It's a shady strategy: interviewing CSO candidates for the sole purpose of tapping their smarts. The trend was pointed out to us by Lori Sabat, who runs the information security executive placement firm Sabat Group. Take the case of the Fortune 50 manufacturing company that recently lost its CISO. According to Sabat, the company brought in a number of high-profile candidates for lengthy job interviews, asking each person the natural and necessary question: "What would you do to improve our security posture?"
So when all was said and done, who got hired? Actually, nobody. The position was left unfilled. But while the manufacturer didn't garner a new CISO from the process, it picked up some good security-related intellectual capital. In this case, it isn't clear that this was the intent from the beginning, so perhaps Sabat is being a little paranoid (and that's a good thing in security, right?), but she says she's seen enough similar instances lately to make her think twice about interviewers' motives.
Serious job-seekers aren't in the position to be coy with their knowledge during the interview process, which puts them at a disadvantage if the hiring company is simply looking for some pro bono consulting. So what's an interviewee to do? There's no easy answer, but if the interview process seems to run interminably, candidates should look for a nonthreatening way to bring the interview to a head. Sabat says one job candidate in a similar situation, sensing he was being strung along, started asking more pointed questions. "Let's be really candid
He didn't get the job.