Home » Security Leadership » Career/Staffing

In Depth

Bob Moore Knows How to Get Hired

CSOs will find few security job openings and a wealth of candidates for them. Here's practical advice on landing the right position.

By Daintry Duffy

Page 2

The reporting structure and responsibilities may differ from company to company, but it's clear that there are certain qualities that define star prospects. Whether you are up for your first CSO position or your fourth, you'll want to understand the skills and expertise that define a good security executive candidate. CSO has gathered an array of tips on how you can buff up your image, flesh out your rsum and gain the in-demand skills that will make you an attractive candidate.

Attitude Adjustments

Nobody's saying that snapping up one of these positions will be a cakewalk, but before we get down to the experience and qualifications necessary for a CSO, here are a couple quick attitude adjustments that candidates should make. The CSO role may be fairly new, but it's been around long enough to pick up some pretty unsavory stereotypes.

Don't Be Predictable

When speaking of the prototypical CSO, the proverbial bull in the china shop applies. Too often, CSOs come blazing into a company with lots of ideas for sweeping departmental changes and new draconian policiesand manage to achieve little more than alienating their peers. Tracy Lenzner, CEO of the LenznerGroup, a security executive recruiter, has seen CSOs come and go, and has found that attitude and the failure to read the corporate environment are often the key reasons for a short tenure. "I've watched people ruin careers by going in with a big ego and then wearing it on their sleeve. Usually, they're out in three months—just dead in the water," says Lenzner. The position is more about gaining trust and respect, and exercising political savvy.

Remember the words of Kenny Rogers—"you gotta know when to hold 'em, know when to fold 'em." A CSO candidate who respects the corporate culture and is sensitive to the importance of not only integrating security goals into an existing environment but selling them to corporate stakeholders will be better received than one who is intent only on ramming his agenda through.

Lose the Geek Speak

We've invoked this tenet many a time, but the importance of checking the technical mumbo jumbo at the door can't be overstated. Business executives don't want to be dazzled by the number of acronyms a security guy can shoehorn into a single sentence. They want to hear security explained in terms that they understand: risk and return on investment. In fact, CSO candidates who take as their mission translating the security function to business executives will probably create endless goodwill. "People outside of security have almost no concept of what security is," says Carol Siegel, CISO of American International Group, an insurance and financial services company. "Viruses, hackers, firewalls—they don't understand the depth and breadth of the field at all." Companies want CSOs who can close that knowledge gap without expecting their peers to talk like engineers.