Focusing on the enterprise security, cyber risk and technology innovation spaces, http://www.lenznergroup.com/ is an executive search firm based in Williamsville, New York. Founded back in 1997, the company has established a track record in security, compliance and IT risk-management recruitment and strategic talent acquisition. InfoSec Institute recently asked Tracy Lenzner, founder and chief executive officer of LenznerGroup, for her views on the IS/IT arena.

What positions are currently in demand and what positions are seeing declining demand?

There is high demand for security professionals who have both traditional information security as well as technology risk management. We are seeking an increase for organizations seeking security and operational risk officers, privacy and compliance leaders, global enterprise architects, technology risk and compliance practitioners, cyber intelligence and response.

With that said, employers are very selective about potential hires’ organizational fit into a company’s culture, especially as security risk management is integrated across the enterprise. This means there is more competition and demand for specialized and hybrid IT business risk professionals who are effective communicators, negotiators and innovators in the latest cloud, access control, social networking, web application or mobile technologies.

At the C-suite and now more than ever, candidates at all levels, who add value to their organizations, customers and clients, will continue to thrive and excel.

What hard and soft skills are most in demand?

Security management today requires integrated security and technology risk frameworks, including security governance, risk management and compliance provided by corporate and/or professional services, managed services, hardware and software solutions. People and identity, data and information, application and process, network, server and endpoint, [and] physical infrastructure are key drivers. Critically important is soft power such as communication and presentation skills, executive presence, resourcefulness, drive, tough skin, strategic and tactical vision, and ability to engage multiple stakeholders across multiple functions, business units and regulatory arenas.

What technologies are most in demand and which ones are dying out?

As new technologies emerge, including social, mobile and cloud applications, consumerization, big data, BYOD, international standards and compliance — coupled with increased regulations, embedded security within products and services and transparency — demand for a broader knowledge base, as well as specialized and sophisticated range of skills, will be required.

Who was the last security person you hired and what set that candidate apart from the pack?

LenznerGroup recently placed an elite team of security and business technology risk vice presidents/directors, as well as a chief security architect, for a premier global financial services organization. [The team]…exemplify these qualities noted above.

How has your department grown or changed, and how do you expect it to change in the future?

LenznerGroup is continuing to expand and evolve in parallel with our clients’ increased need for strategic talent and alliance partners. We expect this trend to continue as organizations retain our firm to recruit security professionals who possess a certain set of core leadership, technical and business acumen [traits], similar to other business functions such as finance, legal, HR, administration, operations, marketing and sales.

Without naming specifics, what are biggest security threats?

The biggest security threat is our ability to anticipate and respond to the new global digital landscape. There is continued focus on new and emerging technologies, products and services. Clearly, there is a plethora of technologies available to tackle the emerging and next gen threat challenges. But there is one aspect that is more important than technology: the human side. The financial marketplace is a key area for new jobs and growth. Breaches and sophisticated cyber threats will continue to emerge in both the private and public sectors. However, it is important to remember that our critical infrastructures such as smart grid, supply chain and significant government related contributions, will continue to add jobs, influence and lead risk management and security efforts worldwide.

What is the hardest part of your job and what is the most enjoyable part of your job?

Some organizations are slow to recognize the economic value of IT security and IT risk talent. Educating stakeholders and helping them to understand there is more competition and demand for specialized and hybrid IT business risk professionals can be both challenging and rewarding. Placing highly skilled and talented candidates and helping these professionals grow their careers is also a very satisfying aspect of the work. LenznerGroup is in a unique space to identify, engage, collaborate and work with some of the best talent available and leading clients worldwide. Helping clients assess and determine what they truly want and identifying candidate must-haves versus what they had in the past, and providing a select group of candidates who meet and/or exceed requirements and expectations [is challenging].

Which, if any, certifications and degrees do you see as important for hiring and career advancement?

While degrees and certificates are essential, organizations today are increasingly focused on the actual experience and demonstrated success in very specific areas. Any and all certifications, degrees, advanced degrees and credentials can be beneficial to anyone seeking to leverage, distinguish and advance his/her career and contribute value to an organization.

What will get a job candidate’s resume thrown in the trash?

Resumes that are not well written, include typos and/or documents that are five-10 pages, will be triaged into the ‘will read later’ pile. Obviously, the resume that is formatted attractively and easily understood versus [having to hunt] for information to determine possible fit, will win.

Want to learn more?? The InfoSec Institute Ethical Hacking course goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to black hat hackers. Some features of this course include:

  • Dual Certification - CEH and CPT
  • 5 days of Intensive Hands-On Labs
  • Expert Instruction
  • CTF exercises in the evening
  • Most up-to-date proprietary courseware available

What would you tell a high school student interested in studying IT in college?

Our high schools and universities should be encouraging more students towards a career in IT/IT risk and security, if we want to be the epicenter of the talent pool. High school students can be proactive in finding internships, mentors and joining organizations. However, organizations, schools, business and government should be reaching out and setting up internships and training programs to foster interest, opportunity and growth.

What security sites do you visit?

Security and risk management is universal. With that said, I read — and communicate with folks — daily via news, blogs, R&D and white papers, to provide intelligence and insight on current events, upcoming regulations, leadership updates, emerging trends and innovation.

What were the last security books and magazines that you read?

Proprietary business plans, and industry-related business, security and risk magazines.