ISC2 Security Congress Live Show - podcast episode cover

ISC2 Security Congress Live Show

Security Cleared Jobs: Who's Hiring & How
Dec 13, 202323 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Recorded live at the recent ISC2 Security Congress, this panel discussion features Kirsten Renner formerly of Accenture Federal Services and now with Cydecor, and Kris Rides with Tiro Security. Hear about top certifications, steps you need to take when you apply for a job, the eternal power of networking, and more.

“They apply and wait, apply and wait, apply and wait. There's a good chance, no one's gonna see, sorry, your resume. Go find out who the recruiter is, or go find out who the hiring manager is and send them a direct message on LinkedIn. That's good advice. And say, ‘I have applied. Is there anything else you need from me? Are there any other roles that you think would be a good fit for me?’ You have to do the extra thing.”

Find show notes and additional links at: https://clearedjobs.net/isc2-security-congress-live-podcast/

_

This show is brought to you by ClearedJobs.Net.

_

Transcript

Kathleen Smith  00:24

Welcome, I'm Kathleen Smith. I am the Chief Outreach Officer of ClearedJobs.Net, but my other great involvement and leadership opportunity is leading the Career Center here at ISC2. My other passion is doing a podcast with the lovely lady at the end of this panel, Rachel Bozeman. And we decided for once we would do this podcast live. Rachel, it's great to see you again. Great to see you face-to-face after a year and a half of doing the podcast.

 

Rachel Bozeman  00:54

The hugs are the best.

 

Kathleen Smith  00:57

And we brought our boots.

 

Rachel Bozeman  00:59

Because they're made for talking.

 

Kathleen Smith  01:02

So Rachel, who do you have sitting to the right of you?

 

Rachel Bozeman  01:05

Well, I have the one and the only man, that for the longest time I thought just existed from the waist up. All of our interactions were all via Zoom, but Kris, there's more to you! I'm so excited.

 

Kris Rides  01:22

I actually wear pants. Only in public. No socks, though. I'm like a daring Victorian that just shows off their ankles occasionally.

 

Kathleen Smith  01:32

But tell us a little bit more about you, other than the daring ankles.

 

Kris Rides  01:36

So I'm CEO and founder of Tiro Security, a cybersecurity staffing and professional services company. Very involved in the community, very passionate about what we do, and how we all need to work together. I lead the industry advisory board for NCyTE, the National Cybersecurity Training and Education Center, which is passionate about trying to move us forward and fix some of the headaches that we've got right now and the ones we're having, we're certainly going to have come up.

 

Kathleen Smith  02:04

Sounds great. And to my left, I have a dear friend whose was our first guest on the podcast and provided other great advice on employment scams, Kirsten Renner, my friend in the conference world but also one of my customers. Tell us a little bit more about yourself, other than your great boots.

 

Kirsten Renner  02:25

That I just got on 5th and Broadway. So I'm Kirsten Renner as she said, and they call me Krenner on Twitter. I co-founded the Car Hacking Village in 2015. And I recently made some big changes. I went from running the National Security Portfolio of recruiting at Accenture Federal Services, after they purchased a company I was working at, Novetta. And I just switched to ICS Village and I'm talent engagement which is a new role. So it's doing this sort of thing and engaging with you all, the talent.

 

Kathleen Smith  03:00

Kirsten was hosting a roundtable yesterday and this morning, more focused on SkillBridge and military transition. Because not only are you a very big supporter of military transition, you're also an Army mom. So tell us a little bit more about the conversations you were having this morning on the SkillBridge table.

 

Kirsten Renner  03:22

SkillBridge, if you're not familiar -- and I am very passionate about this even prior to being an Army mom -- but it is a DoD program. And it is specifically put in place to do a fellowship, which would be similar to an internship. The DoD pays the members to go get training. So the participants, the employers are providing the training to the individuals and hopefully having opportunities for them after the fellowship.

 

Kathleen Smith  03:49

So I would just say, if you're transitioning military, definitely look into SkillBridge as part of your bridge to getting your commercial experience. But do realize that it is your responsibility to go to your manager, to your officer, to start the process. It is not something that you just do sort of willy nilly. It is part of your journey. So really look at that program. So we're here at a certification conference. Let's talk more about DoD certifications. We're talking about the security-cleared world, we're talking about people having to fill the various different regulations. What are you seeing as the key certifications now that people need, because I know we can go and look at the 8570 or whatever the new regulation is called. And it's a big long list, and it's really frustrating. Sometimes you don't know where to start. So that's a two part question. One, if you're gonna go start a career in a security-cleared cybersecurity career, what is the certification you really should be focusing on first? And then sort of on the other realm, if you're already in your journey of certification, what are the key certifications you should be focusing on right now before you build all the others?

 

Kirsten Renner  05:24

I want to answer the question a couple different ways. I want to touch on a couple of different things real quick. So before I came into govsec, I was in telecom. And I can tell you that I remember recruiting at the time. One of the biggest challenges was they that CISSP was the main thing they wanted me to look for. It was like the Cisco certs and stuff like that. I remember thinking it was impossible. It's a volume problem. And we have similar problems in the cleared community, where there's a volume problem. People that either do or do not have the clearances, it's a math problem, right? So you're going to look at different things. So the employer or the hiring organization has different reasons for putting six certification requirements in the job description. So if you see those in there, it's to win work, right? It's to get things like ISO 9001 or the different things that they need to certify the organization. So there's different reasons why they're tracking and providing training internally for certifications. So when you're having the conversation with your recruiter, even when you get that far, you can say, "What assistance are you, the employer, going to provide for me to get the certifications that are required?" Also, Security+ is the main one that pops into my head personally, because I'm in national security and it just shows up on a lot of the contracts that are the work that we're fulfilling in our spot. So if you don't have the required certifications, don't be discouraged. Don't think that you're automatically disqualified. Have a conversation about, is it negotiable, that the employer can either provide the training for you, or make an offer to you contingent upon you obtaining it, and/or you can start and get it and remain employed by getting the assistance to get the certification. So don't be discouraged if you don't have it.

 

Rachel Bozeman  07:19

So we're gonna kind of pick your brain in this section.

 

Kris Rides  07:21

Okay. 

 

Rachel Bozeman  07:22

There are 18 to 19 different certifications. So if someone is transitioning into this space, what would you say are the top one or two certs that are a must have? Like get them now.

 

Kris Rides  07:33

So truly there is only one cert that we regularly see and that's the CISSP. Right? We know that's the benchmark. And I'm not here saying it just because we're here at the ISC2 conference. But that's what it's like, right? It's on most job descriptions. Somebody asked me what certs do CISOs have. You might see them with an MBA and things like that. But from a certification point of view, if they've got something, it's the CISSP. So that is kind of the benchmark. Obviously, that's not something that people can have if they haven't got five years’ worth of experience. So we've got the Security+. I think that the new CC is really interesting. There's obviously a huge push to get that out here. I think the exciting thing about that is I know it's free. And we know that there's a membership fee, right? So they're not disguised. But the membership fee is less than I pay for my membership fee for ISSA or OWASP. You're part of an organization. I think that's going to be a great stepping stone into ISC2. And to the point where, I haven't told anybody this, and this is live. And I'm committing to it by saying it. By the way, I'm a recruiter, I'm not a practitioner, right? There's a big difference between the two. I'm going to do my CC. I'm going to do it. This is my last conference I've got of the year. I'm going to get it done before the end of the year. I'm committed to that, there's people out there that are watching this, and they're thinking of getting theirs. Can you hit me up on LinkedIn, and we'll do like a study group or just something? I'm gonna get it done.

 

Kirsten Renner  09:13

What about CEH? Do you see a need for that?

 

Kris Rides  09:17

Oh my goodness, I'm not a big fan of the CEH. I think things like the OSCP are great. You know, that's a great certification. And the people that are actually doing this kind of work seem to really respect that. I do see the CEH come up occasionally. It's never ever essential. I mean, I try and make sure the certifications aren't essential when we're talking to hiring managers. I do see it occasionally come up, but it's not that often. I'll see it on a resume more than I'll see it in the job description.

 

Kirsten Renner  09:49

I think this is really cool evidence of how there's different perspectives depending on what your aim is, right?

 

Kathleen Smith  09:56

Yeah. And I wanted to flip this over and just sort of give kudos to both of you, because both of you are recruiters, but you have technical backgrounds. You were helpdesk for a while and you're now going for your certification. So, you know, set up the study group with him. Yeah, let's make sure he really knows how to take this exam. But I would say that when you're talking to a recruiter, be sure that they understand the technical background. And that might be hard because there are a lot of recruiters, HR departments, that don't have people who understand the certifications or the technical backgrounds. And I know a lot of people then get frustrated with that interview question or that screening call. Don't get so frustrated that you burn that bridge. That person has been given a role to screen you for a variety of things. I always look at it as an opportunity to reverse mentor, or we talked about reverse engineering. Let's talk about reverse education. Let's talk about, you're asking me about a CISSP, do you know what this is? Do you know what I had to do to get it? That is not talking down. That is sharing knowledge. That is also building a relationship with that recruiter, because that recruiter has been put into a place to screen a BD manager, a technical person, and an admin, all in the same day. And my head would explode if I had to interview for those different skill sets. So I know, it's really frustrating. We like to talk about how recruiters are awful people. They're not. They're really great people, right here. And if you have an opportunity to provide that education, go ahead and do it. I mean, it's no skin off of your nose. And you're learning soft skills on how to communicate with a new audience. And you may actually build a really powerful relationship with a recruiter, which is always very helpful in your job search. And realize that there are more recruiters out there that will leverage their networks. Even if you don't get that job, did you like having that conversation with that recruiter? Keep in touch. And I know Kirsten at least has had several candidates, who you've talked to for three or five years before you finally had the job that was perfect for them. Right? And you didn't shove them into a job that wasn't going to work for them. You have an example of that?

 

Kirsten Renner  12:23

Oh my gosh, yes. I always try to close a coaching session or a conversation with, "the worst thing I'm ever going to do to you is just introduce you to somebody else." And I'll just @Kris. You know what I mean? So there's going to be a lot of situations, one in particular, with an individual several companies back -- look at my LinkedIn, you'll figure out what I'm talking about -- everywhere I go gets bought by somebody else. But this is a few research companies back, smaller organization. And I met this brilliant security researcher, and they were looking for something. And I thought, man, I'm gonna get so many kudos for doing this. I said, but let me also tell you about this other thing. They ended up doing the other thing. And coincidentally, like eight years later they became the reason why I ended up at Novetta. And I will say, the person is now in charge of research at Microsoft. What a great thing to do. Right?

 

Kris Rides  13:28

Or come and do some coaching here or the resume review.

 

Kathleen Smith  13:28

Yeah, I think that's one thing that I've loved about being part of our community. And I talk about the security cleared community, I talk about the security community, I talk about the hacker community. We talk about giving back. If you want to give back, just find one or two people. That's it. You don't have to have a big following. You don't have to have a million conversations on LinkedIn. Just find one person. So sorry, went off track.

 

Rachel Bozeman  13:33

Something that we talk about quite often on the podcast are career searches and job advice. So I want to ask both of you, you know, times have changed. I think back when I started recruiting, the blunders that I constantly saw candidates coming in and you know, asking, when's my first day off? Or all sorts of fun stuff that just comes out of their mouth. But you know, as we've kind of evolved and the seasons have changed, what are some of the obstacles or some of the things that you see candidates are currently stumbling through that you could help give back so that they could avoid those kinds of obstacles?

 

Kris Rides  14:46

We always talk about networking being so important, and I think that hasn't changed no matter where you are in your career. Today with the Path to CISO presentation, I was talking about getting on an advisory board to help you on your path to CISO, and you can help doing that with lots of chapters and getting involved with nonprofits. And that can be your first step into that sort of work. So that's one thing. But the whole networking thing as a whole is so important. I had a hiring manager that I spoke to who very proudly said to me, "We put out an advert and in one week, we had 700 applicants." This year, particularly, that's gone kind of crazy. And he proudly said to me, "And actually, I've not seen one of those resumes, because I had four people recommended to me, and I've just interviewed them, and I'm about to hire one." And so all of those 700 people are going to get a decline. And some of those are going to be perfect for the role. And so that networking and being recommended, and that's really how you're going to find your role right now.

 

Kathleen Smith  15:53

What's interesting is that one of the statistics that we hear a lot on the podcast is that referrals are about 40% of new hires of many companies. We actually interviewed somebody a few weeks ago, that was 60%. And I think you're right, a lot of people don't understand the power of your networking and the power of a referral program. And I've seen it changed so much in the 20 odd years that I've been involved in this, that it used to be just sort of you forward an email, and now they're very big, complicated programs. So why don't you go through and talk about your experiences?

 

Kirsten Renner  16:31

Everything you said was correct. Regardless of their career level, or whether they're trying to break in, trying to do something new, or they've worked for 20 or 30 years and they're not ready to stop working, is that they apply and wait, apply and wait, apply and wait. There's a good chance, no one's gonna see, sorry, your resume. And you're gonna get an auto message that says, "We found somebody else. And we'll get back to you if we ever see a thing right for you." Those auto messages are generated, because probably somebody did send in a referral, or somebody did not just apply, but then also -- go find out who the recruiter is, or go find out who the hiring manager is and send them a direct message on LinkedIn. That's good advice. And say, "I have applied. Is there anything else you need from me? Are there any other roles that you think would be a good fit for me?" You have to do the extra thing. And it's going to come through those various ways, whether it is finding out, do I know anybody at this company? Do if I know somebody at this company? Why not reach out to them about whether they have internal or external referral programs? And say, "Would you refer me?" And you just got in front of the hiring manager faster.

 

Kathleen Smith  17:57

And just to really bring this home, we've all been in recruitment, recruitment marketing, decades. And there are studies that will tell you that over the last 15-18 years, an organization called Career Crossroads, has sort of talked to major employers, not just in security, but in all major industries, and said, "What is your number one source of hire for the last 18 years?" It has been referrals. Employee referrals has been their number one source of hire. The number two source of hire is actually job boards. And it's fascinating because job boards have been around since 1994. And people think that they're no longer being used. But for the last 18 years, number one has been referrals and number two has been job boards. We have a job board. Ours is very specific. But people say, they're so out of date. Well, if they've been the number two source of hire since 1994, they might be powerful. You just might want to learn how to use them. So let's go back to job search tips, because we have a fabulous live audience who decided not to get lunch. So thank you everyone who decided to come, and hello again, everyone in the virtual world. Let's talk about current job search challenges. So we talked about, yes, we need a referral. Yes, we might be what's called, spraying and praying, which I can't believe these terms are still around, but we're spraying and praying. Say someone does get that call, what are the challenges after that?

 

Kirsten Renner  19:48

Specific to security cleared positions, obviously, depending on, is the hiring organization of the prime on the contract or not? Do they need customer approval? Do they need prime approval? What other contingencies are in play? Those things all take time. And so it's going to be communicating with your recruiter, and making sure that you know what to expect and not getting passed around from person to person in that process. The closer you can stay connected to one individual that helps you understand what to do, and this is going to take many days, and now we're going to verify your clearance or now we're going to run a background investigation, or now your clearance has to literally come over and this specific agency only does in dark days, every other Tuesday if you're lucky, right? So things like that are controlled by the customers and controlled by the prime. But what I'm describing to you, and I probably skipped 10 things, but there are many parts of the steps that if you're the candidate, or you're the applicant, or you're being interviewed, if someone isn't making sure you know what all those stages are and how long they will take and what the status of them are, you might just feel forgotten or you might feel like it's over, right? And sometimes I gotta admit, you know, I don't recruit anymore, but when I did, my greatest failure was dropping the ball and not telling someone what was going on. You know, I just like, squirrel! And I'd go do another thing and I'd forget, and that's terrible. Don't be afraid to ping them, to send them a reminder, to harass them, to go on LinkedIn.

 

Rachel Bozeman  21:19

Kindly. They're people too.

 

Kirsten Renner  21:22

Yeah, just say, "Hey, don't be afraid to tell me to calm down if everything's fine and I should be calm. I'll be calm. But is everything okay? Have you forgotten me? Is there anything you need from me?" Just lead with, "Is there anything you need from me?" There are many things out of the recruiter's control that they are just waiting for somebody to get back to them on.

 

Kris Rides  21:42

Most of the time, a good recruiter wants you to get that position and will do whatever they can to try and help you and assist you and make sure that there aren't too many shocks or surprises that you're not ready for, to allow you to do the best you can. So treat them like a partner and a friend, because they can really help you. And actually, most people aren't looking to ghost people. They're humans. Things jump through the cracks. So I have always had a three strike rule. If I reach out to somebody once and they don't reply, no problem, easily done. Now at times, I've opened my LinkedIn messages, read something and think I must reply to that, and then the phone rings and I don't go back into it. Same with emails, right? Two times, okay. By the third time, you probably are being ignored and you need to move on, but give people a chance. They're just humans that make mistakes. And we all do that.

 

Kathleen Smith  22:31

I've just been given the high sign. So thanks to my lovely co-host for joining me here up from Louisiana and my dear friends. Please listen to the podcast and thank you so much for joining us today.

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android