Created by the Security Executive Council
The one thing a security leader must avoid is an ineffectual hire.
Only 2% of security leaders in the SEC’s 2021 Security Barometer poll on top risks to the enterprise
listed talent shortage as their current top threat. However, it was clearly on the minds of multiple respondents, who commented that if they could choose their top three risks rather than one, talent shortage would be on the list. Unfortunately, their concerns are warranted.
A recent article in McKinsey Quarterly, ‘Great Attrition’ or ‘Great Attraction’? The choice is yours (Sept. 8, 2021; De Smet, Dowling, Mugayar-Baldocchi, and Schaninger), cites new research that shows a continuing trend of significant attrition across industries. Employees are leaving their jobs without new employment lined up, and for reasons their employers infrequently understand.
This means security leaders may see an increase in insider threat events stemming from overwork and low morale across the organization. It also means they may see more of their own leaving for other opportunities, which presents both an opportunity to engage with at-risk staff about their needs, and a challenge: hiring new core team members.
If you are looking to hire a new member of your core security team, you can’t let someone else do the interviewing for you. Meet eye-to-eye and have a conversation. Let the conversation reveal the things you’re looking for. Be an investigator. Listen carefully, ask the right questions, and let the candidate do most of the talking.
Following are some questions that can help you decide if a candidate has the skills for the job. The “right” questions will depend on what you’re looking for in a candidate, beyond the technical skills and educational accomplishments that HR or outside recruiters have used to narrow the pool of potential hires.
Our subject matter experts recommend looking for team members who are self-driven—who can take on an assignment and determine what the real and underlying issues are, resolve every aspect of those issues, and provide clear and meaningful guidance to business leaders. Look for enthusiastic people who are truly committed to learning the business and contributing to its profitability.
You can use this checklist as a starting point for an interview, as a candidate or a hiring authority.
Is the candidate a lifelong learner?
- What kinds of hobbies or sports are you involved in?
- Why are these rewarding or important to you?
- What professional certifications do you have beyond your degree and why did you seek them? (CPP, CFE, CISSP, etc.).
- When you’re faced with a topic or issue that’s unfamiliar to you, what do you do?
A lifelong learner will be enthusiastic about learning a new business and will tend to treat challenges as opportunities rather than handicaps.
Does the candidate have a high level of energy?
- Describe your level of physical energy.
- What does your typical day look like?
- Tell me about your experience with international travel. How does it impact you mentally and physically?
You may ask these questions if you need team members who can get off a plane in another country and hit the ground running, or if long hours and late-night emergencies are expected. Innate energy is key in this environment.
Does the candidate want to be a business partner?
- Tell me about the values of your previous organizations.
- What did you do in your role to promote those values?
- How do you see the security team fitting into an organization, ideally? What is its role?
- What steps would you take as a security leader to become an integral part of other business teams across our enterprise?
Smart security works throughout the business to deliver tangible business value and improves net profitability. Ideal candidates will embrace this mission.
Can the candidate multitask in highly complex environments?
- Tell me about the most complex environment in which you’ve ever worked.
- How did you keep all the balls in the air, so to speak?
- What strategies did you use?
Most security teams need to be able to multitask in an organized way, dealing with multiple inputs simultaneously without neglecting any.
Does the candidate have a strength of character?
- Have you ever experienced pushback from leaders or colleagues on a given stance or initiative?
- If not, what have you done to avoid it or why do you think that’s the case?
- If so, how did you deal with it?
- Do you see your attempts as successful or unsuccessful?
The security team will have to stand strong when decisions are in line with Security’s values and the company’s values. But they also need to be able to listen to business partners and change tactics when it benefits the business.
What is the candidate looking for from the organization?
- Describe your ideal work environment.
- Tell me about something a previous employer has done that made you feel valued.
- If you had to choose the top three things that make an organization attractive to you, what would you choose? (Examples to offer: competitive salary, good health benefits, flexibility, potential for advancement, having a sense of belonging in the team, access to advanced technology)
Pay attention to the response to this question. If the candidate joins your organization, it will give you insight into how to keep them.