Tuesday, March 18, 2008

The InfoSec Group: larger organization, more agile search firm than ever

We're three times the size we were last year. The InfoSec Group now has -- in addition to myself -- three recruiters, three researchers and a Vice President of Business Development. We are able to conduct the most difficult searches -- searches we were never able to conduct previously. A recent example of the power of numbers is when a client had a difficult search, we were able to focus the entire organization on that one search. Most other search firms either don't have the people to do this, or they are not structured in a way to allow for this.

Tuesday, March 20, 2007

At RSA: The InfoSec Group Is First Search Firm to Sponsor SC Magazine Awards Gala

The InfoSec Group Sponsors SC Magazine Awards Gala

First Search Firm to Support Security-Industry Event

NEW YORK, Feb. 5 /PRNewswire/ -- The InfoSec Group, the premier security search firm specializing in sales, sales engineers, channel managers and product managers for security vendors, debuts as an associate sponsor of the SC Magazine Awards event. Presented by Haymarket Media’s monthly for IT professionals, the 10th annual awards program honors the people, companies and products that help fend off the myriad security threats confronted in today's corporate world.

The high-tech, multimedia awards ceremony is being held on Tuesday evening, Feb. 6, 2007, at the Hilton San Francisco, in conjunction with the RSA Conference 2007. Companies and products are lauded and the Chief Security Officer of the Year is announced at the largest IT security gathering of its kind.

Gill Torren, the magazine's sales director notes that this event traditionally draws the world's leading information-security vendors as sponsors.

"We are delighted that The InfoSec Group has broken the mold and is participating as a 'non-endemic' sponsor," says Torren. "The InfoSec Group recognizes that SC Magazine's print, online and events platforms are unique in their ability to reach the industry decision makers that they seek."

"We see this as an important opportunity to support our client companies and prospect clients, and at the same time solidify our positions the superior search firm of choice for security vendors," says Barry Silber, CEO of The InfoSec Group. "The audience couldn't be more on target for the use of our services. We already are looking toward sponsoring the 2008 Awards Gala."

Other event sponsors are Qualys and ESET at the platinum level and CA, Marshal, Ltd., Mirage Networks and Rapid7 at the associate level.

About SC Magazine

SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand's portfolio includes the SC Magazine Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.

SOURCE SC Magazine

Tuesday, January 23, 2007

Up to $9 Million investment available for Computer and Network Security Start-up(s)

The InfoSec Group is working with a private investor with up to $9 million available to fund a computer and network security start-up(s) with at least some traction in the market.

Here are some of the criteria:

  • Revolutionary technology; no "me too" products or services
  • Has some traction in the marketplace with actual sales
  • The larger the average deal size, the better
  • Company should be willing to bring on VP Sales (and possibly CEO) with mutual agreement of both the company and the investor *

Any leads, folks? (Please see comments for more details)

* The investor already has someone in mind for the VP Sales, a very high performer from the computer and network security space.

Thursday, January 18, 2007

Consolidation in the Computer and Network Security Industry

There are four reasons someone might be concerned with consolidation in the computer and network security industry:

1) For purchasers of security technology products and services: they want to make sure their vendor will still be able to maintain the product service after purchase
2) For security vendors VP Sales and CEOs: they are wondering how this consolidation is going to affect their ability to sell their product or service
3) For security vendor company Investors: they are concerned about how this will affect their "exit strategy"
4) For clients and candidates: wondering about how tight the job market is ("How hard will it be for me to find the right job?" or "How hard will it be for me to find the right person for this position?")

Consolidation affecting the Purchasing of Security Products and Services

At the end of 2002, Marcus Ranum wrote an article Dog Eat Dog talking about how security consolidations are creating problems for entities wanting to purchase the best security products (The full article can be found here: http://infosecuritymag.techtarget.com/2002/dec/logoff.shtml). "Best" becomes the products produced maintained by companies that will survive, not necessarily the best technically. How many security companies have been purchased since that article was written? Off the top of my head I can think of these:

Symantec Acquired Sygate
CheckPoint Acquired Sourcefire
Cisco Acquired IronPort
BT Aquired Counterpane
IBM Aquired Internet Security Systems
RSA Acquired Cyota
EMC Acquired RSA
McAfee Acquired Citadel Security Software
Juniper Acquired NetScreen

Am I forgetting any? In light of all this news, candidates and companies ask me the question about "consolidation in the industry". But they are asking for a different reason than a potential purchaser of a security product or service.

Consolidation affecting Product Sales

Marcus writes: ...customers will have to learn that a vendor's size doesn't mean that they'll survive the lean times. Savvy customers will start to examine vendors' financial records and management histories to try to avoid investing in futureless products. In some cases, this means you'll have to reject a good product in favor of an average one from a company that looks like it will survive. In the meantime, customers will have to learn that a vendor's size doesn't mean that they'll survive the lean times. Savvy customers will start to examine vendors' financial records and management histories to try to avoid investing in futureless products. In some cases, this means you'll have to reject a good product in favor of an average one from a company that looks like it will survive.

Of course, most people purchasing products aren't reading Marcus' articles or blog entries. If they did, they would sadly go with a more stable company over one that had better technology -- so they would decrease the risk of the product becoming extinct. The real main reasons are different, but related, in my mind. First, people want to buy from brands (well known brands, from bigger companies). Second, through packaging and embedding, the bigger branded companies are making it easy for purchasers to make the purchase -- many times with no discernable increase in price. If a small subset of the total security solution (let's say for example, messaging security) is being purchasing anyway, do you think you a purchaser will buy a technically superior niche product on top of this huge security solution package (which already includes an acceptable, but not perfect, messaging solution)? You tell me!

Consolidation affecting Exit Strategy

"Exit" is now synonymous with a) acquisition and/or b) IPO -- with acquisition being the strongly preferred way of exiting these days. IPO is so pre-internet bubble burst. But there is a third "exit", right -- building a profitable company the old fashioned way?

Back to Marcus: Investors never realize the kinds of profits they expect by simply growing a profitable business and collecting dividends; that's simply not done anymore, particularly in the high-tech marketplace. And as consolidations happen, this route appears more attractive to other smaller start up companies, with millions in cash and prizes to the founders. So my guess is that consolidation will feed more consolidation. It's not only perfectly acceptable to be acquired; it's an honor -- and a mark of achievement.

Consolidation affecting the Job Market

The acquisitions in our industry for the most part do not end up decreasing the people directly associated with the security practice. Mostly, companies are acquiring companies that will continue to function as business units. And because the acquired companies are niche players, the acquiring companies realize they can't afford to loose a single person with knowledge of that niche. This means Sales folks, Engineers, Developers, Product Managers and Product Marketing Managers are safe. Obviously positions that become redundant, are not necessarily safe, such as HR, finance, administration are not. This is generally speaking of course.

Consolidation's affect on the job market has to be considered in light of the "worker shortage" trend. By most prognostications, this new upcoming shortage will make previous shortages look pale by comparison. Even if the possibility exists that consolidation will somehow decrease the number of positions available, it will be more than offset by the ever increasing shortage of qualified candidates.

Another way the consolidation is affecting the job market is the changed perception on the part of a candidate towards any particular niche after an acquisition. Many candidates will wonder after an acquisition of a small niche player by a super-large branded company whether there will be able to be any real competition in the niche -- and does that mean sales will be fall flat -- and thus the company will day)? The positive side of that coin is that once a niche player is acquired (or goes IPO for that matter), it becomes "hot", at least for a little bit. And for many candidates, the prospect of joining a company with stock options becomes much more attractive.

Those are my thoughs. Please share yours.

Friday, December 22, 2006

Recruiting Process, Methodology, Systems and Technologies

I am not sure if you can see the illustration I have uploaded of the various steps in my firm's search process, but I guess the point here is we actually have a process. In fact, what may seem rather seamless to most (and seamful to a small number of others, darn!), are in fact a number of well detailed methodologies and systems for connecting the top performers with my elite clients. Some of these are interviewing style or the proper progression for asking for information from a candidate. Others are technological in nature. I want to outline some of these mechanisms, so you know. And as they say in my business, it's better to know than not to know.

First, we have a synthesis of a number of recruiting methodologies. The standard around which all other methodologies are measured is the Morgan Methodology. It's creator was one of the first people that actually standardized how the day of a typical recruiter should go, and how much time should be spent on each function. A hallmark of this system is the motto "It's not personal, it's just business", when dealing with candidates (and I suppose dealing with clients as well). I believe this gets translated by some recruiters into the idea that people are just numbers. So if you ever got blown off (or turned off) by a recruiter before, maybe that's the reason. But to be good in this business, you have to have good relationships with those you work for. And although the client company pays our fee, make no mistake about it, we work for the candidate as well -- especially in this job market. I don't know if it's achieved the level of "methodology" yet, but there is a new school of thought lead by people like Greg Doersching who leverage technology so relationships can be strengthened. I hope that my firm is taking that to the next level by building lifelong relationships with all the people that are involved in the process (on the client side and on the candidate side). More on this in a different post, perhaps.

Second, we have a unique recruiting-oriented database that allows for access anywhere in the world, via an ASP (if you don't know, this stands for "application service provider" aka "on-demand software") model. We can access our information anywhere in the world there is a browser. One thing we have been working on for years is tracking network and computer security companies throughout the world, but especially in the US (we are tracking almost 600 now). This doesn't just mean we know the company name. This means we know the top execs (as well as the front line superior Sales/SE/PM performers) with contact information. Funny thing is, if you are a top performer or a C-level executive in the network or computer security realm and you contact us, we most likely will have been watching you (in a good way, hopefully in a non-stalker way). Incidentally, we happen to be using the software that 3/4 of all "Big Billers" uses. This outsourced function is an important fact, because our core-competency is not database maintenance -- it's finding awesome people for awesome opportunities. But this isn't the only thing we have outsourced.

Third, we have an email newsletter that goes out containing all the open positions we are recruiting on. It goes out infrequently, but this is also completely outsourced as well. We like for candidates to know what opportunities exist. We don't like the idea of anyone associating our name with spam. So the particular company we use has a very easy way to unsubscribe. This list of subscribers is maintained by the email newsletter company, and separate from our database.

Forth, we have an online appointment scheduler (again, an ASP). It allows any candidate to look at my schedule and pick the time that would be best for them to talk to me, and immediately schedule a meeting with me on their own, without an assistant coordinating. If we didn't have this, we would have to propose to each candidate a time to speak and then we would have to hold that time slot open while we were waiting on their response. This isn't efficient or effective.

Lastly (well for this online entry at least), we have a number of sophisticated networking and research tools for finding passive candidates. We don't have Monster, CareerBuilder or Hotjobs. These boards yield a plethora of active candidates to sort through -- most not exceptional -- and this take us away from true recruiting. We are recruiters, we should recruit. Whoa, what a concept! I believe this is one reason why our candidates are exceptional. True recruiting: we find the passive candidate, we sell them on the idea of keeping our eyes open for the right thing, we actually listen to what they are really looking for and why they would be looking (again, what are we thinking?!), and then contact them when we think we have an option that might be a fit.

This isn't the only technology we use to leverage our time. For example there's the software we use that monitors our clients (as well as other industry websites) to let us know when a new position has been posted, even if the hiring manager forgets to pick up the phone to tell us. We call them. Then we call you.

My Recruiting Firm: Network and Computer Security Sales

My firm is a search and placement firm specializing in computer and network security 1. Sales, 2. Sales Engineering (SE) and 3. Product Management (PM). But here's the real deal: the only reason any of these three are a focus is because that is where the market has pushed us. These are what companies are in need of, so these are the areas we recruit. Company need (or at least perceived need) drives our efforts.

When someone asks me, "what is the market like these days?", I can answer from my own perspective, which is the market of candidates by companies; not the market for security products or solutions by businesses or individuals. Keeping this in mind, I can say that the need for people who know what they are doing in the security Sales, SE and PM realms is very high, and in my opinion will get tighter -- and I suspect this is the same for a number of technological niches. Although it's a candidate-centric market now, it's about to become a candidate-scarce market. And this is why I will have a job for the foreseeable future (yay).

If you are worth your salt in the security realm, the world should be your oyster. If it isn't, lets talk. If you are representing a company not seeing the kinds of people you should be seeing, let's talk. After I have talked to both of you, I'll create an introduction. :-)