Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Careers in InfoSec: Dont Be Fooled By The Credential Alphabet
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 12:02:09 PM
Re: When the Acronyms Don't Matter
My only concern might be with overreliance on tools like that and "overtesting" candidates.  Some companies may truly need programmers who can handle anything.  Others, however, may place more value on hiring candidates with specialties in certain programming areas and encouraging their employees to collaborate and talk with each other to solve problems.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/29/2016 | 11:48:20 PM
Re: When the Acronyms Don't Matter
Very true, Joe.  Actually, regarding online applications, I'd like to see more resume applications that are tied to online testing apps, too.  Codility comes to mind, for instance.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2016 | 8:37:39 AM
Re: When the Acronyms Don't Matter
@Christian: And it's a pity that online application systems weed out a great deal of qualified applicants -- often on the basis of the applicants simply not writing a good enough resume for the system (usually because of keyword deficiencies and/or formatting issues).
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/28/2016 | 5:02:53 PM
When the Acronyms Don't Matter
I've met lots of unique assets over the years and they all shared something in common - they were found outside the usual hiring process and in many cases they approached the company with a "you need me" pitch.  While I'm not going to be a CEO/CIO anytime soon, it did convince me that hiring off-grid can be beneficial.  The whole HR process of writing up the job req, inserting the usual acronym pre-reqs and pulling together a nearly useless interview panel just can't continue for certain tech roles.  Taking the Free and Open Source Software (FOSS) model into account, there is a strong "show me the code" attitude that we need in tech right now.  

Ignoring the paper credentials, you drop into a reverse engineering IRC and toss out that you have a need for someone who has RE'ed malware and helped identify features, origins, etc.  You get a candidate or two who are interested, point them to a copy of the malware and within a brief period of time you get back a seriously clean and on-point report, and even a couple ideas on how to stop this malware from ever getting on-system.  Another candidate sends back a poorly composed, incomplete analysis with little take-away overall.  After doing the interviews, you find one of them is a CompSci MS, security-certified across the board over a period of ten years.  The other candidate is a High School dropout with a dozen well-respected FOSS projects written in Python and a regular speaker at conferences like Black Hat and DEFCON.

After reviewing all the candidates, you decide to hire the High School dropout.  Just an anecdote, but the tech industry has lots of different needs and they aren't all filled by degree- or certificate-holders.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/28/2016 | 3:52:43 PM
Re: CABC, CXYZ, CBLAHBLAHBLAH
Agreed, I always see CISSP. It's pretty much become a standard for HR to put in a security job listing.

 
cyberartisan
50%
50%
cyberartisan,
User Rank: Apprentice
1/28/2016 | 1:36:53 PM
Agree!
I could not agree more. Although I think this could appy to other professions, it seems to hit the mark in the Info Sec domain today.


As someone who has been in an Info Sec role earlier in my career and looking to get back into it, it almost seems to be impossible to be considered without the certifications as they show up in the "requirements" of the postings.


I just got my CISSP in December. It was a good refresher and validated that I haven't lost my relevant skills/knowledge. I have had numerous conversations with other hiring managers about certifications and its importance in the selection and hiring decisions. We all agreed they are helpful, but do not rank over other qualifications simply due to the rate and pace of change in technology.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/27/2016 | 3:39:13 PM
CABC, CXYZ, CBLAHBLAHBLAH
> "one of the things I've noticed repeatedly over the course of my career is that there is no correlation between degrees and certifications and the skills needed on the job."

Preach, brother Joshua!

Alas, good luck convincing HR departments of that -- especially as certain certifications become more in vogue and more in demand in job postings (CISSP, CISM, and CIPP in particular come to mind).


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5300
PUBLISHED: 2020-04-06
In Hydra (an OAuth2 Server and OpenID Certifiedâ„¢ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the t...
CVE-2019-19699
PUBLISHED: 2020-04-06
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To e...
CVE-2020-11102
PUBLISHED: 2020-04-06
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
CVE-2020-11507
PUBLISHED: 2020-04-06
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.
CVE-2020-11544
PUBLISHED: 2020-04-06
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for...