I’m currently recruiting a Security Director to replace me as I move on to pastures new. I must admit to being wholly underwhelmed by many of the CVs that have come my way and also rather upset by the number of applicants currently out of work. Anyone who thinks information security is a recession proof career is wrong because around half of the CVs received are from individuals made redundant from their previous jobs.
The other disappointing thing is the number of people I’m seeing who are great at writing policy and delegating jobs to third parties but have lost the hands-on technical skills (if they ever had them). From my perspective, the ability to read and interpret a network scan, review an architecture design or read a log file, identify the important issues (as opposed to the trivial), and describe why the issues are important and the work that needs to be done to fix them is bread and butter stuff. Not only that, but it’s the fun part of the job – it’s the bit we should all really want to be doing! Writing a policy document is important, but it’s hardly something to be proud of being able to do. Bring me candidates who still have some security mojo!