Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Careers in InfoSec: Dont Be Fooled By The Credential Alphabet
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2016 | 12:02:09 PM
Re: When the Acronyms Don't Matter
My only concern might be with overreliance on tools like that and "overtesting" candidates.  Some companies may truly need programmers who can handle anything.  Others, however, may place more value on hiring candidates with specialties in certain programming areas and encouraging their employees to collaborate and talk with each other to solve problems.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
1/29/2016 | 11:48:20 PM
Re: When the Acronyms Don't Matter
Very true, Joe.  Actually, regarding online applications, I'd like to see more resume applications that are tied to online testing apps, too.  Codility comes to mind, for instance.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2016 | 8:37:39 AM
Re: When the Acronyms Don't Matter
@Christian: And it's a pity that online application systems weed out a great deal of qualified applicants -- often on the basis of the applicants simply not writing a good enough resume for the system (usually because of keyword deficiencies and/or formatting issues).
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
1/28/2016 | 5:02:53 PM
When the Acronyms Don't Matter
I've met lots of unique assets over the years and they all shared something in common - they were found outside the usual hiring process and in many cases they approached the company with a "you need me" pitch.  While I'm not going to be a CEO/CIO anytime soon, it did convince me that hiring off-grid can be beneficial.  The whole HR process of writing up the job req, inserting the usual acronym pre-reqs and pulling together a nearly useless interview panel just can't continue for certain tech roles.  Taking the Free and Open Source Software (FOSS) model into account, there is a strong "show me the code" attitude that we need in tech right now.  

Ignoring the paper credentials, you drop into a reverse engineering IRC and toss out that you have a need for someone who has RE'ed malware and helped identify features, origins, etc.  You get a candidate or two who are interested, point them to a copy of the malware and within a brief period of time you get back a seriously clean and on-point report, and even a couple ideas on how to stop this malware from ever getting on-system.  Another candidate sends back a poorly composed, incomplete analysis with little take-away overall.  After doing the interviews, you find one of them is a CompSci MS, security-certified across the board over a period of ten years.  The other candidate is a High School dropout with a dozen well-respected FOSS projects written in Python and a regular speaker at conferences like Black Hat and DEFCON.

After reviewing all the candidates, you decide to hire the High School dropout.  Just an anecdote, but the tech industry has lots of different needs and they aren't all filled by degree- or certificate-holders.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/28/2016 | 3:52:43 PM
Re: CABC, CXYZ, CBLAHBLAHBLAH
Agreed, I always see CISSP. It's pretty much become a standard for HR to put in a security job listing.

 
cyberartisan
50%
50%
cyberartisan,
User Rank: Apprentice
1/28/2016 | 1:36:53 PM
Agree!
I could not agree more. Although I think this could appy to other professions, it seems to hit the mark in the Info Sec domain today.


As someone who has been in an Info Sec role earlier in my career and looking to get back into it, it almost seems to be impossible to be considered without the certifications as they show up in the "requirements" of the postings.


I just got my CISSP in December. It was a good refresher and validated that I haven't lost my relevant skills/knowledge. I have had numerous conversations with other hiring managers about certifications and its importance in the selection and hiring decisions. We all agreed they are helpful, but do not rank over other qualifications simply due to the rate and pace of change in technology.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/27/2016 | 3:39:13 PM
CABC, CXYZ, CBLAHBLAHBLAH
> "one of the things I've noticed repeatedly over the course of my career is that there is no correlation between degrees and certifications and the skills needed on the job."

Preach, brother Joshua!

Alas, good luck convincing HR departments of that -- especially as certain certifications become more in vogue and more in demand in job postings (CISSP, CISM, and CIPP in particular come to mind).


Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVE-2014-9699
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
CVE-2019-7231
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
CVE-2017-17945
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2019-10271
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...