Wanted: Software Security Specialists, Engineers, Testers …but are there any?

This topic contains 5 replies, has 6 voices, and was last updated by  WCNA 8 years, 1 month ago.

  • Author
    Posts
  • #6989
     Dark_Knight 
    Participant

    An interesting read…..

    http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/Wanted-Software-Security-Specialists-Engineers-Testers-but-are/ba-p/5360357

    Not enough skilled infosec pros to go around……

    What has been your experience?

  • #43451
     MaXe 
    Participant

    @dark_knight wrote:

    Not enough skilled infosec pros to go around……

    What has been your experience?

    There’s plenty without the “required education” or professional experience, that are good, even better than the common professional, that just needs the right chance to prove they already are good at what they do, or can be in a short amount of time.  🙂

  • #43452
     hayabusa 
    Participant

    To MaXe’s point (and in conjunction with the thread about CEH cert costs,) I know plenty of GREAT security folks, who don’t have the time or money to earn certs, but who’ll run circles around many of the more ‘certified’ individuals.  Paper-certified individuals are all too prevalent.  It’s all in being given the right opportunity to step out, prove themselves, show their worth, and advance.

  • #43453
     Triban 
    Participant

    The traditional methods of finding talent are not quite working.  Big companies want to hire the paper certs to make HR happy.  If they want true talent, they need to check out the security conferences, the OWASP groups and other similar tech groups.  The talent is out there but either they are happy with their current situation or they don’t have the degrees or certifications to get them on the radar. 

    In this day an age when college grads with masters degrees are working at Subway, well kinda deters the high school student from wasting the money on a college education if the ROI won’t be there when they get out. 

    Granted I saw the writing on the wall in college and went into MIS.  You need to learn to predict where the job focus will be when you get out.  But I digress.  Basing your hiring on certs such as CEH or CISSP might get you some qualified applicants, but anyone worth there salt with those certs is probably hired and happy.  The relative experience should support the cert as well.  Another item to consider is the material the certs cover.  CISSP is not a technical cert so to require that for a technical job is a but wasteful.  CEH material is older and not always up-to-date.  Educate HR on what technical certs you want from applicants.  If you want a real savvy pen tester or blue team type, look for those OSCPs, GPEN or other GIAC related pen testing certs.  Only problem is some of the courses are a bit expensive for the individual to go for and the cert tests aren’t cheap either compared to say an MCSE related test. 

    So there are talented people out there but they may lack the big corporate dollars to get them up to snuff on paper.

  • #43454
     rattis 
    Participant

    I think the biggest problem is defining what Qualified means.

    my interests lie in network, and OS security. While I’m qualified for security jobs, it doesn’t mean I’m qualified for Software security jobs. 🙂

  • #43455
     WCNA 
    Participant

    You’ll also find that “youthful indiscretions” hinder being hired in a lot of security positions.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?