SOURCE Boston 2011: Two views on infosec interviewing, hiring

Lee Kushner and Lenny Zeltser will offer some advice for hiring managers and job seekers at SOURCE Boston next week.

It's one thing to be a capable infosec professional. It is something else to be capable at managing your own career -- knowing how to land the right job yourself or, as a manager, to spot and hire the kind of talent that will improve both your organization and your career prospects.

So a bit of enlightened self interest might be all the motivation necessary to attend a presentation by two experts in the field titled, "Across the Desk: Different Perspectives on InfoSec Hiring and Interviewing," at SOURCE Boston, which runs April 20-22 at Boston's Seaport Hotel.

The presentation, Thursday, April 21, at 10 a.m. in Plaza Ballroom A, will be the first collaboration on the topic for Lee Kushner and Lenny Zeltser. Kushner is president of Freehold, N.J.-based LJ Kushner Associates, an executive search firm dedicated to the information security industry and its professionals. He is also co-founder of, a website for information security career advice, guidance, and research. Zeltser leads the security consulting practice at Savvis, is a senior faculty member teaching security courses at SANS Institute and blogs on infosec careers.

Also see: Set expectations for a successful a security career

According to the SOURCE Boston website, "the session investigates the perspectives of both sides of the hiring process: the candidate and the employer," and also gives attendees the chance to, "address questions regarding career planning, interviewing, position selection, the selection of career investments, compensation and negotiation."

Much of that, Kushner says, can be summarized as helping both employer and prospective employee to avoid wasting time.

The problem with those on both sides of the hiring game not being clear about their expectations, he says, is that both employers and candidates can, "waste a lot of time on something that has little chance of closure."

Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.

Both sides, he says, "can forget what the other side is thinking."

The result, after considerable time spent, is that jobs go unfilled.

Zeltser says that spotting a bad match is harder than it sounds: "Sometimes we convince ourselves that the candidate or the employer are a good fit because some aspects of the match are attractive to us, while we ignore the less-desirable attributes.

"For instance, the candidate may like the compensation package and ignore the heavy travel component of the job, coming to regret taking on the job later. Or, the employer may like the candidate's technical skills, and not pay attention to the person's inability to present security concepts to a non-technical audience."

The goal of both sides, of course, is to match jobs with people who not only have the right skills, but are a good fit. Along the way, however, there can be competing interests -- compensation is an obvious one.

But Zeltser says simply assuming that the candidate wants more money while the employer wants to pay less is too simplistic. Other parts of the job package, like travel, hours and perks could be more significant to a candidate.

When it comes to money, "the employer might be under time pressure to hire ASAP and be willing to pay an above-the-market salary. Or the candidate might accept a lower salary if he or she seeks a job that can teach a particularly attractive skillset," Zeltser says.

Kushner says it doesn't help either side to play a "cloak and dagger" game over compensation. For candidates, the best thing is, "to prove their value initially, and then be clear about their requirements." The two also stress that while a resume has value, it is personal contact that will close the deal. "A resume tells what you've done, but doesn't tell what you want to do, Kushner says.

To that, Zeltser adds, "my No. 1 tip for job candidates at the moment is to emphasize their communication skills during the interviewing process."

While an increasing number of candidates have similar technical skills, "the ability to sell security to external customers and internal constituents, writing and speaking skills, persuasive abilities and other soft professional attributes are rare. Emphasize these skills if you have them. Attain these skills if you don't have them yet."

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies