What if I told you I installed 6 AC units in my house, all of them independently controlled by 6 different nest thermostats. What if I told you I had customized the software in each nest to run efficiently and effectively in each zone specific to my environment. I also had added security systems, and cameras, and thermal detectors to make sure they were not tampered with and had fine tuned those systems to work in conjunction with my nest... then I added a server that would collect all the data and provide daily reports giving me updates and visibility and data that I could use to improve and fine tune my systems.... at some point I hope you would stop me and ask a question "Why?" Why did you want 6 AC units in your home? What problems were you trying to solve, what was the reason you needed the monitoring tools and reporting ect??? AND... what was the result? What was the outcome, did you need all of this? Did it improve your life and or solve your problem?
In a technical role, sometimes we get caught up in the tools, processes, and problems and forget to consider outcomes. Let's apply this to an interview... If we are meeting with the CIO, talking about tools, software, and problems very specific to our job is required and just fine. We need to think about what (from the CIO's) point of view would be important to know and what problems they are trying to solve. Many times that involves technical solutions, people solutions, or process solutions. However, when you are interviewing with the CEO, those concerns could be much different. Most CEO's will be focused on business outcomes, what was the impact of your actions on the business? The more metrics you can provide the better to support your position. For example: I outsourced our level 1 and 2 incident response teams... this led to a 30% reduction in overhead cost while at the same time improved our response time by 14 hours. The business impact has been quicker security response at less cost. OR... I implemented a Devops program within the company. This resulted in security partnering with the software development teams very early in the development lifecycle - this resulted in 80% fewer errors found during code reviews and increased the speed of application delivery to our customer on average by 3 weeks. The business results were... our customers received the new applications faster - increasing sales by over 15%. This is a powerful answer because it ties your people, process, and technology solutions to business outcomes that most C level professionals really care about. I challenge you (if you haven't already) to go back and tie your skills and achievements to outcomes for the business. This will up your stock in the interview and show that you understand how security can enhance and even enable the business. One great way to do this is to include a summary paragraph at the top of your resume that highlights one of these accomplishments, use metrics to show the impact on the business and make sure to include the end result or impact on the business (the result of your actions).
The example in the first paragraph is mostly what I hear during my qualifying conversations with security professionals. They give me a laundry list of tools, skills, experiences, but never tie any of those to business outcomes (or what I like to call the "So What?" part). So what does all of that mean to me if I own the business? Why do I need 6 AC units, 6 nest thermostats, and all that other stuff. Did I really need all that stuff? What was the outcome? Higher electric bills, expensive capital equipment, and lost time and money? or... more efficient cooling, tamper proof cooling and heating systems, and data that supports we are saving money over the old inefficient 3 AC units we had previously?
Al Lerberg is President and Owner of Cyber Security Recruiters - he has over a decade of recruiting experience and is part of the MRI Network (named by Forbes as one of America's BEST executive search firms)
Albert Lerberg was in ND Air National Guard where he served for 8 years. He has also held roles in sales for McLeod USA where he earned numerous sales awards. He has also was a recruiter in the healthcare niche for several years as well as a pharmaceutical sales professional. He started recruiting with Aureus Group where he quickly led the team in gross margin performance. In 2009 he opened Lerberg Group, Inc. which operates under the name Cyber Security Recruiters.