Recruitment Guide for Executive-Level Security Professionals
Recruitment Guide for Executive-Level Security Professionals. Tony Ridley, MSc CSyP MSyI M.ISRM

Recruitment Guide for Executive-Level Security Professionals

The greatest contradictory factor in pursuing the best possible enterprise security risk management (ESRM) program and protection of assets is the poor quality or preventable errors associated with hiring executive-level security professionals.

A common discussion point within the security profession and almost laughable lack of due diligence or risk management is the process in which security 'professionals' are hired and recruited at all levels, including executive and C-suite.
No alt text provided for this image

Therefore, the following offers a contemporary, evidence-based approach to the crafting of messaging, recruitment and selection of security professionals at executive-levels.

Create company summary (Operations, Culture, Locations, People, etc)

Professionals protect enterprise systems and assets. Start with a roadmap for context.

Develop a stewardship agreement (Goals, Values, Objectives, etc)

The professional will act as an ambassador for the company, be clear of expectations and priorities

Identify a small number of specific and related skills required (be flexible)

Start with what you 'think' you need but professionals will evaluate, inform and mentor your selection

Construct an objective evaluation and selection criteria(Quals, Experience, etc)

Use numerical scoring for essential and non-essential requirements. Formulaic, evidence-based approach

Craft a competency and communication evaluation package

3 x 500 word technical articles. 2 x powerpoint presentations. 1 x video/audio explainer. For example.

Determine keyword/metadata requirement for assembled resources

Require for the search of relevant prospects, not application portal. More than 10, start again.

Review leading, appropriate organisations/groups/membership or alumni lists Success and results leave clues. Start with organisations, professional bodies and university groups.

If you can't identify at least 3 prospects that meet your criteria... you have it wrong. Improve criteria

Create unique, stand-alone prospect survey/filter (based on identified criteria)

Survey mirrors priority and essential requirements and lists them for review against peer submissions

List opportunity on identified organisation/association sites (target ads also)

Also inform leading members of said groups/organisations. You are not seeking a ghost. Networks count

Evaluate submissions, results, values and rankings

Any more than 100 submissions and you have the WRONG criteria, candidates and process. Start over.

Ensure process, results and follow up are directed by senior/executive leadership

No one should be too busy or uninterested in recruitment of such a vital and pivotal position.

Commence objective testing and validation process

Ensure articles, presentations, etc have no less than 6 references/citations each from current, academic sources Run submissions through plagiarism checker and original content checks. Rate effectiveness of communication
No alt text provided for this image


Run online profile and history checks

Try before you buy. Effective and consistent communications are needed at this level. Success leaves a trail.
No profile/history is a very dangerous purchase. Lack of technical contribution/representation are risk laden.

Communicate with top 5 prospects (no longer than 6 weeks)

Audio, video, email communications. This is the real business world. Test, measure and observe.
Genuine searches for quality people don't waste time or poison the search with long search timelines

Share your prospect results and rankings with professional organisations/groups

Provide feedback and resources to quality groups. Objective validation of members and value are priceless

Co-create a 120-day roadmap with successful security professional

Together you will ensure all your greatest priorities are reviewed and prioritised from the outset.
No alt text provided for this image
"How did that person get the job in the first place!"

Declared by?more than one multinational?at the commencement of an investigation into a security "professional"...after their departure.

Regrettably, repeated and frequent poor hiring within the "security profession" leaves an indelible mark on business executives/managers that taints the entire "profession" unnecessarily

Tony Ridley, MSc CSyP MSyI M.ISRM

Security, Risk & Management Sciences

要查看或添加评论,请登录

Ridley Tony的更多文章

社区洞察

其他会员也浏览了