Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
The botnet world is booming
What’s driving this university to IPv6? Going green
Google takes direct aim at Microsoft
Microsoft promises to stymie hackers next week with new patches
Chrome OS spotlights rapidly changing mobile Web environment
IT pros continue to lose jobs
How ending exclusivity agreements would change the telecom industry
How to use electrical outlets and cheap lasers to steal data
EMC distances rival NetApp
Crime lab saves energy costs by turning up heat in the data center
IBM security software masks confidential info
Google Native Client provides hints on Chrome OS gambit
Ericsson signs deal to run Sprint wireless, wireline networks
Verizon helping companies assess application vulnerabilities
Internet's biggest issue? IPv6 transition, new ARIN CEO says
Security /

Security staffing

How to find competent information security pros and ensure your network is in good hands.

Related linksToday's breaking news
Send to a friendFeedback

By Deborah Radcliff
Network World, 01/10/00

A network executive finds a candidate with the perfect technical qualifications. He makes an offer. The candidate considers the offer so low it's an insult. Negotiations break down. The candidate storms out, threatening, "In three months, you'll be sorry you didn't hire me."

Unfortunately, the candidate had been interviewing for a job in information security. And interviewers had told him some of the network configuration to make sure he could do the job.

"I told that hiring manager, 'You'd better check your logs carefully,' " says Michele Crabb, a senior security architect who oversees Cisco's internal network. Crabb recently heard this story at an information security conference.

Other managers tell of less frightening but similarly frustrating stories. "A lot of candidates out there claim to know what they're doing, but they really don't," says Paul Raines, vice president of electronic security for the Federal Reserve Bank of New York.

Ensuring a good fit

Tracy Lenzner of Lenzner and Associates, a Las Vegas-based information security job placement firm, shares these five tips for finding good security professionals:

  • Test the candidate's technical skills.

  • Conduct background and reference checks; verify education claims.

  • Compare the candidate's personal goals with your department's future plans.

  • Ask yourself if the candidate's personality fits into your corporate culture.

  • Seek candidates with a track record for continued growth.
    • All of which begs the question: How do you hire a competent IT security professional?

    According to Crabb and others, much of the process is similar to hiring any technologist: Background checks, skills tests and several interviews to gauge if the candidate makes a good fit. But security specialists should also possess a healthy amount of paranoia and be trustworthy enough to guard your valuable information assets.

    To find such people, companies like Microsoft lean toward hiring from inside. Fast-paced firms engaged in e-commerce want only seasoned security professionals who can get up to speed quickly. But low-margin organizations, like the Federal Reserve, hire recent college graduates. Raines starts by looking for students with extracurricular activities that show they're adaptable.

    "There's one guy I interviewed who'd just graduated from Rensselaer Polytechnic Institute in Troy, N.Y. He didn't have any security experience, but he had built an electric car by himself. And he'd put in a LAN in his house," Raines explains. "I knew the guy had smarts, and I hired him. He's a star performer on our Red Team." The Red Team is a group that attacks the Fed's network to test security.

    Raines also looks for specific technical coursework: Mainly Unix, networking, NT, Cisco and Java.

    When it comes to hiring from within, it's easy enough to find candidates, says Howard Schmidt, Microsoft's chief information security officer. "The tough part is weeding out the wannabes from those who can really do the job," he says.

    Schmidt and his staff are always looking for IS staffers who can think out of the box. For example, the employees who catch Microsoft's Red Team testing internal systems and notify his department are the ones he targets for future hiring.

    During interviews, Schmidt and his team quiz candidates to see what they would do under certain circumstances. This shows if a candidate grasps overall system architecture as opposed to isolated vulnerabilities.

    While it's best to hire within the organization, start-up firms or companies launching e-commerce sites can't afford to take the time to train, says Tracy Lenzner, owner of Lenzner and Associates, a Las Vegas-based job placement firm that specializes in information security professionals. These companies need seasoned infosec analysts, which calls for the most rigorous screening processes.

    If you hire from outside, look among your peers, Crabb advises. If that doesn't turn up anyone, advertise at technical and security conferences, or call a headhunter. And when you find the right candidate, screen, screen, screen. Then put all the interviewers together to compare notes. Look for personality traits like drive, energy, determination and integrity; professional traits like dedication and analytical skills; and a strong understanding of the business at hand.

    "Security is a hard sell," Crabb says. "So security analysts must be able to explain to management and other departments how to do things the right way."

    RELATED LINKSp> Radcliff is a freelance writer in Northern California. She can be reached at DeRad@ aol.com

    SANS System and Network Assurance Program
    Security training program.

    Network World Fusion Focus on Security
    Archive of our free, twice weekly newsletter.

    International Information Systems Secruity Certification Consortium Computer Security Institute


    NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
    * HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

    Contact us | Terms of Service/Privacy | How to Advertise
    Reprints and links | Partnerships | Subscribe to NW
    About Network World, Inc.

    Copyright, 1994-2006 Network World, Inc. All rights reserved.