![[Original size] White and Pink Strikeout](https://static.wixstatic.com/media/8264b6_7b0a194fbd554fac92d9b94b2375c5e8~mv2.png/v1/crop/x_52,y_156,w_384,h_171/fill/w_446,h_199,al_c,lg_1,q_85,enc_auto/%5BOriginal%20size%5D%20White%20and%20Pink%20Strikeout.png)
I've known Dan Hathaway for quite a few years now, since I was looking for my first job after leaving the military back in 2018. He's been a consummate professional the entire time, and has helped me and my friends on many, many occasions.
He's working hard to hold cybersecurity recruitment to a higher standard through his work with CERIS and is genuinely of the good guys out there - and a hell of a head-hunter, to boot.
He runs an excellent cybersecurity headhunting firm called Secure Source (www.secure-source.com) - which I've dealt with personally and highly recommend.
We sat down with Dan to ask him some questions about he and get his opinion on the cybersecurity jobs market and how lockdown affected it.
What were you doing before you decided to go into Cyber Security/recruiting?
"Wow, that was a while ago! I had a lot of different jobs and had no idea what I wanted to do, I grew up in the English Rivera (Torquay) so a lot of hotel and catering. I then moved into sales and found I was better at that and it paid better. I was headhunted into becoming a head-hunter and quickly found that I loved it."
For you specifically, dive into some of the cool jobs and projects you have gotten involved in?
"From the stuff I can talk about - I placed the Head of Information Security for the first digital Census for the ONS, Threat consultants for a well-known phone game company that features candy... Helping to build out Cyber Security team for the world’s largest Software company, placing some of the first employees in the UK for one of the largest APPSEC firms, placing candidates from Grads that are now CISO’s.
The coolest stuff always tends to be when you are placing people that make massive differences to companies (whether short term or long term)."
Any experience of the industry technically or otherwise before jumping in?
"No, I couldn’t use email when I joined recruitment. I was a classically trained head-hunter first; the subject matter was an area that I gravitated into and learnt more every day."
Why did you decide on Cyber Security specifically as an industry?
"I placed a Check Team Leader nearly 20 years ago and the more I learnt about it, the more I became interested in the market. I could see that computers were the future and that securing them wasn’t really even known about back then. When you are speaking to candidates and clients in a forward thinking area, it helps you glean an insight into where we’re heading."
Courses, resources, and the providers of them, your opinions on them? - if they are good, say so, if not, say so. No fluff pieces allowed!
"Well, this is a big area across Security. On the pen test side OSCP, CREST CHECK good, CEH, not so well received. I prefer to understand what the candidate can do rather than always look at the letters after their name.
There are some fantastic candidates out there that don’t have the certs, but within 5 minutes of talking with them I know that they would be an amazing hire for a pen test company."
Any setbacks/low points?
"Many! We try to remain pretty grounded whether the market is booming or quiet as most of our work comes about from recommendations and referrals, which is a key barometer here that we are doing something right."
What is your job actually like day-to-day?
"It’s a cliché, but there’s really no such thing as day to day. I’ve held pretty much every job title within recruitment now, so I focus more on making the company better and helping to grow the team. I take more pleasure from the consultants here doing well and the candidates and clients being happy – cheesy, but true."
Advice you wish you'd had before you started?
"None, I’m a 'learn on the job' kind of person - I think that having a strong work ethic, humble and inquisitive nature can get you far."
Lockdown: How did you cope (honestly), what did you use or rely on to get through it and what affect did you see it have on the industry?
"It’s been tough for all sectors and in many ways, the Security market is ahead of the game in terms of working from home, agile working and preparing for the worst. That said, recruitment is much about confidence and growth, two elements that have been in short supply since March.
We have seen some companies that have seen the opportunity in the situation and have been able to hire great candidates with less competition during this time. As a company, we have also tried to practice what we preach and have hired an excellent consultant here at Secure Source.
We spread our risk well and work globally, but a pandemic that is present in pretty much every country made spreading the risk difficult, but we undertook a fair amount of work outside of the UK while locked down which helped us a lot.
We have seen the very best and very worst of companies during this time in the way that they have treated their employees and it has been interesting to see the conflicting messages come out on social media and from the employees directly.
I would say the best thing about lockdown was the amount of contact we had with candidates, many of whom just wanted to chat and make contact. Many of these spend their time in bunkers or off-comms, so the dialogue has been really organic."
Post-Lockdown Cyber Market: Do you see any major sea changes in the industry after lockdown that are here to stay?
Are we back to normal, or will we ever be regards to the job market?
"We are not “back to normal”. But as an industry, we’re not paralysed like others such as the hospitality sector etc. Many within the market have paused in terms of growth, but given that Cyber Security was referenced on the daily Corona Virus briefings and Cyber Security attacks were up massively during Covid-19 (and still are), there will be a lot of pent up growth within the Cyber Security market - which we expect to see moving forward.
It will of course be different for Vendors/consultancies and Sales vs Technical personnel.
Companies that have a SaaS product that can be purchased online are naturally more resilient than some of the professional service offerings where work has to be conducted on site.
Also, we are seeing many companies growing their sales function to assist them in attaining more revenue.
Sam Morgan, our resident Cyber Sales guru has seen a sharper upturn in Sales and business development roles as companies look to grow out the pipeline for their technology to be utilised more. We’re hopeful that the “working from home” narrative has been changed for the better, allowing people more flexibility in their lives whilst keeping productivity high."
Do you think it will be a candidate-led or employer-led market going into 2021?
"Whilst we are not currently in a candidate-led market, I would argue that we will be again shortly (within Cyber Security) and we are not really in a client-led one as they haven’t been growing. There has been a pause that we have not seen before.
Experience-wise, I have recruited through recessions and Credit Crunches etc. and the Cyber market is incredibly resilient to external factors generally.
However, a Pandemic is a new one for all of us. No one can predict where we will be, but I would say that whatever happens, Cyber Security will grow."
Tell me about your work with CERIS, who you guys are, and what you do?
"CERIS has been a few years in the making and has taken us a while to position, but we are proud of where we are with it now and where it’s heading. CERIS (Confederation of Ethical Recruiters in Information Security) was born from the idea that as an industry, we needed to mirror our market's commitment to higher standards.
My personal view was that to attain levels with Cyber Security, there were lots of qualifications, governance, compliance, often Security Clearance etc, but to be a recruiter within this market, with access to highly cleared candidates working on highly sensitive projects, your only “qualification” needed, was to own a laptop and a mobile phone.
We wanted to raise the bar, up the professionalism and add value to clients, candidates and recruiters. We knew that it would need credibility and structure to enable buy-in and we have been really helped by CREST’s partnership in its growth.
If you are a candidate looking for a role and to speak with a CERIS recruiter, you know that you will be speaking with someone that knows their market, will display a high degree of ethics, knows their cyber essentials and will handle your sensitive data with care. They will also signpost you if they are not able to assist or offer guidance and advice.
We’ve just updated the swanky new site so feel free to check it out if you haven’t already: https://cerisapproved.com"
What else do you get up to within the market?
"We like to get involved in cool stuff whenever we can, we are a big fan of The White Hat Rally (https://info.whitehatrally.org/p/home.html) and we can usually be found on the B-Sides Stands in London and Bristol tapping everyone up for donations.
We’ve presented at B-Sides on Cyber Career’s as well as holding presentations at the World Trade Centre in the Hague and the British Embassy in Vienna on behalf of UKTI.
We are also big on the environment and are proud supporters of Cool Earth (check them out) https://www.coolearth.org We like to mix it up and get involved where we can!"
Thanks to Dan Hathaway for all of his help through the last few years, and for sitting down with Comfortably Dumb to share some of his experiences and opinions. Dan Hathaway is a fantastic head-hunter and I'd recommend him whole-heartedly. If you're in need of a new position or want to talk cyber jobs - find Dan here.
Comments