A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love for helping connect awesome researchers with awesome companies (it’s kinda a thing we do here).
Before I get to the resources let’s go over a few things. Let’s assume that you are a rockstar researcher looking for an infosec job but don’t know where to start. On top of having a complete resume, you will need to have an updated LinkedIn. While common resumes are supposed to be short, LinkedIn gives a prospective employer an opportunity to view a more detailed history and dive into what you’ve done in the past. It’s tedious, I know, but I can’t stress enough how important these two items are. So what should you DO to update these?
- Keep them up to date for starters. Nothing says “I don’t really care” as much as an out of date resume/LinkedIn.
- Get as detailed as possible in your past position descriptions. Employers want to know what you’ve done, it’s the easiest way to infer skillset and evaluate value. Talk about any projects or processes you worked on, talk about any challenges overcome, training you did, etc.
- Get a few recommendations. Hopefully you’ve not burned any bridges and can get some people to say nice things about you. When I read profiles, I’m keenly interested in what other people have to say about someone. Again, as someone in a hiring position i can infer a lot from what they say (or what they don’t say).
- Have a good summary. I want to know what your ideals are. I want this paragraph to represent the fact that you have a passion about your job/career choice.
- List your extracurricular activities. Things I look for are contributions to open source projects, conference talks, training/certs taken, awards/honors, publications, etc. They all show you have a passion for your job that extends beyond 9am-5pm.
Ok, now onto the resources:
Reddit r/netsec’s hiring thread – click here
Every quarter the subreddit /r/Netsec hosts a thread for companies to recruit security folk. Look at this resource, but also look at past quarterly threads as well. If you see a post you like from a few threads ago, reach out to them and ask if they are still looking for talent. A lot of times a company will forget to add their post to the new quarter’s thread.
Mubix’s (Rob Fuller) Shmoocon Hiring list – click here
Rob created an excellent curated list of orgs looking for talent. Although the con is over, these places still need good researchers. Use this list and reach out to any companies that might interest you
SANS Internet Storm Center Job site – click here
I haven’t used this one in a while but it looks good =)
Bugcrowd’s new Job Posting Forums – click here
The forum’s still new and looking for more contributors, we will pass along any interesting opportunities we hear about there =)
Lastly, go to your local meetups. OWASP, ISC2, ISACA, and coding meetups are all tremendous opportunities for you to network. The best ways to do this?
- Ask if they have a careers board. This is simply a cork or whiteboard where you can write down contact info if you are looking to hire (or you can simply pin a business card to) If they do, start there. If they don’t, bring/make one yourself!!
- Secondly, present something! Nothing will get people asking you questions faster than a presentation. Security knowledge is scarce, even super simple topics are useful and could lead to an exchange of a business card. Keep in contact with these people and someday (hopefully soon) they might have a position open!
Thats it for now, more later on Interviewing successfully for a position!