Comments on: How to get a job in a pen test team http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/ Random acts of hackery, geekery and skullduggery Mon, 08 Nov 2010 21:03:05 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: SnakeOil Labs » Thoughts from the Interview Room http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/comment-page-1/#comment-2462 SnakeOil Labs » Thoughts from the Interview Room Fri, 17 Feb 2006 20:38:04 +0000 http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/#comment-2462 [...] I had an interesting comment from James in an earlier post about penetration testing teams. There were a lot of questions in there so I thought I’d write a response as a new post. We’re still hiring by the way, so if you’re looking to join a fledgling security consultancy on the sharp edge of the ‘verse, you could do worse than get in touch (yes I know that it’s the blog for snakeoillabs page but it’ll get to me). [...] [...] I had an interesting comment from James in an earlier post about penetration testing teams. There were a lot of questions in there so I thought I’d write a response as a new post. We’re still hiring by the way, so if you’re looking to join a fledgling security consultancy on the sharp edge of the ‘verse, you could do worse than get in touch (yes I know that it’s the blog for snakeoillabs page but it’ll get to me). [...]

]]> By: James http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/comment-page-1/#comment-2461 James Thu, 16 Feb 2006 23:12:29 +0000 http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/#comment-2461 Assuming your've finished hiring - what questions did you ask your interviewee's? Did you get them to demo anything? It's intresting to hear from an HR side of things - whats your take the techie tester and the 'technical sales' kind of pen tester? Often it's good to have a non uber geek on your customers site to act as a contact while doing external audits - what sort of ratio does you company have of these? It's an intesting industry with some very different extremes isn't it. Assuming your’ve finished hiring – what questions did you ask your interviewee’s? Did you get them to demo anything? It’s intresting to hear from an HR side of things – whats your take the techie tester and the ‘technical sales’ kind of pen tester? Often it’s good to have a non uber geek on your customers site to act as a contact while doing external audits – what sort of ratio does you company have of these?

It’s an intesting industry with some very different extremes isn’t it.

]]> By: James http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/comment-page-1/#comment-2460 James Thu, 16 Feb 2006 11:43:16 +0000 http://snakeoillabs.com/wordpress/2006/01/26/how-to-get-a-job-in-a-pen-test-team/#comment-2460 <!-- spamk : Used HTTP_VIA header. --> <!-- spamk : Comment on old post. --> <!-- spamk : CAPTCHA:sent-0-times:1140093797 --> <!-- spamk : KARMA: -3 --> <!-- spamk : Treatment: captcha --> Assuming you've finished interviewing - what question did you ask your candiates? Did you ask them to demo anything? IMHO often non-techie people are better client facing, and are often useful as an on-site contact when conducting assessments (as long as they have a basic understanding) but then you get into the world of how much you pay them, are they less/more/or the same in terms of revenue as your techies that dream shellcode. What sort of makeup is you pen test team - 1/2 and 1/2 or is it more like a pen test team and a external technical sales guy? Intresting to see it from a HR point of view..




Assuming you’ve finished interviewing – what question did you ask your candiates? Did you ask them to demo anything? IMHO often non-techie people are better client facing, and are often useful as an on-site contact when conducting assessments (as long as they have a basic understanding) but then you get into the world of how much you pay them, are they less/more/or the same in terms of revenue as your techies that dream shellcode. What sort of makeup is you pen test team – 1/2 and 1/2 or is it more like a pen test team and a external technical sales guy?

Intresting to see it from a HR point of view..

]]>