Cатсн²² (in)sесuяitу / ChrisJohnRiley

 How not to get hired for a security job

Stephen Bonner

Why people fail in the hiring process… by doing stupid things!

Some things that I tell you NOT to do, might be what your future employer wants… it’s not easy to define.

The process of hiring is about finding somebody that will fit in and add value to the team. It’s not all about the skill set.

The most important is to hire people for attitude. People don’t often get fired for their lack of skills, most get fired as they don’t fit in!

When you start the process of getting a job is to get involved with an agent… these agents don’t have your best interest in mind! Consider that. They aren’t aligned to your values. They’re in it for the $$$

Sending emails and CVs out of the blue to most companies is also a bad idea. There are some clearly defined processes, and trying to avoid them usually ends badly. Going through an agent is sometimes the best way.

The first thing an agent will do to your CV, is rip it apart to remove contact info… and therefore screw it up. It’s also worth asking for a copy, as some less reputable agents ADD skills!

Please check your CV for spelling and punctuation… oh and if you list reading on your CV as a hobby (which I’d expect from a 5 year old), please actually read something… and know what you read last.

Listing certificates on your CV doesn’t say your smart, it just says you worked at a company that had a training budget! Many HR departments put the same weight on a CISSP as MSc!

Photos in CVs… are just creepy!

It is extremely likely that an employer will Google you… look through your Twitter, Facebook, LinkedIn, etc… Even if it’s not legal/right. If you have a profile, make it a good one. If not, deny it’s you

The Telephone Interview

Cut out the background noise… oh, and chance are the other end is on mute, reading their emails!

If you talk for 20 minutes and the other end says nothing, they might have gone! Get feedback. Challenge and answer.

The interview

Being nervous and mumbling… not good. The employer doesn’t care!

Don’t be late, and if you are, have a great excuse (i.e. brought a man back to life on the tube).

Nobody wants to hire somebody who you would want to spend a night stranded in an airport with. Maybe, look like a blanket?

Key questions

What is your password?… 30% of people answer, and they don’t get the job.

If you can’t stand the social engineering pressure of being asked, maybe this isn’t for you.

Nobody replies, “I don’t just have 1 password!”

Best answer was “I can’t tell you”… “because I don’t know what it is”. “Because it’s a pattern on the keyboard”. He then draw out the pattern on a fake keyboard. It was a crap password as well!

Have you ever hacked illegally?

The answer to this is always NO. If you can’t understand the context and lie accordingly, you’re probably not going to get the job.

The NO-WIN situation

Just like Star Trek… put them in a situation they can never get right. See how people who always succeed deal with failure. Covering it up and denying it happened, isn’t a good plan. Deal with the failure.

Team work

How you deal with communications and then follow simple instructions. It’s all about the communication and figuring out issues before they happen

Have you got any questions?

Do ask… and no, holidays isn’t a valid question.

Check you’re applying for the right job. Oh, and the right interview.

Don’t lie about your experience and job. It can be checked.

Don’t slag off your employer. The prospective employer knows you’re going to talk crap about them in the future too!

What happens when you get the answer (NO)

Don’t argue, but get feedback

Arguing doesn’t help. They’re not going to change their mind after all.

Links: