Cybersecurity Recruiter

Cybersecurity Recruiters, The Gauntlet Is Thrown!

Anyone in the cybersecurity field who spends any time on LinkedIn will see numerous recruiters vying for your attention. You will also see numerous complaints from cybersecurity professionals about how those recruiters conduct their business. Unfortunately recruiting as a profession is becoming a stigma.

But why is this happening? The profession itself is a critical one, and done well is of tremendous value to any professional’s career. These partnerships can, and should, last a lifetime, yet the majority of recruiters I’m come across these days are nothing short of used car salesmen.

But if you can find a good one!… Who else can put so many opportunities in front of you when you’re too busy doing your dayjob? Who else can talk you up to the RIGHT people before they even see your CV? In other words, who else can help you in your career as much as really good recruiter? Even mentors rarely have as much influence.

So What is a ‘Good Recruiter’?

While this is becoming more and more an oxymoron, it’s really quite simple from a candidate’s perspective:

  1. Do not approach me with a job in mind. At least not out of the gate. You have no idea what I’m looking for, or even if I’m open to conversations. The positions you’re trying to fill are your problem, not mine. Instead, approach me with a request to talk. If I’m not willing to talk I’ll let you know, politely, and waste no more of your time. If you don’t start the partnership with MY interests first and foremost, we’ll have little to discuss. Besides, to provide good service to your clients, you need to know if I’ll be a good fit. For example, trying to place me in a position that requires extreme tact and diplomacy will likely not go well;
  2. Do your HOMEWORK! There are few things more irritating than; “I read your LinkedIn profile and think you’d be a perfect fit for…” If you had actually read my profile, you would know that I’m not at the beginning of my career looking for a Security Analyst position in Abu Dhabi starting at AED140K. If you want to start handling more senior placements, don’t treat potential candidates with such discourtesy. You get one shot at this, if that;
  3. Assume you may never place me, but call me anyway. Recruiting, like sales, is all about relationships, and EVERY relationship pays off in some way. Maybe not directly, but going from one ‘kill’ to the next will set you up for eventual failure. Deservedly so. Senior candidates may place infrequently, but they usually know lots of other people. Recruiting is as much about networking as it is direct contact. That’s why I call this a partnership, I can help you too;
  4.  Stay in touch. Any recruiter who stops calling / emailing me just because a job placement falls through, will not get a second chance. And any recruiter (or employer for that matter) who stops calling hoping you’ll ‘get the hint’ is a coward and extraordinarily unprofessional. Communicate, Hell, over-communicate, but keep your candidates in the loop, there’s always a next time; and
  5. Be proud of what you do. How many people have you LinkedIn with who have titles like ‘Security Consultant’ who turn out to be recruiters? At least half of the invites I receive from recruiters are hidden behind some other title. In Peter Smith’s; “Why do we hate (our own) sales people?“, he used an excellent phrase; “If a person is worried about having sales in their job title, then they probably do not have the right DNA.” This applies every bit as much to recruiters. Take pride in your profession, you are needed.

The Challenge

I now throw down the gauntlet to all recruiters specialising in senior cybersecurity placements. While I am not actively looking for a move, I am open to any conversation. I have my own business, so short/long-term contract work is best, but I will not disregard full-time gigs if the opportunity is right. Feel free to reach out.

But what I’m really looking for is great recruiters. I have a hard time believing that there is a such a deficit of cybersecurity talent, I just don’t think employers are asking the right questions. There are many junior security folk out there who need help, I am going to make it one of my goals to put them in touch with recruiters I trust and respect.

First I have to find them.

To end this blog on a crappy analogy; In Jerry McGuire there are two types of sports agent; 1) scumbag agent Bob, who cares nothing for anyone and 2) equally slick, but with a heart of gold Jerry.

Be Jerry.

[If you liked this article, please share! Want more like it, subscribe!]

5 thoughts on “Cybersecurity Recruiters, The Gauntlet Is Thrown!

  1. Another item for the list.

    Do not call me through at my current employer.

    I’ve received a number of calls where the recruiter will call through the main number and asked to be transferred to my desk.

  2. So many of the whinges we have have come down to lack of skills among security professionals, but of course that doesn’t excuse the bad habits of recruiters or snake oil vendors.
    This behaviour by agents is disliked by most of us but I can only imagine that the MAJORITY are happy to accept it. Why? Because they have a cissp and … well that’s it really. No IT background, never seen a command shell, but knows the phrase ‘non-repudiation’. Agents can and do bully these poor folk. Sadly agents do seem quite shocked when, for example, you don’t capitulate to attempts to bully you into a decision.
    As with vendors, there isn’t enough awareness among their customers that what they’re selling is a chocolate fireguard.
    The skills problem is actually an easy one to solve (see my blog) but I don’t see much in the way of objective conversation on the subject – it’s a bit like showing up to a politcians gathering and proclaiming that bribery isnt becoming of a civil servant. You get the same awkward silence.

    Further on agents:
    – I never want to deal with one who 2nd guesses me on security becuase they went to a good school or got a MSc in security.
    – there have been a few in the past few years who would only deal with a candidate if the candidate added them as a LinkedIn contact. Does that actually work? Sadly I think it does.

  3. I am sorry to hear that so many have had such an awful experience with recruiters in this space. I personally pride myself on my ability to have an indepth conversation around the nuanced Cyber & Information Security space. I focus my career around relationship building and depth of knowledge. I have worked in recruitment for 6 years and across Cyber and Information security for the past three years, and find it a thrilling sector to work in.

    I will not contact you for the wrong roles, with a made up opportunity, or at your place of work. I have been interviewed by a number of magazines in the South West about my experience of recruiting within this space, and strive to make a difference to the bad name a lot of recruitment agents have given this sector. Please don’t perceive us all in the same light. I have a number of recommedations on my linkedin page, and would welcome the opportunity to have a discussion, if you felt you wanted to. Thank you, Mary

If you think I'm wrong, please tell me why!

This site uses Akismet to reduce spam. Learn how your comment data is processed.