In Depth
Bob Moore Knows How to Get Hired
CSOs will find few security job openings and a wealth of candidates for them. Here's practical advice on landing the right position.
By Daintry Duffy
Slow and Steady Does It
It's not enough for the CSO candidate to make a good impression. When it comes down to the nitty-gritty of identifying the most qualified applicant, companies are going to be looking at some concrete skills as well.
Right now, the security market is flooded with Johnny-come-latelies looking to adapt a patchwork of technology skills and corporate experience into a position in the hot security sector. Most companies are wise to these charlatans, and they want to look at candidates who have been steadily building toward an executive security position instead of hopscotching all over the technology field. "Larger organizations in particular are looking for people that have evolved from smaller roles [in security], to larger ones, to global roles," says Lenzner. Add to that a dash of business experience and you have a background well-suited to the CSO role.
Moore's career growth toward his current position at Merck is a good example. His long track record in security with the FBI and Amoco established him as a candidate with a strong background in the field. "What Merck liked about me was that I spent the vast majority of my career rising through the ranks of a corporate security organization and then stepped out to be the vice president of country operations in the former Soviet Union on an oil and gas development project," Moore says. While that might appear to be a digression on a rsum, it actually made Moore a more attractive candidate because it gave him international experience that would be important to Merck as a global company with operations in more than 100 countries. It also gave Moore experience as a nonsecurity line-of-business executive, creating a level of comfort for the executive team, which naturally wants a security partner who understands its needs.
Establish Your Cred
Sure, certification has its share of detractors. Many feel that the credentials are too easy to get, but as a measure of general security knowledge, the CISSP and CPP certifications still say something about a candidate's expertise and dedication.
The information security field is particularly cert-sensitive. According to Foote Partners, workers receiving premium bonus pay for a CISSP experienced a 38 percent growth in that bonus pay last year
Companies like to see security executives with a combination of experience on the business side and a technical certification because it bodes well for their ability to knit those two groups together.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
