cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Baechle
Advocate I

How do YOU respond to the HeadHunter?

I recently have been receiving a ton of solicitations for work by headhunters.  As with several of our prior discussions, it appears as though these folks are still looking for free range Unicorns.  I'm going to give a rundown of the requirements of an example solicitation, and my thoughts about who they are looking for.  But, I would like to hear your thoughts on this as well.

 

Position: Insider Threat Investigator

 

Requirements:

8+ Years of Experience, with proven results in conducting investigative interviews and writing reports with formal interview training preferred

  • A mid-level experienced investigator

5+ Years of specialized Insider Threat experience

  • A mid-level Counterintelligence Agent?

2+ Years of specialized Financial Services Investigation experience

  • A LE agent from the DOJ; a Treasury Special Agent who also worked in the IG; or an FBI Agent that did at least one tour in Financial Crimes and National Security?

A history of independently leading investigations with minimal supervision

  • Supervisory LE Agent from the DOJ, Treasury, or FBI that worked both Financial and National Security/IG investigations.

Experience with User Behavioral Analytics products

  • A Supervisory LE Agent from the DOJ, Treasury, or FBI that worked both Financial and National Security/IG divisions that was a Data Scientist with a Psychology background before becoming an agent.

Advanced knowledge of computer OSs and file systems and experience with forensic utilities

  • A Supervisory LE Agent from the DOJ, Treasury, or FBI that worked several years in Cyber, Financial, and National Security/IG divisions each that was a Data Scientist with a Psychology background before becoming an agent.

Preferred Qualifications:

Advanced experience with Splunk, SIEM, IDS/IPS, and log aggregation tools.

  • A Supervisory LE Agent from the DOJ, Treasury, or FBI that worked several years in Cyber, Financial, and National Security/IG divisions each that worked as a cyber security integrator/consultant while going to school for a dual major in Data Engineering and Psychology prior to becoming an agent.

Experience performing static, dynamic, and reverse engineering of malware malware

  • A Supervisory LE Agent from the DOJ, Treasury, or FBI that worked several years in Cyber, Financial, and National Security/IG divisions each, and worked as a cyber security integrator/consultant while going to school for a dual major in Data Engineering or Statistics and Psychology, was awoken from the Matrix and given a download of advanced programming and debugging methods by Tank.

Experience with eDiscovery methodology and best practices, and processing/review platforms

  • A Supervisory LE Agent from the DOJ, Treasury, or FBI that worked several years in Cyber, Financial, and National Security/IG divisions each, and worked as a cyber security integrator/consultant while going to school for a dual major in Data Engineering/Statistics and Psychology, was awoken from the Matrix and given a download of advanced programming and debugging methods by Tank and is now trying to sow chaos in the Matrix by posing as a defense lawyer or a paralegal for a law firm for those targeted by the Matrix's Agent Smiths.

 

Maybe I'm being cynical and this isn't a Unicorn.  If this describes you or someone you know, let me know and I'll hook you up with the head hunter.

 

What compensation would you ask for this position?

 

Sincerely,

 

Eric B.

 

9 Replies
billclancy
Contributor I

I receive solicitations by email and phone daily. Since I updated my on line resume to include my shiny new CCSP, the call volume has increased. As I have a large heard of friendly peers around the world, I share these listings with folks wanting to move here and there. (A difficulty of working overseas can be getting back into the US labor market, without a significant time gap.) 

 I'm finding that lots of these recruiters ask for the world and are usually happy with your current skill set, once they've decided they actually want you. I think part of the problem, is the client isn't really sure of what they need, so the recruiter throws a wide net. They want a purple unicorn, but will settle for an ill tempered rhinoceros.

  How do I respond to those I'm willing to actually talk to? I'm usually my most pleasant self, except I won't discuss money until there is an offer on the table. The fastest way to turn me away is to ask my current wage, or discuss salary before the deep details of the job. 

  

Beads
Advocate I

Looking at this JD my best guess is that your reading either the promoted incumbent's history or promoted from within the organization. Way to specific otherwise which also links into your free range unicorn theory.

 

As for comp(ensation?) Somewhere North of 150k as you are looking for some extremely specific and highly trained skillsets only available under the GSA schedule along with very tangible supervisory experience. 

Take the local cost of living and market demands as well as I doubt the position is located in say rural Iowa but a major downtown metropolis. 

 

I would not call this a run of the mill "mid" level position but definitely an upper-mid to high level, high visibility position that should also state your likelihood this person will end up in the witness stand as well. Being a professional witness is inherently time consuming and stressful. Been there, done that.

 

Whew! Interesting position though!

CISOScott
Community Champion

I think  for this position you would have to have held several jobs.

1 Jobs in forensics

1 Job in investigations

1 Job in eDiscovery

1 Job in Splunk and SEIM

1 Of those jobs would have had to have been in the Financial Industry

1 of them in Law Enforcement

1 of them in legal

1 would have to have been in a supervisory capacity

and 1 in a malware analyst role.

 

Seems they want the whole enchilada. I would think definitely 6 figures at a minimum. I can see maybe someone in a LE role touching most of those but not all of them at one agency.

billclancy
Contributor I

Compensation has become such a bugaboo these days. Frequently headhunters want to discuss compensation before even fully explaining the position. What ever happened to the days where they put the salary range in with the job description?

 In my estimation, anyone with a CISSP is worth $100,000, and it rises from there. Multiple certifications? 40+ hrs/ week? Lead a team? Security clearance? These all drive the salary up... don't be shy, let them know what you're worth.  

rslade
Influencer II


@billclancy wrote:
They want a purple unicorn, but will settle for an ill tempered rhinoceros.

I resent that characterization, and, no, they didn't hire me.

 


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
billclancy
Contributor I

I didn't mean you...I meant they reach for the sky, and will settle for much less. In my estimation they are looking for far too much in one person.
Baechle
Advocate I

Ken,

 

I agree with your breakdown.  I did it a little more colorfully, but yours is much easier to read.

 

The interesting thing about this is that my resume contains the keyword "Insider Threat,"  so I imagine that is why I keep getting these solicitations. 

 

The problem is that in my experience the "Insider Threat" role was actually a team of multi-disciplined folks.  There was no one person that had all these skills.  And even if they claimed they did, they were really only proficient in 1/3rd of that list of skills.

 

My biggest issue is that SEIM aspect.  That has to be a separate function.  As soon as you throw that into the mix, that is all that job is going to be.  I'm afraid of taking a position that is a mix of SEIM and anything else, because I believe that you're going to have to choose to do SEIM or everything else and I don't want to deal with that come performance eval time.

 

Does anyone have a different experience?

 

Sincerely,

 

Eric B.

billclancy
Contributor I

You're absolutely right!
rslade
Influencer II

See also.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468