External recruiters in infosec

August 12, 2015 · by · in Uncategorized · Leave a comment

I’ve gotten hit up for about 4 different jobs by external recruiters for firms located in my home town in the last two weeks.  With every experience being quite bad to downright funny, I thought we could learn from these mistakes.  Having used recruiters before, I realize you don’t get to see how they actually interact with the candidates and how they act as your ambassadors to the community.  While the problems are not unique to recruiting in our industry, we need to do better given how important recruiting and talent growth is right now.  Without great talent, we won’t get the talent we need to make our programs successful.  And with our intense talent needs (37% growth over 10 years says BLS)*, we need to get better out of our recruiters.

BLS Stats

With many of you out there paying for these services, I thought I’d pull together my thoughts and let you know what you’re getting for your money:

  1. For the most part, the recruiters being used aren’t reading profiles to relate whatever they’re looking for to the job posting. It’s simply “Hey! I hear you cyber, how about the following job???” Even worse, they use boilerplate like “I saw your profile and think you’d be a great fit for this!” I giggle, looking at a description for a lvl 1 SOC job. Trolling the recruiter isn’t even fun because of my next point:
  2. It’s clear from conversations, they don’t understand the position they are promoting. I don’t expect a recruiter to have details about the security content like a practitioner would, but they should have already gathered the most simple fundamentals of the job. For instance, asking “what is this position responsible for?” or “does this management role have any current direct reports?”. I’ve worked with many external recruiters before and I expect them to get the general gist of a role. So far 0 for 4.  At most they know the location, a pay range, and the title.  All they really want is to get an interview scheduled to “start the ball rolling”.  Not surprisingly, I haven’t even been interested in having the first conversation.
  3. They have nothing positive to say about the organization other than fluff that anyone would see through instantly. “It’s a big company!” or “It’s growing!”.  They are selling the organization.  Lack of understanding on why someone should take the job is crazy and they make it impossible to want to even feign interest.

Realize that these people are your ambassadors in the community. If they are misrepresenting your program and your opportunities to me, they are likely bringing you people who are either a waste of time or pissing off good candidates that won’t give you a second look due to your unfortunate choice of recruiters.

I’ve reached out to a few of the folks that I know at these orgs so they can get some exact details but I think it’s a good message for everyone to think about. If you’re interested in meeting some external recruiters that actually work primarily in infosec, let me know.  While they’re expensive… they’re well connected and do a good job.

P.S.  I get no kickbacks on this so no, I’m not doing this to pub my “on the side” recruiting business.  But clearly, probably could do a better job the these poor folks.

Leave a comment