Recruitment Guide for Executive-Level Security Professionals
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The greatest contradictory factor in pursuing the best possible enterprise security risk management (ESRM) program and protection of assets is the poor quality or preventable errors associated with hiring executive-level security professionals.
A common discussion point within the security profession and almost laughable lack of due diligence or risk management is the process in which security 'professionals' are hired and recruited at all levels, including executive and C-suite.
Therefore, the following offers a contemporary, evidence-based approach to the crafting of messaging, recruitment and selection of security professionals at executive-levels.
Create company summary (Operations, Culture, Locations, People, etc)
Professionals protect enterprise systems and assets. Start with a roadmap for context.
Develop a stewardship agreement (Goals, Values, Objectives, etc)
The professional will act as an ambassador for the company, be clear of expectations and priorities
Identify a small number of specific and related skills required (be flexible)
Start with what you 'think' you need but professionals will evaluate, inform and mentor your selection
Construct an objective evaluation and selection criteria(Quals, Experience, etc)
Use numerical scoring for essential and non-essential requirements. Formulaic, evidence-based approach
Craft a competency and communication evaluation package
3 x 500 word technical articles. 2 x powerpoint presentations. 1 x video/audio explainer. For example.
Determine keyword/metadata requirement for assembled resources
Require for the search of relevant prospects, not application portal. More than 10, start again.
Review leading, appropriate organisations/groups/membership or alumni lists Success and results leave clues. Start with organisations, professional bodies and university groups.
If you can't identify at least 3 prospects that meet your criteria... you have it wrong. Improve criteria
Create unique, stand-alone prospect survey/filter (based on identified criteria)
Survey mirrors priority and essential requirements and lists them for review against peer submissions
List opportunity on identified organisation/association sites (target ads also)
Also inform leading members of said groups/organisations. You are not seeking a ghost. Networks count
Evaluate submissions, results, values and rankings
领英推荐
Any more than 100 submissions and you have the WRONG criteria, candidates and process. Start over.
Ensure process, results and follow up are directed by senior/executive leadership
No one should be too busy or uninterested in recruitment of such a vital and pivotal position.
Commence objective testing and validation process
Ensure articles, presentations, etc have no less than 6 references/citations each from current, academic sources Run submissions through plagiarism checker and original content checks. Rate effectiveness of communication
Run online profile and history checks
Try before you buy. Effective and consistent communications are needed at this level. Success leaves a trail.
No profile/history is a very dangerous purchase. Lack of technical contribution/representation are risk laden.
Communicate with top 5 prospects (no longer than 6 weeks)
Audio, video, email communications. This is the real business world. Test, measure and observe.
Genuine searches for quality people don't waste time or poison the search with long search timelines
Share your prospect results and rankings with professional organisations/groups
Provide feedback and resources to quality groups. Objective validation of members and value are priceless
Co-create a 120-day roadmap with successful security professional
Together you will ensure all your greatest priorities are reviewed and prioritised from the outset.
"How did that person get the job in the first place!"
Declared by?more than one multinational?at the commencement of an investigation into a security "professional"...after their departure.
Regrettably, repeated and frequent poor hiring within the "security profession" leaves an indelible mark on business executives/managers that taints the entire "profession" unnecessarily
Tony Ridley, MSc CSyP MSyI M.ISRM
Security, Risk & Management Sciences