Exploiting the Recruitment Process
- 1. EXPLOITING THE RECRUITMENT PROCESS Jason Frank Director, Adaptive Threat Division Veris Group, LLC Doug Munro Director of Recruiting Veris Group, LLC
- 2. AGENDA • The Recruitment Process Resumé Recruitment Screen Technical Challenges Technical Screen Management Screen Cultural Fit Test • Summary and Wrap-Up
- 3. Resume Recruitment Screen Technical Challenges Technical Screen Management Screen Cultural Fit Test Hire Decision THE FULL RECRUITMENT PROCESS
- 4. THE RESUMÉ – WHAT WE ARE LOOKING FOR Main Criteria: Do you have the passion to be successful? Have you presented anywhere? What projects are you working on? Do you have a blog? Are you attending meetups and conferences? • Do you have a relevant technical foundation? • Are you well-rounded? • Are you current with your tools? • Can you express methodologies? • Do you have relevant meaningful certifications? (OSCP, OSCE, OSEE) Shannon Lucas Former Drummer for Black Dahlia Murder
- 5. THE RESUMÉ – THE FINER POINTS Clean, Easy-to-Read Resumé • Arial, Helvetica, Verdana • Align text left • Strategic use of italics, bold, CAPS, and bullets • Tailor your keywords • Use Grammarly or LanguageTool to avoid mistakes
- 6. THE RESUMÉ – TELL US A STORY • Show a progression • You have 1/3 of a page to capture attention • Align your online profiles to your resume • Social media follows you to the grave
- 7. RECRUITMENT SCREEN Purpose: To determine if we are going to be able to accommodate the job and lifestyle requirements • Motivations for Change? • Certifications • Clearance or Clearable? • Experience Levels – Penetration Tester Senior – 5 to 8 Years of Experience Mid – 3 to 5 Years of Experience Junior - 0 to 3 Years of Experience • Travel Requirements – 25%
- 8. TECHNICAL/WRITING CHALLENGES Purpose: To assess the candidate’s ability for critical thinking, resourcefulness, and written communication • Scripting Challenges – Problem Solving • Online CTF Exercises • Technical Write-up of Thought Process • Report Corrections Missing Details Clarity Grammar
- 9. TECHNICAL SCREEN Purpose: To determine the candidate’s technical depth • Review the technical challenges – ensure full understanding • Know the tools and technical resources highlighted on your resume • You will be asked • Looks better if you admit your knowledge is limited • Tools and Methodologies • Deep dive into concepts and technical details • Evaluates depth of understanding
- 10. MANAGEMENT SCREEN Purpose: Determine how you fit within the team • Complete overview of company and team direction • Are you onboard? • Is this a medium term commitment versus a near term solution? 3-5 year option versus monthly In services, longer term direction is dependent on people • Address questions, concern, or compensation
- 11. ONSITE INTERVIEW Purpose: To determine if you are a cultural fit within the team • Every team has a persona, do you mesh? • Interface with multiple people at various levels on the team • Discussions occur for every potential hire • Red Flags Attitude Excessive Ego Closed Mentality – Knowledge Sharing
- 13. ADDITIONAL TIPS • You are more than your resume, prove it • Be responsive to requests during the recruitment process • Create and contribute • Ask questions • Participate in the industry • Show your passion • “10 Things That Require Zero Talent” - https://www.linkedin.com/pulse/10-things-require-zero-talent-donn-carr • “10 TIPS FOR ASPIRING SECURITY PROFESSIONALS” - https://enigma0x3.net/2015/04/15/10-tips-for-aspiring-security- professionals/
- 14. RESOURCES – DO YOUR HOMEWORK! • Figure out the message of your target and review their content • Company Blogs and Personal Blogs of Employees • http://blog.harmj0y.net/ • http://www.exploit-monday.com/ • http://www.sixdub.net/ • https://enigma0x3.net/ • https://implicitdeny.org/ • http://www.rvrsh3ll.net/blog/ • http://xorrior.com/ • http://invoke-ir.com/
- 15. QUESTIONS?