Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Careers in InfoSec: Dont Be Fooled By The Credential Alphabet
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 12:02:09 PM
Re: When the Acronyms Don't Matter
My only concern might be with overreliance on tools like that and "overtesting" candidates.  Some companies may truly need programmers who can handle anything.  Others, however, may place more value on hiring candidates with specialties in certain programming areas and encouraging their employees to collaborate and talk with each other to solve problems.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/29/2016 | 11:48:20 PM
Re: When the Acronyms Don't Matter
Very true, Joe.  Actually, regarding online applications, I'd like to see more resume applications that are tied to online testing apps, too.  Codility comes to mind, for instance.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2016 | 8:37:39 AM
Re: When the Acronyms Don't Matter
@Christian: And it's a pity that online application systems weed out a great deal of qualified applicants -- often on the basis of the applicants simply not writing a good enough resume for the system (usually because of keyword deficiencies and/or formatting issues).
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
1/28/2016 | 5:02:53 PM
When the Acronyms Don't Matter
I've met lots of unique assets over the years and they all shared something in common - they were found outside the usual hiring process and in many cases they approached the company with a "you need me" pitch.  While I'm not going to be a CEO/CIO anytime soon, it did convince me that hiring off-grid can be beneficial.  The whole HR process of writing up the job req, inserting the usual acronym pre-reqs and pulling together a nearly useless interview panel just can't continue for certain tech roles.  Taking the Free and Open Source Software (FOSS) model into account, there is a strong "show me the code" attitude that we need in tech right now.  

Ignoring the paper credentials, you drop into a reverse engineering IRC and toss out that you have a need for someone who has RE'ed malware and helped identify features, origins, etc.  You get a candidate or two who are interested, point them to a copy of the malware and within a brief period of time you get back a seriously clean and on-point report, and even a couple ideas on how to stop this malware from ever getting on-system.  Another candidate sends back a poorly composed, incomplete analysis with little take-away overall.  After doing the interviews, you find one of them is a CompSci MS, security-certified across the board over a period of ten years.  The other candidate is a High School dropout with a dozen well-respected FOSS projects written in Python and a regular speaker at conferences like Black Hat and DEFCON.

After reviewing all the candidates, you decide to hire the High School dropout.  Just an anecdote, but the tech industry has lots of different needs and they aren't all filled by degree- or certificate-holders.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/28/2016 | 3:52:43 PM
Re: CABC, CXYZ, CBLAHBLAHBLAH
Agreed, I always see CISSP. It's pretty much become a standard for HR to put in a security job listing.

 
cyberartisan
50%
50%
cyberartisan,
User Rank: Apprentice
1/28/2016 | 1:36:53 PM
Agree!
I could not agree more. Although I think this could appy to other professions, it seems to hit the mark in the Info Sec domain today.


As someone who has been in an Info Sec role earlier in my career and looking to get back into it, it almost seems to be impossible to be considered without the certifications as they show up in the "requirements" of the postings.


I just got my CISSP in December. It was a good refresher and validated that I haven't lost my relevant skills/knowledge. I have had numerous conversations with other hiring managers about certifications and its importance in the selection and hiring decisions. We all agreed they are helpful, but do not rank over other qualifications simply due to the rate and pace of change in technology.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/27/2016 | 3:39:13 PM
CABC, CXYZ, CBLAHBLAHBLAH
> "one of the things I've noticed repeatedly over the course of my career is that there is no correlation between degrees and certifications and the skills needed on the job."

Preach, brother Joshua!

Alas, good luck convincing HR departments of that -- especially as certain certifications become more in vogue and more in demand in job postings (CISSP, CISM, and CIPP in particular come to mind).


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
'Unkillable' Android Malware App Continues to Infect Devices Worldwide
Jai Vijayan, Contributing Writer,  4/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1633
PUBLISHED: 2020-04-09
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, le...
CVE-2020-8834
PUBLISHED: 2020-04-09
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc__tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to...
CVE-2020-11668
PUBLISHED: 2020-04-09
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2020-8961
PUBLISHED: 2020-04-09
An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific loc...
CVE-2020-7922
PUBLISHED: 2020-04-09
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are u...