I recently got interviewed for a security director’s position. It was advertised as Governance, Risk & Compliance. But by the time I got deep into the interview, I felt like what they really needed was a CCNP, MCSE & RHCE – along with the CISSP. Lucky for me, I can traverse a conversation of most any IT area since I have worked in IT for so long. I often wonder though if employers out there have the wrong idea about what a CISSP is and what we do.
I had to explain and advise more than a few employers interviewing me about their appropriate IT/HR needs. So, when I hear senior management exclaim that industry certifications don’t equate to ‘performance’ which I agree with in principle. But I am now thinking that maybe such leaders are not understanding their technical / security management needs. SMH.
I have often found that Job Descriptions don't exactly go with what an organization is wanting a security professional to do. Particularly HR and most hiring managers want a CISSP to do everything related to security. In my discussions, I found the reason for this to be due to the number of domains covered in the CISSP exam.
Do they understand? Probably not at first, but hopefully after speaking with you they had a better understanding of their gap.
IMO, it is a hard question for most managers to figure out. IE what do they actually need for a skill set when it comes to security. I have met plenty of IT-centric managers that had no clue on security. Now, take a non-technical manager who is trying to fill a gap and they are throwing darts in the dark.
Just my thoughts.
It is vital for the Hiring Manager(s)/leaders to know about the domain so that they can select right candidate(s). I have seen that often many resources are not up to the mark for the job they are hired to do and they don't have the zeal to learn which leads to a poor team which has a bigger responsibility.
It is vital for the Hiring Manager(s)/leaders to know about the domain so that they can select right candidate(s).
While I agree the above statement should be true, the point I was driving at, is that it often not true, IMO.