Colley says the agencies vary in quality. "Some go rooting through the house for CVs, while others do a much better job of matching CVs to the position. But if people don't meet the requirements, you just say 'Please don't send any more'."
Graeme Cox, MD and co-founder of Edinburgh-based managed service provider, dns, relies on graduate recruiters for entry-level jobs and on Harvey Nash IT director for Scotland, Rhona Hutchon, for senior posts.
"I've built up a relationship with Rhona over many years and I value somebody who understands the culture of my business, so I don't get swamped with useless CVs. If I interview someone, I want there to be a significant chance of success."
Cox says Hutchon's willingness to operate as part of his team means that he has continued to use her, even as she has moved between firms.
Before contracting her five years ago, he had used other recruiters in a more ad hoc manner, and wasn't as close to them, viewing their services as a commodity.
As a result, they weren't successful. He says he receives calls from at least five recruitment companies a week, offering candidates, and that he would be "swamped" if he tried to deal with them all.
Hutchon says that the secret to her finding the right people is networking and industry knowledge. "Sometimes, the people on the market aren't the top percentile of talent.
Through networking, you know who the trusted individuals are and which organisations are the ones that develop good staff." She also uses online advertising, user groups and attending relevant security events.
Another small UK-based recruitment agency, Computer People, has a database of 400,000, mostly from CVs sent in, from which it draws its list of security professionals.
The firm then employs a vetting procedure, including aptitude tests and competency-based interviews, to identify candidates' skills.
The result, says Mohammed Lakhanpal, who heads the company's security recruitment team, is that most candidates he puts forward are hired on the strength of a phone interview.
The qualities people are looking for vary from job to job, with some roles requiring technical knowledge and others more business-oriented skills. However, Lakhanpal usually offers candidates with track records on long-term projects that have been on time and on budget.
As with most security recruiters, though, his main criteria include integrity, reliability and an "enthusiastic pride in what they do, someone who's still in love with their job. If it's someone in testing, they want to break something then make it unbreakable."
O'Connor agrees. "They have to have an interest in security and bring an enthusiasm to it. If it's just another 9-5 job, then they're not the right person."
Cox says that despite the trend towards people with business experience but little technical background, he still wants someone with IT experience. "They need to be able to connect with the IT security team. I won't hire technophobes who struggle to open their own laptops."
Getting someone and keeping them, when skilled people are at a premium, isn't easy.
Generally, says Hutchon, most security professionals are motivated by self-development and the content of the job - and to a lesser extent by money - so giving employees the chance to work on new things and developing a suitable training package can not only keep an employee but attract a new one to the job.
With flatter management structures in IT meaning promotions are rare, recognition among peers that they have sector expertise can be a rewarding alternative, as can the chance to speak at conferences.
Developing this training package in conjunction with the employee lets them expand their career the way they want and helps with morale.
Cox highlights one graduate employee who left dns after three years to get more money. However, he returned within a year, Cox says, since the new firm didn't value security in the same way as dns.
The expanding market for IS skills means that experienced, talented professionals are as hard to find as ever, despite the recession. However, with the right techniques, they can be found and with the right package and nurturing they can be hired and enticed to stay.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
