“I don’t think the recruiting agencies and head-hunters have really caught up with the new role of the CSO,” says Peter Martin, vice-president of special operations with AFI International, who previously worked for Securicor, an armoured car and security services company. He was approached by AFI a year before agreeing to go work for the company.

Most companies rely on peer recommendations and align themselves with organizations such as the Canadian Society for Industrial Security (CSIS) or American Society for Industrial Security (ASIS). The vast majority of jobs are communicated on an informal basis through this peer network, without making the newspapers or even being posted. Often, one hears about a job by making contacts within a particular organization and staying apprised of job openings.

“It really highlights the need for networking in the security industry,” says Martin. “Everybody knows everybody.” For companies that don’t promote from within, he added, you’re likely to find senior security positions vacant for longer periods of time than in other, more traditional functions, such as finance or operations, because of a lack of qualified individuals out there. “Most of the people who are very good are already employed,” he says.

This means recruiters find someone they like and try to lure them away. “I’ve done it myself — I identified individuals when I was head of security and I would recruit the hell out of them,” he says. “I wouldn’t employ a recruiting agency to do it because I circulated in the same circles, so I would target them.”

A more formalized recruiting process could help to solidify the chief security officer position, he added. If a recruiting agency were to come forward and recognize that as a specialty, it would help to legitimize the role of CSO, and perhaps level the playing field for job candidates.

The recruitment process is much more established in the U.S., where there are firms that specialize in security. There, the cycle begins with a client expressing a need to either develop or improve its corporate security program, says Peter Metzger, vice-chairman of Christian & Timbers, an executive search firm with offices in the U.S. and Europe.

“We typically put together a specification that will capture the information that the client expresses,” he explains, adding that candidates are then measured against those specifications. The firm also directly approaches people it believes would be good for the role, or touches base with people who are respected in the community to ask for recommendations.

“We do business all over the world,” says Metzger. “Typically citizenship is not as important as qualifications. We work with multinational clients so we recruit people for positions in Europe and South America and everywhere.” The firm would like to do more business in Canada, he added. “We’d like to understand what Canadian companies’ needs are and how they differ from our other international clients — we need someone to make some introductions to companies they think would be best suited for business partnerships with us.”

In Canada, there's not such a clear market for dedicated security positions, whereas there’s more of a focus on security in the U.S., said Dave Tyson, senior manager of IT and physical security with the City of Vancouver.

Tyson worked on the physical security side for 16 years before making the move to IT security in 1999. Now, in his current position, he focuses on both areas of security.

“Historically I have been approached on both sides of the fence but there’s been more active senior-level recruiting on the IT security side,” he says. “The physical security manager role has been more organic, local word of mouth, through ASIS security associations.”

For example, he was approached last year to head up an IT security consulting group at one of the Big Four accounting firms — an offer that he declined.

Head-hunting calls are quite common in the industry, since many companies don’t know where to look for candidates. He typically gets one or two calls a month, often to see if he knows of anyone who would be a good fit for a particular position. Many companies go to their local ASIS International chapter, which is an organization for security professionals with locations across Canada and around the world. “We recruited our last two senior security people directly from the ASIS chapter website,” he says. “We got exactly what we were looking for because the skill set is located there.”

There’s still opportunity for enhancing the process in Canada, he says, though he’s not sure there are enough head-office positions to justify the return for a recruiting firm specializing in security. Instead, they could develop relationships with the larger U.S. head-hunters, he says. But even in the U.S. there are only a few recruiters that have focused their practice around security and they tend to be small firms. However, some of the larger, more generalized recruiting firms are now getting into the security business.

“Security in Canada is a fairly close-knit group and if you want someone for a specific role, you can pick up the phone and call a number of colleagues and find out pretty much whatever you need about someone without too much trouble,” says Tyson. “The informal information conduit is live and well.”

Derek Knights is one security specialist who has used this informal information conduit. He recently left Ontario Power Generation for a job as senior security governance specialist of corporate information security with Sun Life.

“I’d seen a position on one of the professional list servs that I belong to,” he says, adding that he’s a member of several professional associations.” He called up a friend who worked for that particular organization. His friend informed him that the position was being filled internally, but told him to keep an eye on the company’s website for additional postings. When another job came up, Knights applied.

“I don’t look in the newspapers anymore,” he says, adding that it’s easier to focus a job search through list servs and professional associations.

“By using professional associations, you can zero in on jobs that are looking for people with the skill sets you’re familiar with,” he says. “Recruiters will do it the same way. When you get into the high-level security stuff, it’s a relatively small market and a small pool [of candidates].”

Through his membership in various associations, he’s made contacts in different areas of the profession. “A lot of people think I was poached but I wasn’t,” he says. “Once you’ve made up your mind that moving can be done, then it’s just a matter of which bait is in front of you.”

Gene McLean, vice-president and chief security officer of Telus, was in fact poached by a head-hunter who knew of his reputation in the industry. McLean, who is one of the few CSOs responsible for both wireline and wireless security, left the RCMP to work for the Canadian Bankers Association, where he spent just over three years before moving to Telus. A head-hunter called him about the job, and McLean tried to think of anyone he knew who might be interested. It turned out, however, that the head-hunter was interested in him. “Really I had never thought of it, and that’s how it happened,” he says.

He was also approached last year when Telus workers went on strike, though he declined the offer. “I was working day and night [during the strike] because that was a very big part of the business, to manage security through a major work stoppage,” he said. “I was approached at the end of that saying, ”˜We'd love to have your talents here because nobody else has had a strike that went that well.’”

For larger companies, the recruitment process is often more formalized, where the HR department is involved in hiring. Telus, for example, usually posts jobs in newspapers and journals, and relies on the HR department to vet candidates.

But at some point, everybody’s looking at the same pool of candidates. “With all the job movement,” says McLean, “there’s a little bit of cherry-picking going on.”