undefined | Better HN

0 pointstptacek7y ago0 comments

~Same. I expect in the most charitable case it means about as much to infosec hiring managers as bootcamps do to developer hiring managers.

0 comments

PeterisP7y ago

What are you looking for in that case? I mean, in the absence of previous experience doing the same thing.

The way I look at it, people come into technical security either from operations or development backgrounds, but it's hard to distinguish someone who has the required skills from their years in dev or ops from those who have managed to do their core work so without going into the relevant details; their CVs are going to look pretty much the same.

A hobbyist might have practiced on some CTFs or vulnerable machine challenges, but unless they haven't e.g. won some bug bounties or gotten some CVE disclosures, then that won't be really visible on a job application. If certifications aren't considered relevant by security hiring managers, what is?

souprock7y ago

Things that would count:

You wrote a compiler, kernel, emulator, firmware, or boot loader.

You wrote a small demo, such as 4096-byte or 512-byte. Like this: https://en.wikipedia.org/wiki/Demoscene

You have hand-optimized code via assembly language.

You have debugged software with a JTAG device or a digital logic analyser.

pvg7y ago

Why would those things count more or less than other things? It seems more like a list of things you think are neat but trying to guess what a resume-reader might think is neat seems like a game with very poor returns.

1 more reply

tptacekOP7y ago

We hire resume-blind, based on work-sample challenges.

https://latacora.com/careers/

j / k navigate · click thread line to collapse