35 min listen
Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)
Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)
ratings:
Length:
36 minutes
Released:
Oct 25, 2019
Format:
Podcast episode
Description
Part 1 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years.
BIO:
I've been in infosec for 8 years, and in various IT roles since 1996 (Developer -> Sales Engineer -> BD Specialist -> Security BD -> Security Recruiting -> Dir. Corp Dev). However, I've also been one of the top recruiters for each company I worked at whatever role I've had.
Show Notes:
Internal recruiters != external recruiters
Backgrounds are different
External recruiters come from varied backgrounds, virtually zero from infosec
Much like BD people
Internal recruiters are more likely to have a greater understanding of infosec or at least IT
A recruiter that doesn't understand security is more likely to make bad placements with higher turnover
Motivations are far different
I want to choose people to spend a career with
They want to make a commission and meet SLAs
Attention to detail is very different
A tiny detail that could betray a hidden skill set or flaw would likely be overlooked by a 3rd party
I have an interest in understating the person, not just the resume
What is their desired career/life trajectory?
How will our company enrich/hinder that life?
You are in competition with an army of low-skilled counterfeits
You need to be able to demonstrate raw skills, not just list your certs
Have a body of work available for review on GitHub, your own site, etc.
Internships are a nice touch, but they cut both ways
You interned with unnamed-big-4-biz-consulting firm? Don't drag that culture in here. I fear for what you learned.
Can't talk about where you interned because it was a non-DOD three-letter agency? Communicate that point to me in your way. If that is the truth, I'll trace you back and verify.
Always be client-facing
I have seen many recruits passed over for poor hygiene, arrogant treatment of interviewers, disclosure of illegal activity, and just generally obnoxious behavior
You couldn't act like this on a client site and not get sent home; don't do it on the interview
Yes, you are talented...there's always someone cooler than you
Interview your interviewers
You should have a standing list of questions for interviewers
Why do you stay with them?
What is the intended growth path? Organic? IPO? Channel?
Is there any merger/acquisition activity going on? Planned? Intended impact?
Is there any rebranding activity going on? Planned? Intended impact?
What conditions are driving this open role? Turnover? Internal restructuring? Organizational growth?
Will I be supported in my security research? How?
Does your company have a defined mentoring path? Why not?
How does the company support continuing infosec education?
Meet your team
Watch the team interaction closely
Can you see cohesion? Are they supportive or adversarial? Are they authentically happy with their jobs?
Understand the org chart you are stepping into
To whom does security answer? CXX? IT Director? General Counsel?
Understanding this will help mitigate surprises later
Understand the company culture
Big corp? Big corp problems.
Boutique?...
BIO:
I've been in infosec for 8 years, and in various IT roles since 1996 (Developer -> Sales Engineer -> BD Specialist -> Security BD -> Security Recruiting -> Dir. Corp Dev). However, I've also been one of the top recruiters for each company I worked at whatever role I've had.
Show Notes:
Internal recruiters != external recruiters
Backgrounds are different
External recruiters come from varied backgrounds, virtually zero from infosec
Much like BD people
Internal recruiters are more likely to have a greater understanding of infosec or at least IT
A recruiter that doesn't understand security is more likely to make bad placements with higher turnover
Motivations are far different
I want to choose people to spend a career with
They want to make a commission and meet SLAs
Attention to detail is very different
A tiny detail that could betray a hidden skill set or flaw would likely be overlooked by a 3rd party
I have an interest in understating the person, not just the resume
What is their desired career/life trajectory?
How will our company enrich/hinder that life?
You are in competition with an army of low-skilled counterfeits
You need to be able to demonstrate raw skills, not just list your certs
Have a body of work available for review on GitHub, your own site, etc.
Internships are a nice touch, but they cut both ways
You interned with unnamed-big-4-biz-consulting firm? Don't drag that culture in here. I fear for what you learned.
Can't talk about where you interned because it was a non-DOD three-letter agency? Communicate that point to me in your way. If that is the truth, I'll trace you back and verify.
Always be client-facing
I have seen many recruits passed over for poor hygiene, arrogant treatment of interviewers, disclosure of illegal activity, and just generally obnoxious behavior
You couldn't act like this on a client site and not get sent home; don't do it on the interview
Yes, you are talented...there's always someone cooler than you
Interview your interviewers
You should have a standing list of questions for interviewers
Why do you stay with them?
What is the intended growth path? Organic? IPO? Channel?
Is there any merger/acquisition activity going on? Planned? Intended impact?
Is there any rebranding activity going on? Planned? Intended impact?
What conditions are driving this open role? Turnover? Internal restructuring? Organizational growth?
Will I be supported in my security research? How?
Does your company have a defined mentoring path? Why not?
How does the company support continuing infosec education?
Meet your team
Watch the team interaction closely
Can you see cohesion? Are they supportive or adversarial? Are they authentically happy with their jobs?
Understand the org chart you are stepping into
To whom does security answer? CXX? IT Director? General Counsel?
Understanding this will help mitigate surprises later
Understand the company culture
Big corp? Big corp problems.
Boutique?...
Released:
Oct 25, 2019
Format:
Podcast episode
Titles in the series (62)
Yaron Levi - Entrepreneur to Security Architect to CISO and Security Champion by Getting Into Infosec