Stott and May’s Post

What skill set should you hire as Security employee number 1? 🤔 This is a question I get asked regularly and the answer I always give... It depends. It depends on the organisation, the business objectives, the budget and so much more. Without knowing all the details it can be difficult to answer. I see a lot of fast-paced tech companies initially hire 2-3 Security Engineers that embed into their existing Engineering org which works really nicely. Other companies look to hire a Head Of Security first that is going to be responsible for building out a function. I think the most important thing is that you set your objectives for the Security org early and build a plan based on those objectives - whether that be a full team build out or embedding security into existing teams. What do others think? Is one way more efficient than the other?

What skill set should you hire as Security employee number 1? 🤔 This is a question I get asked regularly and the answer I always give... It depends. It depends on the organization, the business objectives, the budget and so much more. Without knowing all the details it can be difficult to answer. I see a lot of fast-paced tech companies initially hire 2-3 Security Engineers that embed into their existing Engineering org which works really nicely. Other companies look to hire a Head Of Security first that is going to be responsible for building out a function. I think the most important thing is that you set your objectives for the Security org early and build a plan based on those objectives - whether that be a full team build out or embedding security into existing teams. What do others think? Is one way more efficient than the other?

Update, Registration closed: I will send an Apple iPad to anyone who comments and tags the name of the best security researcher, consultant, or analyst you know. We are hiring, and if we end up hiring the person you referred, we will send you the iPad. Step 1 of the hiring process is the CTF - so the analyst must pass the CTF to be qualified. Register by: May 24th, 2024 🔗 To register, scan the QR code or use this link: https://csek.me/TECI So, what are you waiting for? Tag the names of the people whom you think are skilled, and share some of their work.

Hiring in security is an important topic, one that I dont see a lot spoken or written about so Sandesh and I decided to discuss it by putting on a lens of a security engineering team. The term security engineering itself can be interpret in a lot of ways so we spent some time getting to that agreement first. We dived a little bit into what the hiring process generally tends to be, what are some things to look out for - both from a candidate’s perspective and also from a hiring manager’s perspective. We also share some tips on how to build a solid candidate profile by building a brand for yourself and making yourself stand out in the crowd. Tune in to learn more! Links in comments.. #appsec #softwaresecurity #security #hiring #productsecurity

We are #hiring Red Teamer in our team. Like breaking things? Passionate about finding vulnerabilities in latest and greatest? Do apply with the link below: https://lnkd.in/eZWDQBpz #redteam #hiring #penetrationtesting #pentesting

Please get intouch if any of my connections would like to find out more about these two roles.

For the cyber pros on the Northeast who are in the market - take a look.

Let's talk about signs of potential #toxicity and low #ethics at #work environments. Working on weekends should never be on a job-post like this and not be an expectation. If that's required there are words for it: oncall, 24/7 rotation, you name it. And this is paid time to be precise. Implying that if you don't spend your weekends working or studying "cyber" stuff you simply "don't have it", it's plain BS and a sign of a toxic workplace to come. And the amount of toxicity in the discussion below is staggering. Did I ever work on evenings, nights, weekends "unpaid" or I still do? Of course, a lot, almost all of us in our field did and/or still do. But that's when we feel like doing it, because our passion and desire to dig deeper takes you there, when you feel like that's the way you want to invest your free time, when YOU deem so right, not because your boss expects you to do it. Life is one and short. Spend your free time disconnecting, recharging the batteries, spending quality time with family, friends and cultivating your hobbies. Learning new things outside of "cyber" that, I can assure you, will contaminate the way you reason on "cyber" too. This can positively influence your performance and future career much more than one thinks. For junior folks (I hope the more experienced have figured this out): there is plenty of opportunities in #infosec and #threatintel, avoid the Jasons or the J.J.'s if you want to avoid #burnout along the way. For hiring manager: don't be a Jason or a J.J. or any of their "the best" club, whatever that means. Don't be part of the problem. And please don't take my word for it, read also what smarter and wiser people than me, Jason and J.J. combined have to share about the subject, read Ethan Evans: "Choose companies and bosses wisely. Some leaders push you into the trap, some leaders try to keep you out of it. Seek those that keep you out." https://lnkd.in/erBPqSCs

Good day to all! We are still urgently looking for a RED TEAM PENETRATION TESTER who is amenable to work part-time (eventually will go full-time) and can go to Metro Manila, Philippines for a Face-to-Face Interview once shortlisted. This will be a Remote Work Setup and performance-based. The role would be to evaluate the security posture of our valued clients. Your tasks would range from penetration testing to full on red teaming. You'll be expected to continuously better yourself by learning new TTPs and CVEs along with monitoring APT related activities. We are a company that recognizes talent. 1. Certification and degrees are not required as long as you can demonstrate your offensive security capabilities. 2. Have you been involved with any black/gray hat activities in the past? Any awesome projects you're currently working on? What's your dream hack? Tell us about it. During the hiring process, you will be evaluated based on the following: 1. Technical capabilities: We don't care about your XSS, can you pwn a box? What C2 do you use? How do you evade AVs and EDRs? 2. Professionalism: You will handle highly-sensitive and confidential client information. Can you be trusted? We are prepared and eager to support your professional development. 1. We offer unlimited training and certifications with no strings attached. 2. You can work from anywhere as long as the working guidelines are followed. 3. We recognize that not all projects can't be successful. Nevertheless, your efforts will be rewarded with performance-based bonuses. 4. We'll support your trip to security conferences. For interested candidates, you may send a message of your CV in PDF. #hiring #work #security #remotework #pentesting #pentest #penetrationtester #penetrationtesting #redteam #redteaming #itrole #ethicalhacking

Located in Charlotte, NC