I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.
When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.
Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).
What you end up with 99 times out of 100 is a crappy job description from a non-expert client (who doesn’t know what they need), a non-expert recruiter (who does not know the right questions to ask), and a candidate who can only use a very limited resume/CV to put themselves in contention.
I’ve already written on how companies should write a job description (here), and I’ve written of how recruiters should do what they do (here), but now it’s time to work on the third stakeholder; the candidate.
CV/resumes don’t work. Period/full stop. Candidates with a ton of experience will always have the advantage over the candidates fresh out of uni, or those trying to change careers. Fair enough you might say, but this is regardless of the candidate’s potential / work ethic / cultural fit. The CV is simply not designed to find the right person.
Type “honest CV” / “honest resume” into Google and you will get tens of millions of hits. A brief review will show that most of these are telling you to BE honest on your CV, some are intended as a joke, and a VERY few are actually trying to make a difference. Even the latter don’t go far enough, because what I mean by honest borders on the brutal. I just don’t see another way.
If you want to know what I’ve done, where I’ve worked, my education etc., see my LinkedIn profile. If you want to know what I think, read my blog. But if you really want to know enough about ME to make an initial determination of my suitability, read my honest CV.
Your first thought was probably something like; “Why the Hell would you put stuff in there that’s not only ILLEGAL to ask for, but opens you up to discrimination!?“. Fair question.
You are of course referring to my ‘Age‘, ‘Marital Status’, and ‘Children‘. While I agree that it goes against everything we do currently, there’s no getting away from the fact that certain people/organisations will profile and discriminate against you based on specific factors. Distasteful as it is, my age is an issue for some, and I really don’t want to talk to them. If they are so narrow-minded / short-sighted as to assume someone of my ‘experience’ cannot add value in a fast-moving technology-driven sector, I will not give them a second thought.
As for the married with kid part, they are the most important things in the world to me, so if you’re an organisation that demands an unreasonable amount of my time I will not consider you as an option.
So yes, it’s illegal for them to ask, but it’s my time that will be wasted WHEN this stuff comes out.
To be fair, these are VERY minor attributes, because I am a straight, white, British male with no disabilities. As horrifying as this is in 2019, I am nevertheless extremely fortunate to NOT have to deal with the truly disgusting amounts of discrimination related to gender, race, sexual orientation etc. So whether or not you would want to ‘weed out’ the offenders in this fashion would have to be a carefully considered and entirely personal choice. There are also VERY significant privacy issues related to sensitive data to consider, and NOT exposing discrimination is a huge issue in and of itself.
Next I detail what it is I CAN do, which by sheer coincidence, are the things I WANT to do. I don’t care what I have done before, I’m listing out all the things I would want you to hire me for as well as my honest indication of just how good at those things I think I am. For example, if you’re looking for someone who knows PCI DSS and GDPR I score myself as a 10 and an 8 respectively. But if you want an expert in vulnerability management I’m only a 7 so you should probably look elsewhere.
Now things get really interesting. I list all of the stuff I cannot, or don’t WANT to do. If you received this CV as a recruiter, you now know instantly the things not to bother me with. For example; I can and have managed large teams for long periods, but I didn’t like it and know I wasn’t that good at it. Conclusion: Don’t offer me jobs managing people for the long haul.
As another example, I also state that I will not work in a job that requires “9 – 5, bum-on-seat, with dress code” so you know off the bat that organisations stupid enough to still require these things will not suit me. This automatically, and quite rightly, pushes my profile into short/mid-term contract work where these things are less of a factor.
Next I go WAYYYYYY off the reservation. I, as honestly as I can, list all of my strengths and weaknesses. I know “What are your weaknesses?” is a cliched interview question always followed by a bullsh!t answer, but what if you answered it 100% truthfully for a change?
We all have weaknesses, and trying to perform a job where they could have a significant impact on your performance or deliverables will only end one way.
If you read my list of positives and don’t see what’s most important to your organisation, don’t hire me. If you see a negative that would absolutely be a deal breaker, don’t hire me. But if you like what you see, call me and let’s grab a coffee.
OK, obviously I know this won’t work, as not one part of the industry is geared up for it. Organisations don’t know what they need, recruiters get little insight into what kind of person is needed, and candidates have next to no ability to make their needs and wants known.
But all things start with an idea, right?
[If you liked this article, please share! Want more like it, subscribe!]