Comfortably Dumb sat down with Chris Dunning-Walton, Managing Director and Head of Search at InfoSec People to talk about how he found his way into recruiting for this mile-a-minute industry we call home. Good times, tough times and all the bits in between. He's a very active member of the InfoSec community, an excellent security professional and I highly recommend getting in touch. His LinkedIn can be found here. InfoSec People is an excellent cybersecuriy recruitment firm, and candidates and employers can find their site here. What were you doing before you decided to go into recruitment?
"I was playing rugby full time and worked for a year as a PE Teacher at Marlborough College. Give me a tricky CISO assignment over a classroom of 13 year old netball players anytime!"
Why did you decide on cyber specifically?
"My background before focussing on cyber security was typical to most practitioners – I was a specialist IT recruiter and was asked to find some information security and assurance professionals (as they were back then) - which we fulfilled successfully.
On exploring the industry further at that time (which was the height of the recession in 2008), it was clear that an opportunity existed to be very niche and deliver real value as a specialist in the cyber sector."
Dive into some of the cool jobs and projects you got involved in?
"The cyber security industry has undergone real transformation and change over the past decade. It has always been very cool to build teams for clients who then go on to develop some leading technologies and innovation, something we have accomplished for several cyber tech scale-ups to date who have then gone on to successfully raise Series A and B rounds or been acquired.
My role in the business over the past 5 years has also transitioned into purely focussing on tech leadership searches, so retained headhunting for CISOs and CIOs.
We have run several successful CISO searches for FTSE100 businesses now and the process is always incredibly rewarding, working closely in partnership with the senior leadership teams to close out a great new hire - which can literally transform the technical (and wider) direction of their global enterprise.
You meet a lot of motivated and inspiring people in that process, and the CISO role is certainly not for the fainthearted in the current climate!"
Technical experience you had before you joined, or was it mostly picked up along the way?
"I absolutely picked up all of my technical knowledge within the job.
We are looking for 5 of the team to gain their CISMP (Certificate in Information Security Management Principles) exam this quarter as it happens, as we really enjoy learning in our roles and feel this enables us to advise in a more structured and credible way."
Courses, resources and the providers of them if you've taken any? - if they were good, say so, if not, say so.
"So many!! I have taken nearly all the recruitment courses available if I’m honest – through the REC and through APSCo and am on the final leg of completing a L5 Diploma in Recruitment Leadership.
It’s been good but we’ve also shifted the dial on where we see recruitment going forward so looking at external courses for myself and the team hear on Kaizen, NLP and business processes. The best investment you can make is in your own self-development. Or in Apple 😉"
What is/was your job search/interview process like?
"I’ll frame that in the context of how we hire at InfoSec.
So, making the interview process as interactive as possible, involving and encouraging the interviewee throughout with lot’s of two-way dialogue is really important to us.
We go very in-depth and run psychometric personality tests for all applicants to ensure we have some empirical evidence on how that person is likely to behave as well as how best to lead and manage them.
We ask for a 15 minute presentation as well as running panel interviews with members of our team so that they are actively involved in the selection process. As a small business, ensuring we get people who first and foremost align to our values is paramount – if they don’t hold them same base values as us, they won’t be joining the business regardless of their delivery capability.
Culture takes years to build but minutes to destroy if you hire the wrong person."
Any setbacks/low points in your career so far?
"Many. I set up InfoSec 12 years ago and there have been moments of extreme lows and soul searching as well as some euphoric highs. Anyone who has set up their own business and survived beyond 3 years has paid their ticket to the rollercoaster ride.
Thankfully, all of the challenges along the way have made me and the business stronger and better prepared for any future eventualities – the challenges have brought us to this moment and we’re feeling very positive about the direction of the business moving forward."
What is your course/job actually like? Good AND bad points!
"Recruitment and Executive Search is an incredible and fascinating career. We are fortunate to speak with a lot of fascinating people and you get a real sense of how the industry is evolving. With cyber security still immature as a sector and new positions evolving all the time, it is really satisfying to add value – the outcomes of what we do genuinely build multi-million pounf companies and change peoples lives.
It’s very inspiring.
The lows are actually more a result of how recruitment has lost it’s way. I am sure there are people right now reading this who are sceptical as to the value of recruitment – for many we rank one-up from estate agents. I understand why and the no-win, no-fee low value working model employed in contingency recruitment has fuelled this by encouraging bad behaviour.
The more retained search working practices and partnership models can be deployed in contingency recruitment, encouraging better behaviours, the more the recruitment industry will consistently add value and also be a better sector to work in."
Advice you wish you'd have had before you started?
"Be patient. Look after yourself and get balance in your life. All work and no play makes Jack a dull boy – you can’t get the years back…"
What are you working on right now?
"Where to start… I’m currently working on a critical retained CTO Search for a CIO we placed last year; we’re hiring for the team here as well as delivering ongoing training and performance reviews; we’re running into our first Cyber Cheltenham (CyNam) event of the year so pulling together speakers and sponsors for that; we’re also building our financial and operational model for 2020/2021 whilst closing out the last 6 weeks of this financial year. It’s literally all go!"
What's the end goal? Or, where would you like to be in a few years?
"At InfoSec, are on a mission to disrupt the concept of what recruitment is all about in the cyber tech sector. We are a data company who happens to do recruitment so we’re looking to become “technically enlightened” as a part of that journey.
Everyone talks about “building relationships” and “being knowledgeable” in recruitment but your demonstrable actions define you, as do living your values (not just hanging them on a wall). Ultimately, I want to be able to stand back with my team and say “we did that” one day, building some great memories and a business we can all be proud of."
Any thoughts or insights you would give to someone thinking about making a switch or starting out getting into this industry?
"For someone looking to get into the industry from a different sector – stick with it and play the game…
We hear news of the “cyber skills shortage” all the time but often people just quote meaningless numbers of unfilled jobs – what’s a “cyber job” anyway…?!
How many of those jobs are correctly scoped and benchmarked against live industry data? How many are even fillable?!
When I say play the game I mean that a lot of CV sifts go into just certifications (CISA, CISM, ISO27001 LA, etc.), so get certified. I don’t agree with certification-led hiring myself but most will, so invest in yourself and try and find roles and companies who are alive to considering people from outside the industry.
Speak to trusted recruitment companies who give you advice and also unashamedly speak with friends who are already in the industry. Immerse yourself and stay patient – it will happen. I think it would lend a lot of credibility, hearing it from someone who works in recruiting these people."
Comments