Help is on the way thanks to certification nonprofit (ISC)2's release today of a free 30-page reference guide for HR professionals and recruiters to consult during the hiring process of information security professionals.
The booklet, “Hiring Guide to the Information Security Professional,” contains helpful hints for HR and recruiters who are charged with placing want ads, reviewing applicants' qualifications and interviewing candidates.
But such tasks have not always gone seamlessly considering the information security profession is still immature, constantly changing, and filled with a laundry list of certifications, experts say.
“I think that HR professionals are generalists for the most part because they have such a broad range of responsibilities,” said Jeff Combs, senior recruiter with Alta Associates, which contributed to the book. “They don't understand the nuances of what makes a good hire versus a bad hire. The same goes for recruiters. It's a pretty fast changing industry.”
The guide -- available for download at www.isc2.org/HRCenter -- offers typical job descriptions for writing want ads, in addition to detailing traits and career paths of information security professionals, Sarah Bohne, director of communications and member services for (ISC)2, told SCMagazineUS.com today.
The booklet also will clear up any confusion surrounding the bevy of certifications that job candidates might hold.
“We are on a mission to demystify the profession,” she said.
Combs told SCMagazineUS.com today that the publication also will emphasize the importance of attracting and hiring IT security employees who understand the importance of aligning their work with the company's business objectives.
“The trick is going to be getting folks to articulate what they do in terms that make sense to business stakeholders and non-IT people because ultimately they have to manage and address risk properly,” he said.
Not only will the guide allow the hiring process to become more seamless, it also will create an educated HR or recruiting professional, Combs said. This is particularly important in a landscape where organizations are often battling over candidates.
“If you're interviewing for three different opportunities and one of those companies has a seamless process, you're going to feel much more comfortable about choosing that opportunity over a situation where you're not going to get that kind of support,” he said.
Hiring the right candidate is the first piece of the puzzle toward protecting an organization from IT security mishaps, Bohne said.
“We're talking about the protection of an organization,” she said. “This is a real opportunity for the HR professional to play an important role in that.”
A printed version of the guide is expected to be available from (ISC)2 at the end of the month, Bohne said. Copies also will be available at upcoming conferences.
Additional, more in-depth documents to be used in the hiring process can be found on the organization's website here.