The Secret Language in Job Postings
Javed Ikbal
I am a seasoned chief information security officer, cybersecurity evangelist, and educator. I am a results-driven, commercially minded and hands-on Information Security executive with 20+ years of CISO experience
Many years ago, I co-authored a book called "The Laidoff Ninja". There was a chapter on how companies play games with candidates and go through interviews even when they have made up their mind to give the job to an internal candidate, and how headhunters claim they are close buddies with the hiring manager when they have never actually spoken to the person.*
Anyway, someone asked me about a job in Massachusetts, and I thought I'd dust off the old Ninja techniques a bit.
Below is a screenshot from the job posting for a CISO (Chief Information Security Officer) position. Read that carefully, then think about what that means. This will serve two purposes: it will help you with job hunting, and it will also help you develop an information security mindset.
Ready?
relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX)
First: As a CISO or someone in cybersecurity management, you know that SOX applies to public corporations. This employer happens to be a non-profit. Does SOX apply to non-profits? Only very loosely. So why are they listing SOX as a qualification? More on that later.
Bachelor of Arts: Information Technology (Required)
Next, the education requirement. There is nothing wrong with someone with a BA becoming the CISO if they have the right experience. But why restrict applications to such a specific, narrow educational qualification?
And that, my friend, is an indication that they have an internal (or favored) candidate who has that exact degree, and this job posting is just for appearance's sake. People will apply, and they might even interview some of the applicants, but they will not actually hire an outside candidate.
Back to the SOX question. This means the favored candidate has SOX experience or the person writing the job description didn't think this through.
Cynical? Yes. I am, after all, paid to be paranoid. Could I be wrong? Yes to that one too.
If you want to apply, you can find the job on Indeed. Search for Chief Information Security Officer jobs in Massachusetts. Good luck.
---------------------------
* There are of course exceptions to this rule. But when a recruiter says that, know that 99 out 100 times s/he is not being truthful.
Superintendent of Police(SP)
4 年Shared it. What a gem of an article! So short and yet so profound!
CXO in healthcare and cybersecurity | Helping medtech startups comply ?with FDA and SEC security guidelines
4 年Seen so many of these. The worst part of this practice is, a lot of companies use CISO as a parking-spot position in the C-suite. People from completely irrelevant background end up leading the security organization (be it as a CISO, SVP, or Director). Whereas it's supremely difficult to grow up the ranks from a Security Analyst position.