Stanton House is going to Chicago!

I am delighted to announce that Stanton House is expanding its international offering with the launch of an office in Chicago next month, precisely nine years on from our launch in October 2010.  Our initial team of four experienced Stanton House colleagues will be delivering Cyber Security recruitment solutions into the US market.  Cyber Security is one of our fastest growing specialisms and our customer research tells us that Cyber talent is one of the most in-demand skill-sets across the US. We believe our practice can add significant value to our US customers and we are excited to get going. The new offering will build on our current offering of Professional Services and Technology Recruitment Solutions that we deliver from our four UK offices, Hong Kong and Singapore.  We selected Chicago as our starting point for expansion into the US because the Mid-West way of doing business suits our customer-focused way of working beautifully. Many of our largest Global Clients are Headquartered in Chicago and it is quite simply a brilliant City to live and work.  The Vice-President of our US business, Henry Yeomans, says;  “I joined Stanton House six years ago and have had the pleasure of building two significant teams focused on the UK market.  I am excited to be relocating my life to Chicago and leading an exceptional team of people to build our Cyber Security Practice.  I have no doubt that our focus on building long-term relationships with customers, through sharing our deep expertise in Cyber Security, and operating with the highest ethical standards will take us on an exciting growth journey.” These are truly exciting times and we look forward to keeping you updated on the progress of our new Chicago offering. 

The Finance Transformation Space is Facing a Change

The Finance Transformation space is undergoing a transition of its own as organisations seek professionals on a permanent basis. Political unrest, uncertainty and impeding legislation like IR35 are pushing organisations towards the permanent recruitment market and it can only spell disaster for all of those involved. Finance Transformation programmes often seek professionals on an Interim programme as they are finite by nature and it has traditionally made more commercial sense for people to come in on an allotted time frame and then move on but recently, there has been a shift to perm. While this does concern me, I can see the commercial benefits of permanent hiring on a temporary basis. Perhaps it comes as a coincidence to ongoing legislation but many organisations in my network are at the very early design stage of their programmes and have quite the lifespan ahead.  With this in mind, it does make absolute commercial sense to have a permanent member of staff to implement and then embed the long-term programme but I also think it comes down to business priority.  As a profession, I have seen a shift from the emphasis of the ROI of a project to a focus on people. There is a newly overwhelming commitment and loyalty to people and an awakening to the fact that people are at the heart of change and that a programme might take a matter of months while change takes years to embed, and it’s an ongoing process. I do understand the shift, or at least I can try to when you take into account the economic and political climate and the impact of new technology in the space but it doesn’t mean I agree with it. The shift to permanent recruitment creates a lose-lose situation for all involved with organisations depriving themselves of the top tier of talent and that very talent, being pushed out of what has typically been a very heavily candidate-driven market. My interim network enjoy the benefits of working on a contract basis – the flexibility, the change, the excitement and the financial reward. While permanent roles bring their benefits of a safety net and paid holiday, organisations simply cannot match the financial reward associated with the interim world of Finance Transformation. As a result, organisations will either have to really work hard to attract this talent or compromise on lower-quality candidates and the candidates in question will really have to work hard to find the opportunities that once landed on their doorstep. I’d like to hear from you. Have you been impacted by this transition? And, do you think it's a good thing?

Should we be ignoring the current political climate?

For years we have heard about the apathetic millennials who are more interested in voting in reality TV contests than in General Elections but now it seems the generations are unified with the same feeling of dread.  As someone who operates in the mid-senior Accounting and Finance Space, I have always made an effort; despite my current apathy, to keep up to date with current affairs - to stay on top of political conversations across the globe and ensure I can not only have insightful conversations with the exceptional professionals I speak to daily, but also, offer my own opinions and often, advice. I have always been very much a political activist. Fascinated by the psychology involved in political decisions and the outrage that often follows. I am a regular participant in peaceful protests, marches and online debate yet, for the first time in a long-time I’m switching off. And what’s more terrifying is that I’m not alone in being absolutely uninterested, bored and quite frankly, turned off by the current political climate and the everyday Brexit chat that follows. Almost daily the ‘B’ word pops into conversation and almost daily I am told by my network of Finance Directors, CFOs, Transformation Specialists and all-round financial geniuses that they too are bored of Brexit. Fed up with the ifs, buts and maybes. Tired of having conversation after conversation that ends in the same, ‘well I guess we’ll find out soon’ and unhopeful that the three year saga will end on October 31st. For me, this is devastating. For the first time in a long time we have a huge population of engaged British voters, wanting to voice their opinions and desires from an ever-changing parliament and yet, just like that, we’re turning off the activists and followers of British politics who have always been patriots of the cause. As a whole, it seems we are ignoring the current political climate but, my question to you is, should we?

Event; How will you respond to a Data Breach?

Today we were joined by executive-level professionals from a multitude of disciplines who wanted to learn a little more about their Cyber Security. Jay Abbott and Kieron Maughan of Nellcote joined our Head of Cyber Security, Ryan Surry, to host our gamified event titled; How will you respond to a Data Breach? Our audience of CFOs, COOs, Transformation Directors and the like were thrown into a live hacking simulation - faced with a possible data breach - and unsure of how to respond.  From the initial breach, the guests had to work together in teams to work out if a hack had even taken place, where the attack has hit and who is affected. They also had to deal with a simulated press conference, concerned customers on social media and stakeholders asking questions, they might not have the answers to. Cyber can be overwhelming and it’s not something easily understood by professionals outside of the industry. Today’s event offered our network a real-life insight into a Cyber Breach as it happened and taught the professionals taking part, how to respond. Not only was the event insightful, thought-provoking and eye opening but it was interactive, fun and exciting and offered a truly unique but surreal experience, giving our executive guests the answers to take back into their own Board. Head of Cyber Security, Ryan Surry said; “I’ve worked in this industry for many years, having intelligent conversations with many fellow Cyber professionals along the way. Today was the first time I was able to take that conversation to an audience of Board members who do not specialise in Cyber, in fact, focusing more on Finance, Change, HR and other industries.  “It was truly mind-opening to see how professionals of different disciplines react in situations that we deal with every day and was equally rewarding to work with Jay and Kieron to help these leaders understand a very current issue that could impact their company tomorrow.” We will be producing a white paper to capture the insight shared this morning – to receive a copy of this paper once published, please get in touch with Ryan here.

Flying Doctors; Old Principles, New Domain

Alan Jenkins is the Head of Advisory Services at 2|SEC Consulting. He has some 30 years of experience across all aspects of security, particularly Cyber and Enterprise Security Risk Management. Alan started his career in the Royal Air Force and has subsequently held multiple Cyber Security roles, including as the first CISO for Babcock International Group in 2013. He has also worked for organisations including IBM Security, Atos Consulting, CSC and T-Systems. A NATURAL PATH I see my progression into Cyber Security as natural rather than accidental. I’m a security generalist and haven’t done anything but security in my adult life. I joined the Royal Air Force when I was 18 because I liked aircraft and wanted to be a pilot. I hadn’t thought of doing anything else since I was seven until I ended up with a navigation scholarship aged 16. Unfortunately, the RAF decided that my eyesight wasn’t up to scratch for me to fly. This forced a deviation from my dream and I then went to university as study electronic systems engineering but my heart wasn’t in it. What it did do however was give me the time to find something that I really wanted to do and that led me to join the RAF Police as a Provost Officer.  I subsequently spent much of my service on security duties until 2001 when I made a deliberate decision to get into computer network defence and information assurance – of course, we didn’t call it Cyber in those days. So, in 2002, I joined the Ministry of Defence’s stand-up CERT team as the Intelligence lead, working with Other Government Departments and Allies in the then new world of response to computer incidents. Having started in physical security, looking after nuclear weapons and so on, I worked my way up through Security on Operations at home and overseas into Information Security. That’s what drew me towards Cyber– old principles applied to a new domain. REACHING THE BOARD FOR THE FIRST TIME My role at Babcock was as CISO; in fact, I was the first Group CISO at Babcock. I was initially only responsible for Cyber-related matters but subsequently picked up the broader security coordination task across the Group as we made progress with our Cyber improvement. I relished it. It was a significant career step as it was the first time that I was at the pinnacle of security capability; I wasn’t reporting to a higher level in another company - this was my first UK-based outfit and part of the attraction to me was that it put me into direct contact with the Board for the first time.  I had to up my game – I’m not saying that I got it right straight away but after some years in the game, you know how to hone your craft and apply good practice. It was genuinely a new role, it wasn’t head of IT Security, it was a CISO role and that’s something Babcock did right. A PROTECTIVE MINDSETWhile I progressed through the different facets of security, for me, the mindset remained on protection. However my nature and environment fashioned me, protecting an enterprise, it’s people and assets. That’s what has always appealed to me. I would say over the three decades I have been working within the space, the industry hasn’t progressed enough. People still don’t have all the answers to Cyber; many think it’s only a technology problem. That’s not to say it isn’t but it isn’t the only problem. The technology space is perhaps where we have made the most progress but just thinking Cyber is about technology or defending IT infrastructure actually misses most of the problem. It brings us back to the HR debate: how do we develop the people? That’s where the greater problem lies. PEOPLE, PROCESSES AND TECHNOLOGYThese are three things to keep in mind always. You can’t attack one pillar in isolation to the other two; simplistically, you have to tackle all three in concert - if you don’t, the weakest or lowest hanging fruit will be the thing to trip you up. If you don’t bring the people along for the ride, if you don’t optimise the process flows to minimise human interactions and integrate the technology effectively, your technology investment will not deliver full value to the enterprise. THE VIRTUAL CISOSmall and Medium Enterprises (SMEs) need someone to offer a vision, to map out where the business is at with their Cyber Security and figure out what is right for that organisation at that time - this has to be aligned with the business strategy. This is what they should look for from a CISO but, I do not believe SMEs need a CISO permanently. Firstly, SMEs can’t afford them – fully capable CISOs are rare, expensive and demand exceeds supply. Secondly, having developed and delivered that vision piece – they no longer need a full-time CISO. What they need is for someone to drop in occasionally, increasingly referred to as a Virtual CISO (vCISO).  I and others have been developing this concept for some time now: I liken it to that of the Flying Doctors – the vCISO drops in from time to time to review the agreed road map with the business check on progress, check the implementation plan is still right for that business and adjust as necessary while also being on call for remote consultation as the need arises. SMEs really need to look carefully at the cost/benefits and determine what they get for their money. It could be a virtual CISO, a temporary or an Interim CISO for a fixed term: an SME simply doesn’t always need a full-time incumbent. The SME needs expertise and guidance on call but once embarked on their capability improvement journey, they don’t need a CISO for 240+ days a year because they won’t provide that ROI. The CISO will be tracking progress, reporting and simply, I don’t believe you need that person every day of the week. The business is inevitably focused on whatever line of business they are in; the CISO has to talk to the business but, the business doesn’t always have time to talk to the CISO. The Board doesn’t meet every day of the week nor even weekly but the CISO should bein attendance on a routine basis, not reporting by exception - with bad news! THE IDEAL CISOTo be that all-important leader - and that in itself is different to a manager – the CISO needs to be able to come in and sell a vision. That vision has to be linked to; and supported by, the business and the CISO needs to be able to communicate that message to the Board in their business language, not in technical jargon. The CISO should have expertise around programme management rather than project as it’s often a series of activities, many in parallel. The CISOs role is to articulate and sell that vision and make sure there are success criteria in there, the measures of success of that criteria, with a link to fiscal targets; whether that’s spend targets or return targets, and what are you getting for your money. This is still a huge weakness for us. The ROI for Cyber investment is not good: there is stuff happening in this space but it’s still not mature and not yet universal in use as a result. Enterprises need to think carefully when looking to hire that ‘Ideal CISO’. It’s not just a label and then letting them get on with it. If you’re looking to appoint a CISO, whether to work as an Interim or on a full-time basis, then they need to be connected with the business, not just IT. Perhaps controversially but I don’t think the CISO should report to the CIO. It’s not all about IT, they’re often rebadged Heads of IT Security and that’s not all that the business needs from the role. After all, the CISO often calls out the CIO for taking on too much risk as they prioritise availability.If the CIO’s main function is to keep the lights on, availability will also govern the CISOs priorities. Security often needs to look much harder than IT to know what was the root cause of an Incident. It’s all about understanding and prevention. Most often, the security function is there to do the thinking that the business doesn’t do, it’s almost a mindset piece, looking out for the things that can go wrong. I have found that there’s too much optimistic thinking and not enough pragmatic thought about untoward things happening whether by accident or design, i.e someone overstretched cutting a corner to get the job done rather than some more malicious motivation. Security is there as a check and balance, not there to slow the business down but to give more thought about what is happening and how to prevent it or reduce the impact and that’s often not the priority of the CIO. Hierarchies and divisions of responsibility need to be right between the roles but an SME or smaller company doesn’t always have the luxury to afford this. This is where a virtual CISO becomes helpful and offers a perspective that they wouldn’t usually get, providing this is positive and aligned with their business needs. It’s also hard to learn from others if you spend 30 years in the same company.A CISOs role is to make sure all of the day-to-day roles come together to secure their business in a cohesive manner. Security is a horizontal activity, not merely a vertical one in the IT space: it’s also everyone’s responsibility!  In an ideal world, we wouldn’t need a Cyber department as the workforce would all protecting the business. Then there is Security’s Achilles heel – the good are most often playing catch up with the bad. We have to get more pro-active rather than the more usual reaction to events after they have occurred. Security is neither an art nor a science, it has to be a hybrid function. For full access to our white paper - The Evolving Role of the CISO - please follow the download link and join the conversation, should we segregate IT and Cyber Security? Do we need 'flying doctors' rather than in-house security and is Cyber Security - everyone else's responsibility?  Download our CISO white paper

Seeing the value of flexible working

One and a half years ago I decided it was time to move roles. I had a young family, a short-commute and was in desperate need of change. The problem was, that all of the companies I wanted to potentially work for, were based in Reading which was a 50 minute commute, in rush-hour and soon realised that I needed a dynamic work environment that offered me the flexibility I needed to balance my career with my family - it was surprisingly hard to find. I decided it was time to look for roles that allowed flexibility and not just an attractive flexible lifestyle or an early finish on Friday. I needed flexibility and relied on it to balance motherhood with work and became determined to find a company that would allow me to do so - It was my one and only, non-negotiable. I spent several weeks actively looking for businesses that would enable me to work on a four-day week contract, with one of those four days spent at home. I promised to bring my impeccable track-record of building teams, my unrivalled work ethic and my commitment and passion for people and pledged to prove that flexi-workers, part-timers and working parents are just as capable and successful as any other. Despite this, it was hard to find and in fact, Stanton House was one of very few recruitment businesses to see the benefits of flexible working and put simply, it was an easy decision to make.16 months later and the business is continuing to show me how invested they are in their employees through our newly-established Wellbeing Committee.  Just last Wednesday we sat around a table with our Board and pitched to them a long list of incredible initiatives, incentives and programmes that we would like to introduce to our business to help our employees thrive – inside and outside of work. It was both a surreal and memorable moment.  Our Board in unanimous agreement that we should go-ahead and implement this collection of short and long-term initiatives – all in a bid to improve the Emotional, Mental, Physical and Financial Health of our people. I had gone from discussions with recruitment business after recruitment business, being told time and time again by senior management that they saw the benefit of hiring me but not a four-day contract to this. To a room where consultants aged 23 and above were pitching their ideas to the Senior Leadership Team and they were nothing but empowering and supportive. For me, this is how you retain your employees, build loyalty and gain trust and I thought I’d share the story with you to encourage as much of my network as possible, to try and take the same message into their own environments.  Do you see the benefits of flexible-working? 

Do contractors in start-ups feel more valued than those in corporates?

We hear all too often that start-ups allow you to thrive. You can climb the ladder, work from home on occasion and possibly be privy to free pizza on a Friday but, what are the benefits to a contractor within the HR Transformation space and are they unrivalled in a start-up firm? HR Transformation professionals are increasingly looking to smaller companies as a way of feeling valued in an age when they are forced to compete with the technology they are hired to implement. Change Management professionals are vital during an HR transformation. They are required not just to introduce a programme but also to embed the change that is required within the culture and across the workforce as after all, it’s the people who need to evolve with the technology that remains beyond the implementation itself. As a society, we do not all deal with change well and Brexit, IR35 and the onslaught of GDPR can verify this. Employees are no exception.  Transformation professionals help make the transition smoother and ensure that when their contract is over, your workforce are equipped to continue to support ongoing change. But, if the longevity of change is evidently just as valuable as the technology implemented – why is there such a disparity in how HR Transformation specialists are expected to deliver in big corporates vs start-ups? I recently met with an HRIS Programme Director who spoke about the love-hate relationship she has with the technology she has delivered time and time again across a span of different types of companies. While enjoying her role, she discusses the rivalry she feels between herself and the software - How together they make huge change and it’s the technology that is coined revolutionary and somewhat heroic. She spoke about how she can limit this feeling within a smaller company.“HR doesn’t just impact HR, it impacts everyone and therefore it’s my role to help embed change within an organisation and across its workforce. Despite having quite, a big responsibility, I feel almost invisible – blinded by the sparkly new technology that I help introduce. “I don’t want to be a cog in the works. I want to be adding value and I want that value to be not just recognised but appreciated too. You need to embed that feeling of empowerment within the people you are working with and in a start-up, you not only have the ability to make a greater impact across the floor but also, you have a voice that is heard by stake-holders and a responsibility larger than the one you may have in a larger corporation.” For full access to our recent white paper – Are you too corporate for a start-up? Follow the download link below. Download our white paper

Does the Ideal Data Scientist exist and where do they come from?

We recently produced a white paper, focused on the human face of Data Science. We explored the evolution of the Data professional, the relevance of the phrase ‘Scientist’ and questioned whether we should scrap the term altogether, replacing it with a list of more specific job titles. We also battled with the idea of the Ideal Data Scientist and questioned what they looked like. Were they educated? Personable? Analytical? Or, perhaps creative?  To reach some sort of conclusion, we decided to ask the question to our network; made of more than 2,000 Senior Data Science Professionals and the organisations that home them.  They were equally torn on the matter of the ‘ideal education’ as 50% stated that the ideal professional had a degree, PhD and further post-doctorate while 46% believe they should be non-degree educated and just 4% said a degree with no post-degree qualification would be ideal. For me, this debate is fascinating. I completely agree with the principle that Data Professionals may or may not require an education but there are many different considerations that need to be taken into account first. This includes their primary objective as a new hire, the working environment and the type of industry. If you are working for a media company for example, you need to be more creative to fit both the brand and its internal messaging while if you work in the Financial Services sector – you need to be more analytical. Don’t get me wrong, a Data Scientist always needs to be analytical. They need to be able to spot the trends and then come up with a solution to any problem that arises as a result, however, if we think to the profile of a Data Engineer, they need to be more hands on and technical and a PhD would almost be irrelevant.  It is vital when considering a new hire that you think about the role they play and not just the title we bestow upon them as the term ‘Data Scientist’ spans across so many different disciplines. Equally, there isn’t a one-size-fits-all approach.  Every company should look at their own requirements before thinking of a key profile of a person they need to solve the problems. You need to think firstly, what are your key problems and then secondly, how are you going to solve the problem or who is going to help you? Do you think the ‘Ideal Data Scientist’ exists? Or, do we need to think about the professionals we bring in to carry our businesses forward on an ad-hoc basis? Join the conversation and in the meantime, download a copy of our white paper ‘The Human Face of Data Science’ below.  Download our Data Science white paper

Take 11 people, terrified of heights, and ask them to jump out of a plane...

Take 11 people, terrified of heights, and ask them to jump out of a plane… 10,000 feet and 30 seconds free-fall later and it seems the team have faced their biggest fear yet. Each of them strapped to expert Skydivers for their tandem jump, overcoming a shared feeling of dread, plunged 10,000 feet onto a field near Salisbury and it wasn’t just for the fun of it. The team deriving from our Edinburgh, Reading, Guildford and London offices raised almost £5,000 for our charity partner EducAid, adding to the grand total of more than £30,000 and raising enough to home, school and feed 15 more children in Sierra Leone for an entire year. Chief Customer Officer, Nick Eaves, was among the jumpers and said; “It was inspirational to witness each member of the team overcome their fear for such a great cause.  Massive thanks to the generosity of our friends, family and customers in ensuring that these efforts make such a meaningful difference to the lives of young people.” You can congratulate Tim, Jess, Jake, Elle, Rich, Matt, Ryan, Josh, Nick, Nina and Kirsty on LinkedIn or continue supporting their skydive on our Wonderful page here.  

What constitutes a great CISO?

In our recent white paper; The Evolving Role of the CISO, we interviewed Roy Whitehead – an established security professional with two decades of experience at the likes of Barclays, British Energy, Volvo, Jaguar Land Rover, British American Tobacco and Thomas Cook. He describes himself as damming in his opinions towards most CISOs - comparing them to ‘heads of level folk’ and explores the idea that they are far too junior to be tackling a role that protects the security of an organisation. He raises the argument that security is the most important aspect of any organisation and therefore requires a more senior level of CISO who have a far more diverse career history across IT and business management. This got me thinking. What does constitute a great CISO?  For me – a great CISO's characteristic falls into five categories; Experience. From the technical experience to the hands-on, this is vital for a great CISO. They should be well equipped with the knowledge and understanding of how to use different platforms and how to manage different functions.Likeability and Communication. As a CISO, you need to be not just understood and appreciated but liked too. This is how you get buy-in from non-security personnel. Rather than sitting in an ivory tower and speaking a different language, CISOs must be accessible and remove the jargon from every conversation to ensure their demands are understandable to key stakeholders. Over time, their relationship with the board can become more transparent as executives learn to put more trust into the strategies, suggestions and requests made by the CISO in return. Starting from scratch. In my experience, a CISO that has built a function from bottom-up is usually a great one. The ability to mature a security function in the public sector for instance, where all stakeholders are risk adverse, bureaucratic and dismissive of security as an integral business principle – that is impressive stuff.Getting your hands dirty. Decent CISOs aren’t always derivative from that environment but the same qualities can be recognised in a professional who has been able to open or expand a security function without using a managed service provider for instance. A person who is happy to get their hands dirty and get stuck in with the hands-on technical requirements. Ability to Align Security with Business Goals. A great CISO knows they are not there to control the business, but there to enable the business to do what they need to do in the most secure way. Great CISOs align their strategies with their firm’s mission values and understand how to communicate with business leaders in ways that are culturally aware, whilst enabling those leaders to make effective decisions. More importantly, a great CISO will always be playing a balancing act between what is good for security and what is good for the business.In the paper, Roy describes his ideal CISO as a person equipped with a plethora of security qualifications, the ability to liaise, negotiate and conversate with non-security professionals and also, have experience in senior management roles in as many industries as possible. For me, it’s simple. To be a great CISO you need a blend of security and general management experience – enabling you to build and maintain a security function while getting stakeholder investment, employee engagement and credibility throughout the organisation. For full access to Roy's and our other contributors interviews, please follow the download link to our white paper below.  Download our Cyber white paper

Creating magic, all in a day's work

We recently hosted an event for women in business and it was magical. Of course, my colleagues came back from the event and told us about how successful it was in empowering, engaging and inspiring the audience but I can tell how truly extraordinary it was by the feedback I still get today. A Finance Director in my network contacted me this morning having read our 'Having a Voice at the Table' white paper and said that one quote really resonated with her. It was by newly promoted CEO of IRIS Software Group, Elona Mortimer-Zhika.  Speaking of her former promotion from CFO to COO, Elona said; "My job is no longer to know the answers but to ask the right questions and connect the dots” and this truly resonated with her. She said; "This is something I’ve recently seen first-hand by sitting around the table with my seniors and executives where they do listen and take counsel as the accept they don’t have all the answers. "This idea of being master of everything is a myth and I’m so relieved to read it reinforced by others. It is a message that not many leaders or mentors openly share!" This was a perfect reminder of why we produce the content that we do and why we host such magical events. For your copy of our white paper - Having a Voice at the Table - please get in touch.   Download our white paper


Interim Financial Controller £450 - £500 per day Hampshire Penetration Tester/ Code Reviewer US $40 - US $55 per hour St Louis, Missouri IT Digital Director £80,000 - £95,000 per annum + benefits London Group Financial Accountant£60,000 - £70,000 per annum + bonus + benefits Watford Data Migration LeadNegotiableLondon Talent Acquisition Speciailist£30,000 - £35,000 per annum + bonus + benefitsLondon Quality Close Lead£800 - £1,000 per dayLondon A wider selection of current vacancies can be viewed on our opportunities page or get in touch for a confidential discussion about how Stanton House can help you hire great people or assist with your own career goals.

287 result(s) found