A group of IT security personnel experts took up this issue at the RSA Conference on Thursday during a panel titled,"Standing out from the crowd: A hiring manager's perspective."
Moderator Jeff Combs, vice president of executive recruitment firm Alta Associates, began the proceedings by revealing the first thing he looks for in a prospective hire beyond an appropriate background and credible job experience: communication skills. The secret sauce, he said, was in determining if the candidate is ready. He wants to see motivation, credentials, enthusiasm, the use of proper grammar and, he added, he'd like the person to have a good story to tell.
“When I look at a candidate's job experience, I question whether it is relevant to the role,” he said. He asks questions such as what has one done and how did he or she adapt to challenges.
“I look for company pedigrees because this shows that you have chosen good companies to work for," Combs said.
What makes a candidate stand out for him is looking at what a job-seeker has accomplished, particularly how this supported the company and solved a problem.
“Companies are hiring someone to solve critical problems,” he said.
Combs also said that he must see personal motivation. He wants to see the candidate moving toward something or away from something, and he wants to know the person is committed to a career.
The recruiting process, meanwhile, is a marathon, not a sprint, Combs said. He urged prospective job hunters to be patient as the process could take two to three months, with some more senior roles taking even longer, sometimes up to six months. And during the entire vetting process, the candidate must maintain a game face and enthusiasm, even if it takes 15 interviews, which, he pointed out, is not uncommon.
Added to the mix is the fact that a prospective hire can do all this right, and yet still need a bit of luck and good timing, he said.
The panel, which consisted of John Ahn of Alta Associates; Arthur Lessard, former VP of worldwide security at Technicolor; Maurice Hampton, information security program manager at GE; and Todd Waskelis, VP of global security consulting at VeriSign, then took up the issue of the resume. All agreed that this sheet of paper is important, but had advice on how best to make it stand out.
“It's important to take note of career accomplishments,” said Ahn.
He advised keeping a journal, so when it came time to pump up the résumé, a candidate had a record of accomplishment.
“At the end of the day, it's your responsibility to go after what you want,” said Lessard. “The resume and interview are part of the process, but you need to sell yourself the way you sell technology. When I look at a résumé, I'm looking at a sales document. It needs to explain the 'So what?' You can't just say I ran a group. You need to show what you achieved in running the group, you need to show cost savings, how you improved revenue. The résumé should be a log that details the results of your initiatives and explains why what you did mattered to the company.”
Waskelis agreed that he likes to see a good pedigree and that a candidate has been with a good company or an interesting start-up. Hampton, meanwhile, said that when he looks at a résumé, he only has a few moments to consider it, so make sure key words call out very specific business impact.
And the look of the résumé should stay on the conservative side, the panel said.
“Your résumé is the thing that gets you to the next step,” said Lessard. “So you don't want to go overboard with bolding or odd fonts. You want a nice, consistent format. It needs to look professional.”
Perhaps even more important, facts contained in the document must be verifiable.
“One fact off, and you are nixed,” said Alta's Ahn.
Lessard advised candidates to establish a presence on the web, whether by networking sites such as LinkedIn and Facebook, or a blog and publishing papers. Plus, he suggested that it's OK to customize a résumé for a particular position. Be truthful, he said, but focus on the position being applied for.
Alta's Combs said certain skills are in demand: application security, identity and access management, ERP, cloud security, and compliance.
“If you are looking for a leadership role, you should have a blended background that has the technical experience, but also good communication skills," he said.
To prepare, break the ice by interviewing yourself, he added.
“Flexibility is key,” said GE's Hampton. “You should be able to move in and out of projects per demand in the company.”
VeriSign's Waskelis said he typically likes to hear that the candidate can work as a team member and not use the interview solely to tout their own skill sets.
Lessard agreed, adding: “I don't want to hear what you want. I want to hear about what you can do for the company.”