“How can we recruit and interview candidates, all of which state they are interested on the phone, yet astonishingly, call to cancel the face-to-face interview before it takes place? One by one, they explain that they have accepted another position. What is it with these information security people?! I have never seen anything like it.”
Recently, one of our key clients expressed extreme concern and desperation in trying to hire key Information Security talent. Positioning to attract heavy-hitter subject matter experts in the areas of Vulnerability Management, Cyber Analytics, Fraud Monitoring, Malware Analysis and some of the many other in-demand disciplines continues to pose a problem for companies ranging in size from the mid-market to the Global 50. They are struggling to attract the qualified talent that they so desperately need.
As Practice Director over Talent Acquisition at Halock Security Labs and as a professional security organizational architect, I have a few tips for you as you strive to hire the best candidates.
Tip #1: Produce creative, compelling content within your job ads.
A typical run of the mill Job Advertisement will contain a breakdown on the following: A summary, the general role, day-to-day responsibilities and skill requirements, correct? If that is all you have and it is followed up by a “click here to apply” you have already been eliminated. Candidates want companies to provide them with pointed, exciting reasons to work for you. Do the work to set your organization apart from the others who are vying for their attention by highlighting the reasons your company stands head and shoulders above the rest.
Tip #2: Do your research.
You must understand that several companies have called them this week, and several more have e-mailed, In-mailed, sent them gifts and provided free lunches any day or every day Monday through Friday. Many of those companies have invested several years and significant budget to hone a shiny, successful staffing brand. Who competes with you for talent? Do you know everything possible about the strategies they employ? Determine what your approach is lacking and make the needed changes.
Tip #3: Listen.
Let’s face it – recruiting is closer to sales than human resources. There, I said it. You may not agree; however, if you think about the psychological process that every candidate goes through, then you must admit that they make decisions based upon emotions and life factors, and not logic. It’s always personal, so, you must build rapport and find out what is important to them and why, as a first step when interacting with Information Security candidates.
Tip #4: If you are a Recruiter, you must know what you are talking about. This candidate pool will not let the details slide. You may know the pertinent acronyms, yet even if all is going as planned the candidate you are trying to recruit may ask you deeper technical questions as a natural part of the interviewing process. An inability to answer the tough questions at that time may be the difference between winning and losing the candidate.
Naturally, recruiting the very best talent is both an art and a science. We would love to hear from you and invite you to add your thoughts or experiences in our comments section. Happy Hunting!
6 Comments
I would also add that if you make it hard for the candidate to acknowledge interest in the position you are going to miss out on very qualified candidates.
When I was on the job hunt, I saw a few jobs where they wanted the candidate to jumping to a different website, fill out a bunch of prequalifying information, attach a cover letter with the resume, and even required the candidate to register an account on their site. As a person with 20 years experience, I realized these company don’t want to speak with the right candidate, they want one who can following a maze of instructions.
This article completely brushes past the issue of the appropriateness of the position to the skill-set, salary, and PTO.
Skill-set: I can’t tell you how often I’m contacted by recruiters trying to fill a low level position (with a beginner salary) and thinking someone very senior will be interested. Or, trying to fill an senior incident response position with someone who is a senior network firewall engineer. The years of experience and certifications may match the position description, but the skill-set is very different.
Salary: Most good IAs started as systems or network engineers. They already had a good salary and years of experience before they became IAs. Once they are IAs, they get beat up everyday just for doing their job. There is a reason why there are not enough – it takes many years of training and a very thick skin. Set salaries to be competitive.
Leave: Everyone offers good health insurance now. If you want to differentiate your company offer extra PTO. A week of sick leave and two weeks vacation used to be standard. I’ve run into so many companies that want to sell the idea of a “generous” leave package as 3 weeks PTO. As if a savvy IA can’t do basic math. You want to attract better skills, step up and negotiate leave along with salary.
I would also add do not make it too complicated for a candidate to apply to the position. If you ask them to register on your site or post a lot of personal information prior to a conversation, you are not going to get all the qualified candidates. Candidates are looking for an opportunity to shine. If your company looks like a maze of instructions or a repository for personal information, you basically appear to the candidate that it will take a long time to get a call back. Remember, candidate will move to opportunities where they can get to what matters to them faster – an offer.
And what about the recruiters, who dont read the resume. But instead call the individual even though it is stated to send emails for correspondence to gather information listed on the individuals resume.
Then it is the phone tag operation where the recruiters are call and expect the individual to be hovering over the phone waiting for their as they did not make an appointment.
Heaven fore bide that you should reapply for other positions as the word is out that the individual is ignoring the recruiters calls, even it is the recruiters fault for not coordinating through emails for an appointment.
Have the people who write the descriptions for the vacant positions at Halock read this?
Thanks, thought it was interesting to see how the HR side looks at things. What frustrates those of us on the search side is that so many job descriptions are written almost as the writer doesn’t have any idea about which he is writing. Either the combination of skill sets is unrealistic (CCIE, CISSP, GPEN, GCUX, GMOB) for a position offering 80K, or the amount of experience required exceeds the actual length of existence of the technology (10 years in Android development).
We want to find solid employers as much, if not more, than the employer wants to land good talent. Don’t dissuade us from knocking by putting up a door that is impossible to open.
Thanks for letting me share my thoughts.
The advice given will not solve the problem stated.
If you want to avoid losing candidates before you can even talk to them, stop wasting so much time before you talk to them. The market is hot. If it takes a week or two after getting a resume to decide to call them back, you’ve already blown it. If it then takes another week between the phone interview and the face-to-face, you’ve wasted as much as a month. A lot of interviews with other companies may have taken place in that time.
To repeat: If you are losing people before you even have a face-to-face interview, it’s because YOU’RE TOO SLOW to get them in the door for that interview. None of the stated remedies will make a difference if you waste time before acting.