Hack the hustle!
Transcript of Hack the hustle!
Hack the Hustle!Career Strategies for Information Security Practitioners
Eve Adams (@HackerHuntress)BSidesChicago | April 27, 2013
A negative-unemployment industry, sort of
0.9% infosec unemployment in 2012;
Security workforce in 2012: 52,000
4.7% web dev unemployment in 2012
22% more infosec jobs by 2020
Sources: Bureau of Labor Statistics via Eric Chabrow
http://www.bankinfosecurity.com/blogs/3-unemployment-among-infosec-pros-p-1400/op-1
And yet.
Highly desirable skill sets lead to highly volatile job markets.
Money/bidding wars
General IT churn
Burnout
Working for idiots
First impressions: Your résumé and you
Verb ALL the nouns!
Your résumé is not ◦ a racecar
◦ a pretty princess
◦ a junk drawer
Tl;dr: Show me what you got!
No more. No less.
Verb ALL the nouns!
Your résumé is not: a racecar
FAIL
Your résumé is not: a pretty princess
FAIL
Your résumé is not: a junk drawer
Maybe FAIL? Can’t tell.
It begins.
How to get a cool infosec job:◦ Post and pray – job boards, etc.
◦ Spray and pray – apply to what’s posted
◦ Network in
Learn about jobs before they’re officially open
Current employees, events, even recruiters
Inscrutable job description is inscrutable.
Information Security Analyst
Job DescriptionThe IT Security Engineer is responsible for design, development, and implementation
of IT security solutions for network, systems, and applications. The IT
Security Engineer also manages the Infrastructure Security Team and allocates resources to various security engineering
activities.
Sometimes they’re actually impossible.
Qualifications• 5+ years of experience in Kali Linux
• CISSP, OSCP, GXPN, C|EH, JNCIE, and A+ certifications REQUIRED
• Ph.D. in actuarial math• MUST BE LOCAL to Nome, AK
• Ability to lift 700 pounds• Must make amazing coffee
Inscrutable titles/descriptions are inscrutable.
Job descriptions can be legally binding documents, usually written by non-practitioners.
There is therefore a high degree of vagueness and CYA in them.
Get the real story by asking the hiring authority or someone who has contact with them.
Try the back door: network in
Learn about jobs before they’re open
◦ Friends and associates
◦ Social media – oft-neglected! LinkedIn is okay
Twitter is awesome and underutilized
◦Good recruiters can help Find one you trust to act as your “agent”
Protips: Interviewing and decisions
Ask questions about responsibilities early and comp details late (offer stage)
If you want the job, say so – and vice versa
Be above board as much as possible
Avoid temptation to be too casual