Problem solve Get help with specific problems with your technologies, process and projects.

How to talk to executives about an information security team hire

When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about making an uncertified hire.

I'm in the process of hiring a new person for our enterprise's security team. I've whittled the pool down to three candidates, two of whom have the CISSP certification and one who doesn't. I think the best candidate is the person who does not have the certification, but the executives are pushing for a certified hire. How can I convince them that a certification isn't necessarily the best way to choose an employee?

Treat this much like any other request to the executive staff. So, rather than explaining that certifications aren't necessary, explain why this particular candidate is the best, in spite of not being certified. What is it that you like about this particular candidate, and why is he or she better than the others? Is it particular skills or experiences he or she has? Or is it the way the candidate handled him or herself in the interview? Does this person just seem like a better fit with the rest of the team?

Regardless of the answers, present why you think this person is the best candidate. If the executives are really hung up on the certification issue, you can always offer to help the candidate become certified within a certain period of time after he or she starts the job; that way, you can have your cake and eat it, too.

For more information:

This was last published in January 2010

Dig Deeper on Information security program management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.