General security


December 4, 2012 by Ian Palmer


Evan Scott, president of ESGI

ESGI, a 12-person retained executive search firm situated in Washington, DC, specializes in senior-level executive searches for companies that sell products and services to the federal, state and local government. InfoSec Institute recently conducted an interview with Evan Scott, president of ESGI, to get his take on various issues in the IS/IT space.

What positions are currently in demand and what positions are seeing a decline in demand?

The demand has remained strong for IT professionals on the technical side, enterprise software, IT security. That hasn’t really decreased. There is always a demand for successful sales executives. If you know how to sell you will always have a job.

The searches that we handle serve as a leading indicator of where companies think money’s going to be spent by the federal government. So information security, both enterprise security and physical security, are areas that companies understand that we need to be investing in. Searches that we’ve been engaged to fill over the last six to eight months have been heads of business development…. We’re seeing a lot of activity around medical records… Security is obviously critical when you start to talk about putting people’s medical histories online in cyber space. [We’re also seeing demand in] mobility, global communications and security around handheld devices that are being used for everything from facial recognition, biometrics, GPS and securing those networks. We’ve been seeing less demand for staff-related positions… Every company has a CFO, general counsel, vice president, human resources et cetera. Unless a company decided to upgrade the role or there is turn-over, these positions have not been in as much demand over the past year as have the line positions.

What hard and soft skills are most in demand?

My firm doesn’t really handle the real technical positions — the applications, the engineering, those kinds of positions. So I’m only going to answer that question from the perspective that I know there’s a tremendous demand from more of our clients for advanced technologies. You’ve got to stay current; it’s changing everyday. Cyber security is a prime example. Thus, every client we work with that has solutions for cyber security is always looking to hire engineers, programmers, software engineers that are innovative, creative and up to speed on all the latest technologies. There’s a tremendous demand out there — and this isn’t only federal, but also commercial. Every company in the world is in cyber space. Our whole economy is tied into the Internet.

Risk assessment and compliance is another hot area. Companies are hiring folks or consultants to evaluate their risks on the what-if scenarios — like what if you were hit by a cyber attack? What if your company went down? Or, if you’re talking about an energy company, what if your grid suffered a cyber attack? These what-if scenarios are a big area right now. Some companies are saying, ‘We understand, but nothing’s happened, so we’re not going to spend the money now.’ And there are other companies that are spending a lot of money in preparing for what they think eventually will be an attack that will impact their business, and they have to have to have disaster recovery plans in place. As for soft issues, you must be able to relate to all types of personalities and be very team-focused. These are difficult.

What technologies are most in demand?

Well, I know the ones in demand are obviously cloud computing and cyber computing.

Who was the last security person you hired and what set that candidate apart from the pack?

We’ve recently did a head of business development for the intel community, which was directly focused on cyber security within the intelligence community. We wanted someone specifically who came out of one of the intelligence agencies. So the individual…was also involved in the technology issues within the agency during their career and then they left and they went into private sector. They had several years of private sector experience where they were going back into the intel community consulting and advising on important issues that they knew were important because they came from that world. And that’s the person we ended up recruiting.

How has your firm grown and changed?

ESGI is Washington-based. We’ve have 12 employees. I founded the firm in 2000. I’ve got four consultants and they do research and recruiting, and the balance of us are senior recruiters that handle all the searches. So we’re what they call in our industry a boutique executive search firm that specializes in representing federal contractors selling to the federal government. Our firm in principle hasn’t changed because we handle senior level executive searches. There’s a very specific process we follow that has been developed over thirty years. We are finding that companies are less influenced by hiring a name-brand search firm versus a seasoned recruiter who really understands their business and brings a network that will produce the talent needed. This is especially true here in Washington.

We grew 30% this year compared to last year in the face of a very difficult environment. With the fiscal cliff and government being unpredictable and delaying a lot of programs, our firm was up 30%, and next year we’re probably going to need to add one or two more folks. We anticipate 2013 is going to be another good year. There’s always a strong demand for good talent measured against short supply. That is why there is an executive search profession that expands every year. Despite the advent of LinkedIn, Ladders and other social media sites, the most effective method to approach and recruit top talent is doing it the old fashioned way. Employing a professional to act as [a] middle person is the game changer and competitive advantage in the hunt for talent.

Without naming specifics, what are biggest security threats?

Cyber. I interact with folks who are in this business and involved in network security, and we’re at war.

What is the hardest part of the job?

The hardest part of my job is recruiting top talent. 95% of the folks we go after are employed, and they’re coveted by their current company. Basically everyone we’re looking for is working because the top performers are employed. So the hardest part is developing trust with these executives, bringing them to the table to consider another opportunity and then actually helping our clients recruit them. That’s hard work. It’s an art. Our clients don’t ask us to advertise or go on LinkedIn. They say, ‘Look, we know the person we want is working. You’ve got to go after them.'” The credibility, being professional and [the] ability to listen are critical. We do care as much about the candidate’s career objectives as we do the desire for our client to hire them. You can’t fake this and that is what distinguishes the great recruiters from the rest.

Most enjoyable part of the job?

The most enjoyable part of my profession is when we hear from the candidate and client that this was a great marriage. That typically does not happen until six months after the person begins work. Last week, I received a bottle of 18-year-old Glenlivet from a candidate. Three months ago, I got a bottle of Johnnie Walker Blue. Helping individuals advance their careers and the trust they place in us during the process is the most rewarding part of my profession.

Which, if any certifications and degrees, do you see as important for hiring and career advancement?

Clearances are very important down here in DC. Obviously you have to have an undergraduate degree to be considered for any position. I do look for advanced degrees as well.

What would you tell a high school student interested in IT college?

Make sure they have an internship program and understand where the jobs will be in four years. Make sure you understand a little about the business environment and where the demand’s going to be because you’re basically talking about four years down the road. You want to go to a school where you can intern and go into companies during the summer or the holidays to see how business really works… So if you want to get into programming or security or network security, you’ll want to learn about the areas you think you’re going to have an interest in. It has to be based on where the demand will be. You must also follow your passion. Do not get into a track that you do not enjoy or have the aptitude for. If you do not love what you do, it will be work. If you love what you do, you will never work a day in your life. Not everyone can or should be an engineer or software developer.

What security sites do you visit?

What I do is I get a newsletter from GovCon and I receive Washington Technology. Those are the two publications that keep a pulse on federal contracting.

What security books and magazines have you recently read?

Chief Security Officer and Computer Science Magazine are two popular ones. I just finished the Steve Jobs biography and No Easy Day.

Do you have a favorite fictional hacker?

I loved 24. The agency was able to do everything to get Jack Bauer the information he needed — always in the knick of time. Just another day in the office. There have been more current ones. Person of Interest [is] about a guy who created a machine that does surveillance on every human being. He’s an unbelievable hacker. It’s scary.

Posted: December 4, 2012
Ian Palmer
View Profile

A Canadian currently based in Ontario, Canada, Ian is a researcher for InfoSec Institute. Over the years, he has written for a number of IT-related sites such as, and