Recruiter: What position are you calling about?
Me: I don't know. I am returning your call from 5 minutes ago.
Recruiter: Oh yes, Mr. Starnes. My client is looking for an encryption expert for a six-month contract.
Me: I know how encryption works operationally, but I am certainly not familiar enough with it to be classified as an expert.
Recruiter: But is says on your CV ...
Me: No where on my CV does it even mention encryption.
Recruiter: (Pause) Do you know any encryption experts?
Me: Yes, but you won't get him. He is in his first year at GCHQ.
Recruiter: What's GCHQ?
Me: Never mind, you won't get him.
This sort of scenario is all too common these days. I must have been called by more than 50 agencies in the UK purporting to be "specialists in information security recruitment". If that were true, the market simply wouldn't support them. In general, I have found the professionalism of recruiters in the infosec area to be rapidly declining as too many cowboys enter the market.
The internet has been in some respects the worst thing to ever happen to the recruitment process. Many agencies simply throw CVs at a prospective employer without personally vetting them. The worst offenders just use a key word filter. I've had recruiters submit information security candidates to me who didn't know what TCP/IP was.
Don't get me wrong, there are good information security recruiters outthere. Usually they are an established agency with a reputation in the industry. But if any of this sounds familiar to you, I strongly suggest you find yourself another recruitment agency. Remember, the recruitmentagency is representing you to your perspective employer. If they aren'tprofessional with you, chances are they aren't winning over potentialemployers either.
Opinion: Chase the cowboys out of town
By Richard Starnes, on Sep 4, 2006 3:56PM