Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Looking For A Security Job? You Don't Need To Be Bo Derek
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Mark Aiello
50%
50%
Mark Aiello,
User Rank: Apprentice
11/1/2013 | 1:39:05 PM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Hi Joe. "I'll take the dedicated quick study over the guy that looks good on paper any day." From your lips to the Hiring Managers ears. I agree.

You are correct re: Tip 1. It is exactly why one must control their own message. It is important to figure out what needs to be done and then draft a response that explains why you are qualified. Lots of "job descriptions" are not descriptive. With many positions, individuals can use social media to locate who was employed in that role previously and see if it is possible to figure out what they did.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/1/2013 | 2:33:57 AM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Of course, you may not be able to contact them if you're not in their network.

So perhaps the lesson is to use LinkedIn to find the hiring manager, then use Facebook or some other platform to touch base with them. (And even Facebook, now that it has introduced Graph Search, duplicates many LinkedIn search functions -- in some ways better than LinkedIn does.)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/1/2013 | 2:32:03 AM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
There are very very very very few jobs that can't be mostly learned on the job, even if you didn't go to school for it (including, if State Bars didn't mostly forbid it, mine -- attorney).

I'll take the dedicated quick study over the guy that looks good on paper any day.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
11/1/2013 | 2:29:46 AM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Tip 1 is apt...but too bad HR staffers and hiring managers often forget it themselves.
Mark Aiello
50%
50%
Mark Aiello,
User Rank: Apprentice
10/31/2013 | 5:50:15 PM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Hi Terry. Every experienced professional began their career without experience. I would not recommend hiring someone with no experience to lead your security group but I do recommend hiring a combination of knowledge and attitude. Knowledge does not always equal experience.

And yes, there are lots of "entry-level" jobs in security. What's wrong with accepting a job to review IDS logs? If you are good and have a good attitude, it will lead to other opportunities. Not everyone can start at the top.
TerryB
50%
50%
TerryB,
User Rank: Ninja
10/31/2013 | 5:38:13 PM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
I'm not sure your doing anyone any favors here, Mark. Besides the unqualified guy who is hired to handle your computer security that is. If there is one place where you don't someone learning on the job, it's security. Is there really a entry level job in security, except maybe reviewing IDS logs?
Mark Aiello
50%
50%
Mark Aiello,
User Rank: Apprentice
10/31/2013 | 5:07:37 PM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Thanks Greg. Glad you liked it. I guess the Bo Derek reference shows my age. Maybe Hollywood will do a remake with Scarlett Johansson.

LinkedIn is a great resource for finding a hiring manager. Not perfect but 99% accurate. Go #RedSox
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
10/31/2013 | 3:18:34 PM
re: Looking For A Security Job? You Don't Need To Be Bo Derek
Great column. Although, 75% of millennials reading this article have no clue who Bo Derek is, (they are all googling her right now) LOL.

Tip #2 is a great point, although finding the hiring manager is sometimes extremely difficult.
<<   <   Page 2 / 2


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...