicate news and information in general and how businesses and organisations conduct their operations. Its success is owed to its simplicity and unmediated real-time nature, USPs that manage to appeal to a wide demographic of people.

The IT security market is no stranger to this medium, which is ideally suited to recruitment. Whether it’s used to source or post job vacancies in, for example, the information security, technical risk or IT forensics professions, or as a means of networking with industry specialists, Twitter is the perfect tool for businesses and prospective employees to connect.

When using Twitter as a recruitment service helpful tips might include utilising hashtags so that tech-savvy professionals looking for work can easily find a job in their given field. For example, let’s say someone is looking for positions in information security – Acumin would post the following “#infosecjobs” in a tweet with an appropriate link to a specific job. This creates an easily searchable trend,  which simply cuts out all the clutter and connects agencies to professionals in a simple and efficient way.

Organisations wanting to headhunt professionals in their sector can take advantage of the many Twitter offshoots, which offer unique ways of engaging with the medium. Take for example http://www.wefollow.com, a user-generated Twitter directory which like the service itself, operates on a simple interface.

Equally, there are ample aggregators out there specifically aimed at bringing together jobs in the information security and risk management sector, which can be discovered by conducting a simple search. Check out, http://www.twitjobsearch.com as just one example of this.

Professionals and agencies working in any given sector can keep a real-time conversation going through their own tweets, @ replies, and retweets. It can be a great tool for keeping abreast of industry developments by following businesses and specialists within the sector. There is a lot of following on Twitter and features such as suggested follows and browsing others’ connections make targeting appropriate sources easier.  To this effect a budding IRM professional might demonstrate gravitas and expertise through posting comments and links about relevant developments in their sector, content an employer might chance upon which also enhances the poster’s own brand.

It’s about the two-way conversation – are you tweeting today?

Follow us on Twitter: @Acumin

How easy is it for us to find your CV?

Search for advice on writing a CV and one of the first things you will read is that it should be no more than two pages long.  The last thing a hiring manager wants to do is read through reams of paper detailing your every project and anything else you’ve ever done or thought about doing in your life; brevity is encouraged, you must engage your reader to keep their attention.

Much of this advice is good. CVs should be succinct, on-topic, and objective. Follow the old mantras about CV writing down to the line though and you are left with a document that will look pretty uploaded on your favourite job boards, but will often see you overlooked for roles for which you are perfectly suitable. A CV is no longer a record of your most worthwhile achievements; it is now a digital resource, a way of indexing your experience.

Ask most jobseekers what they do with their CV once they have finished writing it, and I doubt many will tell you that they print it off, read the advertising section of the newspaper, and then start sending out copies in the post. Typically you will upload it to your favourite job board or send it across to a trusted recruiter. That’s the hard part done, you’ve ‘got yourself out there’, now it’s just a waiting game until the right role comes along, right?

Wrong. Too many candidates fail to consider how life is on the other side of the fence, how we engage with their CVs. This is particularly true when recruiting information security and risk management professionals, who can have very niche skills and responsibilities. So here it is…

Whether it be sat on Monster.co.uk or a recruitment database, it is important to consider how it is accessed. I can tell you that if I know you as a information security candidate, I might search for you by name, but otherwise your suitability for the roles I am working on depends completely on your CV’s ability to match my search. Any recruiter with a little training will understand Boolean search strings, and now in order to ensure you are considered for the most relevant jobs, candidates must too.

CV writing should now be seen as SEO. Consider the meta keywords that will bring you up in the searches for the roles you’re interested in and consider the search hits that will display your profile above your competition. It’s also important to understand the value of your skills, too often I learn about a candidate’s experience with an in-demand technology only when I have invested the time to speak to them.  All recruiters know those calls when a candidate will phone in and enquire as to why they haven’t been contacted about a role for which they believe they are perfect, considering the above, the reason for this becomes quickly apparent.

CVs aren’t telling us enough.  For example, a candidate might simply mention ‘security monitoring’ in one of their roles, when actually they have good knowledge of IDS, IPS, and SIEM systems – which are highly sought at the moment as they tick a few of the required boxes for PCI compliance. Or what about the information risk hot topic of the day, application security, expertise in this area can see some candidates command impressive increases in their salary. Whilst ‘application security expert A’ gets his pay rise, ‘expert B’ is failing to get interviews. I bet you know by now which candidate has written their CV with search terms in mind, who has discussed their experience in a way that makes it clear what they have been doing, and who details their specialisation most effectively.

Ultimately, your hiring manager or recruiter only knows what you tell them, and your CV is your primary form of communication. Your job search may end up a success but think about the exciting opportunities you might have missed out on due to an inability to consider what happens to your CV once it leaves your hard drive. Whilst a strong understanding of the market is going to help, overcoming this is relatively easy – technical skill profiles or project overviews are certainly one way to progress yourself up the search results, particularly in product heavy roles such as IT security engineering. For some, particularly technical security contractors, you might consider writing a version of your CV that is considerably longer than you would normally like, with a simple disclaimer that it is a keyword-optimised document. Another useful measure to take when uploading your CV to a job board is to utilise ‘personal summary’ or ‘about me’ sections to search optimise your profile.

It’s time to stop thinking about how your CV looks, but rather how people will find it.

– Ryan Farmer