hack the hustle!

Hack the Hustle!Career Strategies for Information Security Practitioners

Eve Adams (@HackerHuntress)BSidesChicago | April 27, 2013

A negative-unemployment industry, sort of

0.9% infosec unemployment in 2012;

Security workforce in 2012: 52,000

4.7% web dev unemployment in 2012

22% more infosec jobs by 2020

Sources: Bureau of Labor Statistics via Eric Chabrow

http://www.bankinfosecurity.com/blogs/3-unemployment-among-infosec-pros-p-1400/op-1

And yet.

Highly desirable skill sets lead to highly volatile job markets.

Money/bidding wars

General IT churn

Burnout

Working for idiots

First impressions: Your résumé and you

Verb ALL the nouns!

Your résumé is not ◦ a racecar

◦ a pretty princess

◦ a junk drawer

Tl;dr: Show me what you got!

No more. No less.

Verb ALL the nouns!

Your résumé is not: a racecar

FAIL

Your résumé is not: a pretty princess

FAIL

Your résumé is not: a junk drawer

Maybe FAIL? Can’t tell.

It begins.

How to get a cool infosec job:◦ Post and pray – job boards, etc.

◦ Spray and pray – apply to what’s posted

◦ Network in

Learn about jobs before they’re officially open

Current employees, events, even recruiters

Inscrutable job description is inscrutable.

Information Security Analyst

Job DescriptionThe IT Security Engineer is responsible for design, development, and implementation

of IT security solutions for network, systems, and applications. The IT

Security Engineer also manages the Infrastructure Security Team and allocates resources to various security engineering

activities.

Sometimes they’re actually impossible.

Qualifications• 5+ years of experience in Kali Linux

• CISSP, OSCP, GXPN, C|EH, JNCIE, and A+ certifications REQUIRED

• Ph.D. in actuarial math• MUST BE LOCAL to Nome, AK

• Ability to lift 700 pounds• Must make amazing coffee

Inscrutable titles/descriptions are inscrutable.

Job descriptions can be legally binding documents, usually written by non-practitioners.

There is therefore a high degree of vagueness and CYA in them.

Get the real story by asking the hiring authority or someone who has contact with them.

Try the back door: network in

Learn about jobs before they’re open

◦ Friends and associates

◦ Social media – oft-neglected! LinkedIn is okay

Twitter is awesome and underutilized

◦Good recruiters can help Find one you trust to act as your “agent”

Protips: Interviewing and decisions

Ask questions about responsibilities early and comp details late (offer stage)

If you want the job, say so – and vice versa

Be above board as much as possible

Avoid temptation to be too casual