hack the hustle!

21
Hack the Hustle! Career Strategies for Information Security Practitioners Eve Adams (@HackerHuntress) BSidesChicago | April 27, 2013

Upload: eve-adams

Post on 14-Jul-2015

497 views

Category:

Documents


13 download

TRANSCRIPT

Page 1: Hack the hustle!

Hack the Hustle!Career Strategies for Information Security Practitioners

Eve Adams (@HackerHuntress)BSidesChicago | April 27, 2013

Page 2: Hack the hustle!

A negative-unemployment industry, sort of

0.9% infosec unemployment in 2012;

Security workforce in 2012: 52,000

4.7% web dev unemployment in 2012

22% more infosec jobs by 2020

Sources: Bureau of Labor Statistics via Eric Chabrow

http://www.bankinfosecurity.com/blogs/3-unemployment-among-infosec-pros-p-1400/op-1

Page 3: Hack the hustle!
Page 4: Hack the hustle!
Page 5: Hack the hustle!

And yet.

Highly desirable skill sets lead to highly volatile job markets.

Money/bidding wars

General IT churn

Burnout

Working for idiots

Page 6: Hack the hustle!
Page 7: Hack the hustle!

First impressions: Your résumé and you

Verb ALL the nouns!

Your résumé is not ◦ a racecar

◦ a pretty princess

◦ a junk drawer

Tl;dr: Show me what you got!

No more. No less.

Page 8: Hack the hustle!

Verb ALL the nouns!

Page 9: Hack the hustle!

Your résumé is not: a racecar

FAIL

Page 10: Hack the hustle!

Your résumé is not: a pretty princess

FAIL

Page 11: Hack the hustle!

Your résumé is not: a junk drawer

Maybe FAIL? Can’t tell.

Page 12: Hack the hustle!
Page 13: Hack the hustle!

It begins.

How to get a cool infosec job:◦ Post and pray – job boards, etc.

◦ Spray and pray – apply to what’s posted

◦ Network in

Learn about jobs before they’re officially open

Current employees, events, even recruiters

Page 14: Hack the hustle!

Inscrutable job description is inscrutable.

Information Security Analyst

Job DescriptionThe IT Security Engineer is responsible for design, development, and implementation

of IT security solutions for network, systems, and applications. The IT

Security Engineer also manages the Infrastructure Security Team and allocates resources to various security engineering

activities.

Page 15: Hack the hustle!
Page 16: Hack the hustle!

Sometimes they’re actually impossible.

Qualifications• 5+ years of experience in Kali Linux

• CISSP, OSCP, GXPN, C|EH, JNCIE, and A+ certifications REQUIRED

• Ph.D. in actuarial math• MUST BE LOCAL to Nome, AK

• Ability to lift 700 pounds• Must make amazing coffee

Page 17: Hack the hustle!
Page 18: Hack the hustle!

Inscrutable titles/descriptions are inscrutable.

Job descriptions can be legally binding documents, usually written by non-practitioners.

There is therefore a high degree of vagueness and CYA in them.

Get the real story by asking the hiring authority or someone who has contact with them.

Page 19: Hack the hustle!

Try the back door: network in

Learn about jobs before they’re open

◦ Friends and associates

◦ Social media – oft-neglected! LinkedIn is okay

Twitter is awesome and underutilized

◦Good recruiters can help Find one you trust to act as your “agent”

Page 20: Hack the hustle!

Protips: Interviewing and decisions

Ask questions about responsibilities early and comp details late (offer stage)

If you want the job, say so – and vice versa

Be above board as much as possible

Avoid temptation to be too casual

Page 21: Hack the hustle!