Security isn't thin

ITS LARGE

    LOUD AND

      FAT

<---Mark "Fat Bloke" Osborne

Get a Job - the Loud Fat way

The latest IT recession seems to have been and gone – Great, jobs for everyone.  I did a count the other day and I realised that over the last 3 years I applied for, or headhunters put me forward for, approximately 18 jobs

§        2 didn’t reply

§        2 involved an HR assessment day -àBIN

§        I had interviews for 14 of these positions and all but two went to a second or even third interview.  Most involved seeing at least four different sets of people.

§        In 8 cases, either they didn’t like me but more often I didn’t like them. Often there wasn't a job or they didn't have a clear idea of what they wanted – In nearly all these cases I wished I had got-up, thanked ‘em for their time and gone home half way through – trouble is at that point I start to give smart-arse answers

§        And in 4 cases, I got an offer. Notably, I liked every firm that made an offer – but apart from the last one, it wasn’t right for me.

The problem is I do have a pretty good CV and a good commercial track-record so I get a lot of interviews.  But because I have a uniquely poor Interview technique (in otherwords bloody-minded), it takes a good few attempts before I bag one – even then I can cock it up.

To let people learn from my mistakes, I have recorded some of the details here.  May be it will give heart to those still on a job hunt or  for those, like I have been at times, desperately looking to do something challenging or even  useful.

Interview 1

I was asked to interview for the position of divisional Head of security at a telecomm company.  The interview took place one Tuesday morning and was performed by a very stern lady.

Interviewer :  “You seem to think this job has a lot to do with IDS, why is that !!”!

Fat-bloke :  “Well you have had one of you're staff asking me questions about IDS for about half an hour,  the job description you handed me at the start has it listed as the primary skill and the agent told me that expertise was essential”

*  ** ** *** *** ***

Interviewer: “What do you know about (dring dring dring dring dring)!”

Fat-bloke:” who - ! ! ! “

Interviewer : “Don't you even know who you are interviewing for – Surely, you must know the name???”

Fat bloke :  “Yes - I was just deafened by  the fire bell”

* * * * *

Interviewer:   She hands me a yellow post-it - on it are the words  “you're gorgeous!!”

Fat bloke:  (to prove the mouth is faster than the brain) “You 're just a chubby-chaser, Aren’t you Luv  – I’ve had trouble with your type before”

Note – The post-it was a prop for a sexual harassment question, so this comment was particularly unhelpful

* * * * * *

Interview 2

FB interviewed for a “security strategy” position at a large Investment Bank in Canary Wharf.  The job seemed very much like a computer audit job and a little junior but was still worth a look.  I had a telephone interview with the team manager, then a formal interview with the team manager  and his side kick – they seemed sensible blokes..  Then I was invited to a further set of interviews all in the same afternoon with the Global Head of IRM, Global Head of Technical Security and some muppet with a charisma by-pass.  It was absolutely clear that none of them had prepared, co-ordinated with each other over who was going to do what or even looked at my cv

Interviewer 1 (Global Head of Department - first question): - “How do you sell security to a chief dealer who doesn’t think it matters? “

Interviewer 2 (charisma-less muppet - first question): - “How do you sell security to a chief dealer who doesn’t think it matters? “

Interviewer 3 (Global Head of Technical Security, as he walks in to join the charisma-by-pass muppet): - “How do you sell security to a chief dealer who doesn’t think it matters? “

Fat Bloke (to last interation of this question) “Well the answer I gave to that question when I was asked by MR XX on first interview was this.  It seemed to go down well so I'll give the same answer just for consistency.”

I rest my case!!!

** ** ** * ** ** ** *

For the first interview, I waited patiently in the waiting room holding my brief case and heavy coat – sweltering.  Then a reasonably attractive, blonde Irish dwarf runs in, vaguely shakes my hand and heads to a meeting room with me waddling  behind.  I manage to get my briefcase open, my CV and various note taking materials out,  when she jumps up, announces we are in the wrong room, tells me she’s short of time and dives into what looks like a television studio – I stagger after her clutching my gear - dropping monte blanc pens and business cards as I go .

Interviewer 1 (Global Head of IRM Department): - “How do you sell security to a chief dealer who doesn’t think it matters? “

Fat Bloke: “Well, as you can see from my CV, I have done this many times I basically have a three pronged approach:

1.     If it is a regulated industry, and it is a requirement or likely requirement of the FSA or SEC, I make it very clear to the dealer that he will be causing a regulatory infranction. I will agree enthusiastically with his comments that the regulator is an arse – but will also let him know that if anyone gets in the way of compliance – Everyone will know his name.

2.     If it is not something required by regulation, I wil try and get the dealer to tell me what his objections are and design a solution to meet his needs – while focusing on the benefits and advantages to him

3.       Lastly I  focus on what will happen if we don’t do it.

Interviewer (global head of IRM): -“That’s rubbish – I don’t believe anyone does anything because of the regulator – There no difference between a regulated company and a non-regulated company – blah blah”

(N.B. Last year This organisation has spent £32million on a SOX project)

Fat Bloke: “Forgive me– but it doesn’t sound like you’ve any experience actually implementing security in a regulated or non-regulated industry – Do you know that most non-regulated multi-national companies don’t even bother with IRM as department“

Why say more -  I should have left  after all there isn’t enough money in the world  to convince me to work for her but I stayed. and  she left full of righteous indignation –  The last two interviews were conducted over a video conference call, with a camera which seemed to focus on the bald bit on the top of my head  - You all know I love myself  but they might as well of asked me to interview in the nude whilst doing a Step-Aerobics class).

Interviewer 1 (Global Head of technical security): -“Which is better AES or MD5?”

Fat Bloke: “Well They’re different things aren’t they, one is a cryptographic algorithm and the other is a crypto-hash.  I guess with poetic license, if you read better as longer key-length, you could claim AES was better as it is common to have key lengths of 256 (trying desperately to demonstrate knowledge).  Nevertheless, the question is similar to “Which is better a hammer or a screwdriver?”; you need to know for what before you can answers it. “

Interviewer (global head of technical security): - “Yeah !! But which is better?”

Interview 3

FB interviewed for a Head of Practice position at a Boutique Security Consultancy.  He was at the final stage, when he met the CEO.  Even though I knew I had the job in the bag, they had been playing  GoodCop-BadCop for about two hours – I was mightily pissed off.

The CEO:  “Have you got any questions?”

Fat Bloke:  “Yes, Can you give an outline scope of the job.”

The CEO:  (holding up a blank piece of paper) “That is the scope of the job – you write it. “

Fat Bloke:  “So anything in security is my baby”

The CEO:  “It is, if you want it. “

Fat Bloke:  “So how many pen-testers will I have to manage?”

The CEO:  “Pen-testers!!! You won’t be in  charge of pen-testers – that’s not within the scope of the job!!”

Interview 4

FB was bored off his bonce and needed a change.  He was approached for the role of security-suprimo at a reseller well known for managed firewalls –  lets refer to them as Via-Windy.  FB was not keen but then he met the VP of products, who was very impressive in an impressive office near Oxford.  FB became more interested – And went for an interview with the Chief Operating officer (in what seemed to be a small closet in the city )

Fat Bloke:  “The head hunter said you’d like to see me present a business plan”.  (Whilst thrusting a copy of a lovingly bound copy into his hand)

The COO:  (Short man with Short Man Syndrome) “I couldn’t care less about your plan – I am sick of hearing about security. I don’t think Via-Windy can make money in Security, Webhosting is where its at”

Fat Bloke:  “Well these days customers expect commitment from their managed security partners – too many firms have left their clients in the lurch.  Likewise investors are cagey – with 135 employees, 3 offices and a small revenue of less than £20M after five years of operation, they have some grounds.

BUT LASTLY and most importantly, you have to question the motivations of someone who tells interview candidates that it’s a dead-end job

Yes I agree – I don’t think you can make money in security”

* * * * * *

Short COO:  “You may have been a Director and potential partner at a la-de-da BIG SIX  firm - And you claim to have brought in £millions – BUT WE ALL KNOW AUDIT CLIENTS JUST HAND YOU THE MONEY!!!!”

Fat Bloke:  “That is a common misconception, but it was never really the case. Anyway Sarbanes Oxley has put an end to that for many international clients”

Short COO:  “Sarbanes Oxley? – What’s that”

Fat Bloke:  “You did say you were considering being quoted on the NASDAQ?”

Second interviewer

Northern Woman:  “I know nowt about security – Sell me some security”

Fat Bloke:  “Would you like to buy some security? – No?”

Aimless chit-chat followed – during which time I got some insight about just how un-P.C. and intolerant some people can be.  And you can guess it takes a lot to shock me

BUT I WAS – SO I LEFT

Interview 5

One of FBs’ old boys  was working for a top-3 accounting firm who’s security function needed a new leader – Ever loyal my buddy suggested my name – but lets face it, he worked there – he aint goin to put his job at risk if he didn’t think I could do a great job.  Make him some money.

So I get this call from HR – who want me to go on a 3 day induction session designed for graduates.  I suggested if they wanted proof of my ability to I do the job they look at my CV, check my track record or ask around but I wasn’t going to take a week off for a job I know nothing about.  I thanked them, and said bye-bye.

A week later I got a call asking me to go for a chat with a senior partner – I said happy to but I was going to treat it as a chat not an interview.  All went well for a while but the position really stank – no budget, no authority, not really a practice head at all – a salesman.  But then he added insult to injury by doing what all Big-6 partners do ( I know I was one), he started treating me as a trainee – even though he was asking for my expertise to jolt his crappy little practice.

 Partner:  “If you get this job, where do you see yourself in 5 years?”

Fat Bloke:  “Well, in five years time this will be the fourth  multi-million pound security practice I have either set-up or turned-around.  It is really hard work.  So by that time you will have paid me my termination bonus, I think I will go work in the power tool section of B&Q”.

Partner:  “B&Q, PowerTools – you are supposed to say you wanted to be a partner”

Fat Bloke:  “Partner – No.  I’ve tried to be one of those before it wasnt very nice.”.

Partner:  “Well – I have a major concern,  I don’t think you can sell – you just haven’t sold me that you can do the job”

Fat Bloke:  “Well I have never been accused of not being able to sell before – However, I was under the impression we were talking about a practice head position not a salesmen. But having said all that, I thought you were supposed to be selling the job to me. God knows, the role needs selling”.

Good Luck with the Interviews

Back 2 LFB