It would also be very useful if you would actually describe what the requirement is,
in terms that are not (as this obviously was...) excerpted from the HR job-board posting that was most likely cross-posted everywhere else you could think of.
Don't tell us "what the skills are." Saying that you want "kernel compilation" and "shell scripting" merely reveals (sorry...) that you don't really know what you're asking for.
(Hold on a second! I am speaking candidly and plainly, and of course, opinionatedly, but my intent is not to insult you or to offend you. Read on.)
Tell us "what the job is to do." Frequently, security professionals work on a contract basis and they do so remotely, knowing that once the fire is out the perceived need for a fireman quickly fades. If you've suddenly discovered for the first time that you've been hacked, or if you have some regulatory-compliance issue breathing down your neck, you need to know what
to ask for, and how
to ask for it. A good
security pro is, frankly, a great deal more savvy than the clients s/he works for, and the ordinary HR post won't hook the good fish. If the posting reveals a fundamental ignorance of the requirements, as (sorry) this one does, no one will hit it.
If you actually want your company's computers to be cleaned and secured, and provably secure,
approach it in the same way that you (or your landlord) contracts for, say, fire-protection or a watchman. There are well-defined objectives and deliverables; contractual requirements that must be continually met.
"A contract" is often the best
business arrangement, at least for your tag-team or the trainers, because it is
contractual: contract law provides much stronger recourse, in the event of "breach," than human-resources law, which is built to protect the employee. Furthermore, in security, "you are primarily interested in the results obtained." You want to buy that,
not "a smart butt (ahem) in a chair."
I suggest that you surf some of the very-best-known sites, such as http://www.counterpane.com
, and carefully observe what their business approach is. They know the business. How do they
approach you, as a prospective client? It follows that, if you wished to approach them
and to attract their serious interest, your strategy would need to be similar.
Furthermore, the act of sitting down and developing that strategy .. of deciding, "what do we need here?",
or maybe of deciding, "you know, we really don't know what we need here, so how can we find out?"
, might prove to be the first real
step that you and your company will go through in its quest for meaningful security.
is power." Security is not a product,
it is a method.