Good evening, my fellow security professionals.

Since I find myself "in between jobs" (you have to love the euphemism), I wondered how many others of you are facing similar problems and decided to share a bit of my experience trying to land a new job.

One of the most frequent assessments one can have thrown back at them during the application / interview process is that they are "overqualified". Now, there could be several things at play here, as I'm sure you can agree: either the company looks at your resume and decides (based on previous jobs you've had) that you will not come to work for the salary they are offering, or, if you do join, you won't stay for long, or you would feel "underutilised", etc.

What I suspect is happening is that, in a buyer's market like the one we are now experiencing, organisations of all stripes can afford to be very choosy and the security generalist, however senior and accomplished and successful in their previous career, tends to lose out to the security specialist / niche expert.

I call this "we want an engineer, with a blue cap, a yellow screwdriver, fixing only green appliances, in this red procedural way" syndrome. So, companies want risk auditors / assessors with specific industry vertical experience (e.g. public sector vs. financial services vs. telco), or they require administrators / analysts fluent in certain security technologies and not others, rather than the well-rounded generalist.

Sure, the CISSP (and, I suspect, the CSSLP, in the medium term) qualifications do help, especially at the pre-selection stage before the interviews, but are not enough on their own to land a good security job.

The challenge for us moving jobs in this climate seems to be able to prove that we can both provide value for money for what the company needs now (the "yellow screwdriver .." etc), and also hint that they would be getting so much more by hiring us, so that, in effect, they are looking at a bargain!

This is how my job hunting strategy is shaping these days (I haven't landed yet, mind you).
I would love to hear about your experiences!  Best of luck, Ionut.




More...

I really hate the "over-qualified" response. It's completely idiotic.

Do you want the best you can afford or do you want something less good?

I choose the best, but that's just my view.

Retention may be a valid point, but I had this response once for a high salary position and it just doesn't make sense, retention is only a problem if you're paying too little as this is the number one factor for changing jobs among ambitious IT pros. Hence why when you get in to higher salaries you move around less.