O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Exploiting the Recruitment Process

BSidesLV Talk about how Veris Group's Adaptive Threat Division recruits its employees.

  • Entre para ver os comentários

Exploiting the Recruitment Process

  1. 1. EXPLOITING THE RECRUITMENT PROCESS Jason Frank Director, Adaptive Threat Division Veris Group, LLC Doug Munro Director of Recruiting Veris Group, LLC
  2. 2. AGENDA • The Recruitment Process Resumé Recruitment Screen Technical Challenges Technical Screen Management Screen Cultural Fit Test • Summary and Wrap-Up
  3. 3. Resume Recruitment Screen Technical Challenges Technical Screen Management Screen Cultural Fit Test Hire Decision THE FULL RECRUITMENT PROCESS
  4. 4. THE RESUMÉ – WHAT WE ARE LOOKING FOR Main Criteria: Do you have the passion to be successful? Have you presented anywhere? What projects are you working on? Do you have a blog? Are you attending meetups and conferences? • Do you have a relevant technical foundation? • Are you well-rounded? • Are you current with your tools? • Can you express methodologies? • Do you have relevant meaningful certifications? (OSCP, OSCE, OSEE) Shannon Lucas Former Drummer for Black Dahlia Murder
  5. 5. THE RESUMÉ – THE FINER POINTS Clean, Easy-to-Read Resumé • Arial, Helvetica, Verdana • Align text left • Strategic use of italics, bold, CAPS, and bullets • Tailor your keywords • Use Grammarly or LanguageTool to avoid mistakes
  6. 6. THE RESUMÉ – TELL US A STORY • Show a progression • You have 1/3 of a page to capture attention • Align your online profiles to your resume • Social media follows you to the grave
  7. 7. RECRUITMENT SCREEN Purpose: To determine if we are going to be able to accommodate the job and lifestyle requirements • Motivations for Change? • Certifications • Clearance or Clearable? • Experience Levels – Penetration Tester Senior – 5 to 8 Years of Experience Mid – 3 to 5 Years of Experience Junior - 0 to 3 Years of Experience • Travel Requirements – 25%
  8. 8. TECHNICAL/WRITING CHALLENGES Purpose: To assess the candidate’s ability for critical thinking, resourcefulness, and written communication • Scripting Challenges – Problem Solving • Online CTF Exercises • Technical Write-up of Thought Process • Report Corrections Missing Details Clarity Grammar
  9. 9. TECHNICAL SCREEN Purpose: To determine the candidate’s technical depth • Review the technical challenges – ensure full understanding • Know the tools and technical resources highlighted on your resume • You will be asked • Looks better if you admit your knowledge is limited • Tools and Methodologies • Deep dive into concepts and technical details • Evaluates depth of understanding
  10. 10. MANAGEMENT SCREEN Purpose: Determine how you fit within the team • Complete overview of company and team direction • Are you onboard? • Is this a medium term commitment versus a near term solution? 3-5 year option versus monthly In services, longer term direction is dependent on people • Address questions, concern, or compensation
  11. 11. ONSITE INTERVIEW Purpose: To determine if you are a cultural fit within the team • Every team has a persona, do you mesh? • Interface with multiple people at various levels on the team • Discussions occur for every potential hire • Red Flags Attitude Excessive Ego Closed Mentality – Knowledge Sharing
  12. 12. PROCESS SUMMARY Potential Candidate Passion Written Communicat ion Verbal Communicat ion Technical Depth Cultural Fit
  13. 13. ADDITIONAL TIPS • You are more than your resume, prove it • Be responsive to requests during the recruitment process • Create and contribute • Ask questions • Participate in the industry • Show your passion • “10 Things That Require Zero Talent” - https://www.linkedin.com/pulse/10-things-require-zero-talent-donn-carr • “10 TIPS FOR ASPIRING SECURITY PROFESSIONALS” - https://enigma0x3.net/2015/04/15/10-tips-for-aspiring-security- professionals/
  14. 14. RESOURCES – DO YOUR HOMEWORK! • Figure out the message of your target and review their content • Company Blogs and Personal Blogs of Employees • http://blog.harmj0y.net/ • http://www.exploit-monday.com/ • http://www.sixdub.net/ • https://enigma0x3.net/ • https://implicitdeny.org/ • http://www.rvrsh3ll.net/blog/ • http://xorrior.com/ • http://invoke-ir.com/
  15. 15. QUESTIONS?