Robert Half Technology is ideally positioned to provide customers with a wide range of technology staffing solutions for their project, contract-to-hire and full-time staffing needs. InfoSec recently interviewed Lara Dodo, Robert Half Technology’s regional vice president responsible for Ontario, Manitoba and Quebec, about her take on some pressing issues in the information security/information technology space.

What positions are currently in demand?

We also do a lot of research into the trends. We’re seeing mobile app developers on heightened demand; network engineers and business intelligence analysts are also seeing great demand. Everyone’s talking about big data. Everywhere you go, it’s big data. This is causing more of a need in looking for people in data administration and data modeling – the whole business intelligence space. Big data’s a big driver of things. The BYOD [bring your own device] trend drives a lot of demand for positions as well. BYOD is causing spin-offs onto security – How are organizations securing their networks? What are the potential security breaches of concern to organizations? And of course, what is the impact to the networks? What is the impact to the help desk and the support functions? So BYOD has a lot of consequences in terms of security, networks and support. Another driver is virtualization and cloud. When you look at virtualization and the cloud, again you’re going back to security, networks and support.

For which positions are you seeing dying demand?

I wouldn’t say they’re dying. It’s more about a skill set that is not in as much demand. An example would be not seeing as much demand for COBOL developers as we did in years gone by. It’s more .NET today or PHP. Older technologies are seeing slower demand. They haven’t gone away, but there’s slower demand. The other types of roles that come in peaks and valleys are QAs, QA testers. There’ll be times when we don’t see a need for a lot of them. But if someone is going through a lot of new development and decides to go through an extensive testing process, we’ll see a spike in the demand for those roles.

What are some of the hard and soft skills that are in demand?

In the soft skills area, everyone iss looking for someone with a positive attitude, essentially, a strong communicator. Communication skills have always been important. Specifically, this refers to the ability to have a business conversation as it relates to IT (the ability for IT to converse with the business side of the house in an effective way is very important). As well, the ability to work as a team is crucial. Teams today can be remote, which entails the ability to converse across different time zones, and via remote access. The ability to take initiative, as well as being able to be creative in coming up with solutions, is another soft skill.

From a hard skills standpoint, it starts with certifications. Certifications are important, the top three probably being CISSP, CCSA and CCSE. Skills behind that really depend on what level of security we’re looking at. If you’ve got someone who’s doing data security in an analyst role, we’re looking at their researching ability. If you’re looking more at a systems security administrator, we are looking for the ability to create passwords, someone who’s able to monitor and participate in the testing, or we’re looking at the integrity and the confidentiality of the data. If looking at engineering, it’s going to go uphill a little bit to more in-depth analysis, and in-depth creation. Three core competencies would be someone who has got really strong information security management skills, solid security strategy planning skills and strong solid risk assessment skills.

What technologies are in demand?

Very anecdotally, in the development space demand is very much in .NET,SQL, PHP, SharePoint and Java is also high on everyone’s radar right now. Depending on the organization, they could be looking at developers in the Facebook space or it could be something on the iOS side. Then there are the traditional infrastructures, referring to traditional system administrators, network administrators, VMware and Hyper-V.

What technologies are currently dying or seeing less demand?

From my anecdotal perspective, keep in mind that we work where the demand is, there’s always a need for someone who’s running a legacy system or someone who doesn’t have the budget to upgrade to .NET who is maybe working on something a little bit older. It is not often that we a receive COBOL or a Python type of request, but there are still a group of companies who do need professionals with all these skills.

Who was the last security person you hired – and what set that person apart from the rest of the pack?

We just placed someone who is a senior IT specialist -the company was offering a range of mid-$90,000s to $130,000. This individual had certifications in CISSP, CISA, and they really hit those three core competencies I mentioned earlier. The individual had very strong experience in information security management, great examples on their resume and personal testimonials when discussing their background in security strategy planning, as well as really strong examples that they could share with the client in vulnerability of risk assessment. That’s probably what really stands out in a good candidate – someone who not only has a good resume, but can also speak to tangible examples. The candidate’s resume showed a progression of having been a network engineer, a security engineer and then a security specialist.

How has your department grown or changed?

We continue to evolve. We recognize that technology is driving business more than ever before. As such, we want to make sure that we’re helping our clients to be prepared to have access to the best, most talented IT contractors for their projects, or potential full-time hires, as they expand within their own companies. Locally, we are very much keeping our finger on the pulse as to the technologies that are in most demand in order to proactively have candidates available for our clients.That way, we can give our clients a quick turnaround time in accessing top talent, and offer the same turnaround to our job seekers and candidates.

How do you expect your company to change in the future?

We continue to grow, which means we’re anticipating continued growth within the IT sector. Something your readers might be interested to know is that a lot of people are concerned with the current job market because the Canadian national unemployment rate is sitting at 7.2%, whereas within the IT sector in November 2012, it was 2.8%. This means that IT hiring managers have a real challenge in finding top talent. Essentially, it’s a great time to be in IT. For job seekers, it may not be as easy to find a job, butit means that if you position yourself correctly; have current certifications, good interview skills, and are able to really apply to the appropriate jobs, the likelihood of finding a good match is pretty good at this unemployment rate.

Without naming specifics, what are the biggest security threats that you see right now?

We ran a survey with CIOs and we asked them, ‘What keeps you up at night?’ One of the top responses was security. I think it also depends on what your business does. Someone who’s in health care probably has concerns about security breaches for patient confidentiality. If you’re in the financial services area or banking, you probably have concerns around fraud, and access to confidential information and identity theft. Or, coming from a big corporation that has maybe just opened up to an unlimited BYOD strategy, your security threats may be more along the lines of having any kind of device potentially accessing your confidential data as an organization.

What would you say is the hardest part of your job?

Balancing the demand for skilled professionals with the availability of those skilled professionals.

What is the most enjoyable part of the job?

The most enjoyable part of the job is knowing that you areimpacting someone’s career. We help individuals find great careers, assistbusinesses do what they are in business to do: to grow revenue and accomplish their corporate goals/objectives. By providing them with the best talent to get it done, that is a tremendously rewarding experience.

What certifications and degrees are important to career advancement?

Some environments are very specific to having undergraduate degrees, and more are open to college backgrounds or diplomas. Some hiring managers are very specific on certifications, while others will trade years of experience in lieu of it. If you are making a career in security, I would recommend keeping your certifications current. Applying for a job withouthaving a certification could put you as a second-running candidate versus being a contender or a first-pick. Certifications give you that extra advantage in the job search.

Can taking certain degrees at the post-secondary level help aspiring IS/IT professionals gain a competitive advantage over their competitors?

This depends on the situation – there are talented professionals who have pursued a computer sciences undergrad degree, followed by a career path that follows that whole progression of analyst to the next step, to the next step – while there are others that come up as mechanical engineering undergrads and find their ways into unbelievable critical IT leadership roles. Other professionals who come with a business MBA or a business undergrad followed by an MBA, with an IT focus or an information-systems focus may also find their ideal job path.

What mistakes can job candidates make that can get their resumes thrown in the trash?

Typos! A lot of the companies use keyword search-scan technology; therefore, if there are a lot of applicants, many hiring managers, unfortunately, just to manage the volume of responses, will eliminate resumes that have basic errors. As well, if your key skill set is in security, you need to make sure that word comes up enough times to be picked up by a keyword search engine. Resumes that are too long and resumes that are too short are undesirable. As well, not showing enough testimonials of your contributions with your previous employers is also a downfall.

What advice would you give a high school student interested in studying IT in college?

It’s a great time to be in IT. There are multiple career paths available, compared to years gone by. There are wonderful opportunities for those who have more of a business mentality. Start volunteering to build for a portfolio of work experience early, and build a list of references to help put you ahead of the competition.

What security websites do you visit regularly?

I tend to read multiple publications, for example, IT World Canada. Their e-newsletter has links to all sorts of issues. I also visit the Harvard Business Review, as it has some great articles from time to time that cover IT security, big data or warehousing issues.

Want to learn more?? The InfoSec Institute Ethical Hacking course goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to black hat hackers. Some features of this course include:

  • Dual Certification - CEH and CPT
  • 5 days of Intensive Hands-On Labs
  • Expert Instruction
  • CTF exercises in the evening
  • Most up-to-date proprietary courseware available