Shine bright like a diamond

By: Jonathan Stock, IT Security Wookie Hunter for IntaPeople and finalist in this year’s Security Serious Unsung Heroes Awards 

It’s not just magpies that like shiny things… Scrooge McDuck loves his shiny gold, young generations grew up searching for that shiny Alan Shearer Panini sticker and within IT Security Recruitment, most people are after something shiny. From a candidate perspective, they are looking for that dazzling company that can bring them untold desires of personal development, flexible/remote working and innovative technology for them to play with all day long. From a client perspective, they are looking for that sheeny (not Charlie!), lustrous new employee who can complete their staffing jigsaw, create brand spanking new ideas and drive their company forward to the pinnacle of the industry.

So why is there a skill shortage? Why are people not getting the job they are after? Why are companies not getting the staff they need?

Short answer: me! (Toot, toot, is that the sound of my trumpet being blown!)

Long answer: read on…!

As always, these are simply opinions, musings if you will, not meant to cause offence, just to highlight my perspective as I try my best Cilla Black impersonation; matching clients to candidates (and vice versa) in IT Security.

Don’t be John Major’s spitting image…

Growing up, my Dad used to love Spitting Image, the satirical puppet show, and I used to watch not understanding any of the jokes, just enjoying watching puppets! The one I always remember, is a grey, boring depiction of John Major. Nobody likes boring, the word itself is full of negative connotations. So for candidates, why be boring in an interview? I’m not saying jump around doing your best Flashdance impression; however, bring your personality to the forefront. Talk about what excites you about your work, where you want to be in your career, what makes you tick etc. Out of hundreds of applications, you want to stand out for the right reasons; and being fun / exciting is one way to achieve this. Also, for clients, don’t be John Major. We’ve all been in interviews talking about competencies; the time you went above and beyond for a team mate, a situation where you solved a problem… snooze, boring, zzzzzzzzzzzz. How about you mix it up, break out the white board and work on a current issue you are facing with the candidate. You’ll find out more about them, what they work like, how they adapt to different situations and the technology they have a clear understanding with. They might even solve the issue and show you that they are exactly what you are looking for.

Ronaldo vs Messi

Bit of a different angle, both are incredible in their respected field but I think the majority of people who enjoy football (taking out Manchester United, Barcelona and Real Madrid fans to make it more even!) would prefer to listen to one more than the other. There’s a real fine line between excellence, arrogance and gloating; definitely not wise as a candidate or a client to veer towards arrogance or gloating. Like watching Austin Powers Fat B*stard touch his toes in his birthday suit, it’s just a turn off. If a candidate comes across as arrogant, the client will 9 times out of 10 claim they won’t fit culturally within the team. If a client comes across as arrogant then the candidate won’t see themselves working in that type of environment. Again, a fine balance, as you need to sell yourself as much as possible (candidate and client) but a pinch of humility can go a long way. Typically (if you’ve gone through the standard 17 stages for the interview!) your technical skills will already have been assessed.

Jane Goodall, Neil Armstrong, Colonel Sanders…

Pretty strange list of people but all of them are (or have been) research heavy in their life. Goodall watched chimpanzees without using National Geographic, Armstrong spent a lot of time (with lots of NASA help) researching lunar life and Sanders spent decades finding the perfect combination of 11 herbs and spices. This is probably more focussed around candidates; however, research is key with interviews. You’re about to spend anything up to 4 hours with a company trying to get a job, why wouldn’t you do your research? Find out what they do, look at LinkedIn profiles to figure out tech stacks, look at the office on Google street to see if they are located above a brothel! You spend most of your life in work, and changing jobs can be stressful, why get interview burnout going to 15 interviews in companies you don’t like, that takes you 94 minutes to commute to, where you’re only respite is staring out of a window wishing away your day. Everyone’s time is precious, to waste it is to waste your own life. This also helps with your questions in an interview; rather than asking how long you get for your lunch hour (Neil, The Inbetweeners, Hero!) doesn’t it sound better if you ask them about their recent white paper on how they recently hunted for Emotet through TOR or why they prefer to use Nmap for their vulnerability scanning? You’re moving away from the John Major syndrome and can spark discussions to show your excellence without being arrogant; ding, ding, ding, we have a winner!

When did Unicorns come into existence?

Yes, they are plastered around Primark, strewn across various child literature but when did they enter the job market? This one’s probably aimed more at clients, but then candidates are also guilty of chasing that mystical unicorn. With clients, 9 times out of 10, that job specification you spent ages perfecting is for a candidate who doesn’t exist; actually they probably do, but they are well outside the budget you’ve been given by the higher powers (and they know the IT Security inside out… most SOC Analysts have a CISSP… ouch!) I suppose I can’t be too harsh, everyone wants to find their unicorn in every aspect of life; that sausage roll made of two sausages! However, this doesn’t help the skills shortage in any way. What would be better is finding a really intelligent horse, that’s stuck a papier-mâché horn to its head, coloured it with glitter and sparkles and strapped a jetpack to their waste. Yes, they may not be the ‘real’ unicorn but you can bet they will be a better match for your organisation; simple reason, they are real. With candidates, you may have to compromise as well; maybe look at your salary expectations, your work-life balance, the tech you want to work with, the commute you are willing to do and decide what’s most important for you at this stage of your career.

Liar, liar pants on fire.

For a final advice piece, my favourite and one that I encounter on a daily basis. This is an issue for candidates and clients, and I suppose one that spreads to other areas of society; the Pinocchio effect is rife amongst us. Candidates, if you haven’t worked with a technology, don’t talk about it on your CV. If you haven’t got your shiny certification, don’t put it on your CV. So many examples of this but I probably shouldn’t go into them personally. If you are a liar, liar ultimately you are going to pay the price. Karma has a great way of booting people in the proverbial behind and then guess what, you’ve wasted a lot of people’s time, effort and had a nice little black dot popped against your name.

Clients, you can also be guilty of this, too. Maybe not to the same extent but don’t lie about your culture. The amount of job specifications that read “we’re a fun loving company that are constantly going out for adventure days, work in a relaxed environment where your opinions matter etc” that suddenly turns into “we never speak, you will sit in your booth and not engage with anyone whilst we berate you from a distance for not performing”, once a candidate starts is scary. Be honest, if you aren’t a fun loving company, don’t claim to be. You may not get anyone interested in your role or company but then you can do something about that by creating internal changes.

I know this a very basic rundown of what I see within the industry (feel free to get in touch if you want an in-depth, healthy discussion regarding any tips and hints to combat this… especially if you are having trouble hiring or being hired!) but it’s pretty obvious.

Be a decent human, research the roles you are applying for and try your best. I don’t think I could give any better or more appropriate advice to succeed in getting your new job / employee.

Yes, you might fail a couple of times, which I appreciate can be frustrating, but follow the simple rules and one day you will be happy; and it will be justified.