Home » Security Leadership » Career/Staffing

In Depth

Bob Moore Knows How to Get Hired

CSOs will find few security job openings and a wealth of candidates for them. Here's practical advice on landing the right position.

By Daintry Duffy

Page 4

While the relationship of the CSO to the IT security department varies greatly depending on the company, certification can buy you a certain degree of respect from the technical team. That will make you not only a more appealing candidate, but if you land the job, it may also smooth your way to a fruitful partnership with the IT function.

Have Some War Stories

An applicant with lots of ideas and opinions but no war stories of hairy security situations encountered and resolved is a big red flag for companies. Dan Lohrmann, CISO and director of security and disaster recovery for the state of Michigan, stresses the importance for would-be CSOs of being able to give firsthand examples of their work, backed up with good reference points that show what they did to resolve a problem and why they chose that solution. "I was asked about e-government, identity theft, about strategies to stop spam and how much I knew about incident response," says Lohrmann about the interview that landed him his current position. "They wanted to know how I would organize [security] given different agencies that have different approaches."

CSO candidates should walk into an interview with examples of how they handled situations at previous security assignments that showcase the abilities they want to project to an employerwhether it be analytical and motivational skills or negotiation techniques.

Get That Vision Thing

When Moore joined Merck, he recalls that security was basically "a dysfunctional function." There were one or two corporate security employees at headquarters, and the rest were tucked away in different divisions. Moreover, those divisions didn't communicate with one another, and they lacked common systems, policies and resources. The company was looking for a security executive who could pull all those siloed security teams into a centralized function and then map out a long-range plan for security that would carry Merck forward.

Moore is now nearing completion of his original five-year plan, and he identifies vision as one of the critical assets that CSOs must bring to the table. But be warned: Presenting your company with a clear vision of its security evolution requires discussing more than just the end result. "If you don't understand where you need to go, you probably won't know how to get there," says Moore. "For me at Merck, it was a matter of having the experience to know what was needed before I could come up with recommendations about how to accomplish it." An applicant who communicates that sense of direction in an interview marks himself as someone who will be able to firmly take the wheel and chart a course.