01242 507100

Chris answers your questions

Q) CISO Question:

I get hundreds of messages from recruiters on LinkedIn and it really frustrates me because I feel like they’re just sending mail-shots to everyone who has ‘cyber’ in their job title. It doesn’t help that my experience with agencies in the past has been terrible. What’s going on? The recruitment industry seems to have a fundamental flaw. There must be a better way…

Cyber Recruitment

A) Chris Dunning-Walton’s comment:

I agree with you – the recruitment industry in the UK is fundamentally broken in its current form. By and large, recruiters don’t trust clients or candidates; clients and candidates don’t trust recruiters; and recruiters absolutely do not trust other recruiters! But why is that?

Whilst recruiters must take accountability for their actions, the responsibility does not only reside within the recruitment industry. Fundamentally, why do CISOs get all those spam emails, unsolicited CVs (a pet hate of ours!), cold calls and LinkedIn requests? Because, through pure weight of numbers, this approach still makes money for recruiters - it “works”. I do not advocate these methods and neither do we adopt them at InfoSec, in fact we try hard to do things very differently (no heckling please fellow recruiters!).

However, recruitment falls roughly into three camps:

the high pressure, KPI driven, old school “Wolf of Wall Street” practitioners who have not evolved in 25 years;

the enlightened few who invest time in learning about the sector and cultivating trusted networks;

and then there’s everyone in between.

Why do 100% sales-driven recruiters still exist, in my opinion?

Partly it’s because a lot of companies do not know how (or do not want) to vet their suppliers properly. They are unable or unwilling to develop trusted relationships, because they don’t trust recruiters anyway! It also takes an investment of time, effort and commitment to cultivate a worthwhile business relationship of any sort, something HR and Procurement have precious little of. So, hiring managers and recruitment contacts will accept speculative CV approaches for a difficult role they’ve been hiring for the last 3 months, despite the introduction being down to mostly chance – getting lucky through sheer weight of numbers alone. On that basis, the recruiter has “succeeded” and the hiring manager has got what they want, but the system remains broken and does not engender long-term relationships. It encourages short-term, “fill the need” engagements with no real thought for the future and no real partnerships.

So, what’s the solution?

There is a reason why executive search firms are so successful and convert almost all their engagements – they only work on roles they can deliver and the end client fully engages in the recruitment process. There is a true partnership in place where both parties prosper from the relationship. In my opinion (like I said, no heckling please!), the contingency (traditional contract and permanent) recruitment industry will stay (mostly) broken while the atmosphere of mistrust continues to purvey the industry. An impending recession (we are due one) will shake up the industry, sorting the good, the brave and absolute pirates, and we’ll see more and more companies hiring in-house teams as they realise the access to talent has never been easier for the majority of more generalist positions. As and when this happens, you’ll likely see only the true specialists and the massive low margin RPOs providers remaining in the industry.

In the meantime, if hiring managers and HRDs were to thoroughly vet potential recruitment suppliers deeply with a clear intention to form meaningful trusted relationships where they pay for, and expect, actual expertise and delivery with recruiters in retained and exclusive engagements, the sales sharks will find it very difficult swimming. The industry would self-regulate – you’d have to be a consultant who consults to add value.

So, the bottom line is that the problems with the recruitment industry, both in cyber and more widely, of course reside primarily with the recruiters, but they are also a result of how companies engage suppliers. It’s a business-wide, self-fulfilling problem. If companies continue to expect and encourage the worst then until someone blinks, things won’t change.

  • 6 steps that CISOs can take to have a better experience with their recruiters
  1. Do not accept unsolicited approaches, especially if these include CVs or candidate details (breach of GDPR anyone…?!).

  2. Listen to your network, and if you’re hiring, ask around for introductions to the best suppliers.

  3. ‘If you buy cheap, you buy twice.’ You don’t need to break the bank, but true experts probably won’t be the cheapest. They don’t have to be the most expensive though.

  4. Exclusivity should not be a dirty word, especially with a timeline – a supplier with 2-weeks exclusivity will be super-motivated to fill your role but gives you flexibility.

  5. Ask people for their ‘Why’? Why are they in recruitment? Why do they like cyber security? You’ll soon figure out the great from the not so go- od.

  6. Expect and encourage the best from your suppliers. Inspire and invest in them to go and get you the best talent in the market for your roles.

We hope these steps help you.

Thank you to Chris Dunning-Walton, InfoSec People’s MD and Head of Search for his insights.

  • As ever, contact us for an informal discussion if you’d like any further information about why InfoSec People are different in their approach to recruiting exceptional talent. Our clients succeed in their recruitment plans when we work together. Email us: info@infosecpeople.co.uk.

Cyber Recruitment