Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Careers in InfoSec: Dont Be Fooled By The Credential Alphabet
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 12:02:09 PM
Re: When the Acronyms Don't Matter
My only concern might be with overreliance on tools like that and "overtesting" candidates.  Some companies may truly need programmers who can handle anything.  Others, however, may place more value on hiring candidates with specialties in certain programming areas and encouraging their employees to collaborate and talk with each other to solve problems.
RetiredUser
RetiredUser,
User Rank: Ninja
1/29/2016 | 11:48:20 PM
Re: When the Acronyms Don't Matter
Very true, Joe.  Actually, regarding online applications, I'd like to see more resume applications that are tied to online testing apps, too.  Codility comes to mind, for instance.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2016 | 8:37:39 AM
Re: When the Acronyms Don't Matter
@Christian: And it's a pity that online application systems weed out a great deal of qualified applicants -- often on the basis of the applicants simply not writing a good enough resume for the system (usually because of keyword deficiencies and/or formatting issues).
RetiredUser
RetiredUser,
User Rank: Ninja
1/28/2016 | 5:02:53 PM
When the Acronyms Don't Matter
I've met lots of unique assets over the years and they all shared something in common - they were found outside the usual hiring process and in many cases they approached the company with a "you need me" pitch.  While I'm not going to be a CEO/CIO anytime soon, it did convince me that hiring off-grid can be beneficial.  The whole HR process of writing up the job req, inserting the usual acronym pre-reqs and pulling together a nearly useless interview panel just can't continue for certain tech roles.  Taking the Free and Open Source Software (FOSS) model into account, there is a strong "show me the code" attitude that we need in tech right now.  

Ignoring the paper credentials, you drop into a reverse engineering IRC and toss out that you have a need for someone who has RE'ed malware and helped identify features, origins, etc.  You get a candidate or two who are interested, point them to a copy of the malware and within a brief period of time you get back a seriously clean and on-point report, and even a couple ideas on how to stop this malware from ever getting on-system.  Another candidate sends back a poorly composed, incomplete analysis with little take-away overall.  After doing the interviews, you find one of them is a CompSci MS, security-certified across the board over a period of ten years.  The other candidate is a High School dropout with a dozen well-respected FOSS projects written in Python and a regular speaker at conferences like Black Hat and DEFCON.

After reviewing all the candidates, you decide to hire the High School dropout.  Just an anecdote, but the tech industry has lots of different needs and they aren't all filled by degree- or certificate-holders.
RyanSepe
RyanSepe,
User Rank: Ninja
1/28/2016 | 3:52:43 PM
Re: CABC, CXYZ, CBLAHBLAHBLAH
Agreed, I always see CISSP. It's pretty much become a standard for HR to put in a security job listing.

 
cyberartisan
cyberartisan,
User Rank: Apprentice
1/28/2016 | 1:36:53 PM
Agree!
I could not agree more. Although I think this could appy to other professions, it seems to hit the mark in the Info Sec domain today.


As someone who has been in an Info Sec role earlier in my career and looking to get back into it, it almost seems to be impossible to be considered without the certifications as they show up in the "requirements" of the postings.


I just got my CISSP in December. It was a good refresher and validated that I haven't lost my relevant skills/knowledge. I have had numerous conversations with other hiring managers about certifications and its importance in the selection and hiring decisions. We all agreed they are helpful, but do not rank over other qualifications simply due to the rate and pace of change in technology.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/27/2016 | 3:39:13 PM
CABC, CXYZ, CBLAHBLAHBLAH
> "one of the things I've noticed repeatedly over the course of my career is that there is no correlation between degrees and certifications and the skills needed on the job."

Preach, brother Joshua!

Alas, good luck convincing HR departments of that -- especially as certain certifications become more in vogue and more in demand in job postings (CISSP, CISM, and CIPP in particular come to mind).


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...