.

Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Tue Nov 01, 2011 8:25 pm

Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

An interesting read.....

http://h30499.www3.hp.com/t5/Following- ... -p/5360357

Not enough skilled infosec pros to go around......

What has been your experience?
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Nov 03, 2011 5:00 pm

Re: Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

Dark_Knight wrote:Not enough skilled infosec pros to go around......

What has been your experience?


There's plenty without the "required education" or professional experience, that are good, even better than the common professional, that just needs the right chance to prove they already are good at what they do, or can be in a short amount of time.  :)
I'm an InterN0T'er
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Nov 03, 2011 5:25 pm

Re: Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

To MaXe's point (and in conjunction with the thread about CEH cert costs,) I know plenty of GREAT security folks, who don't have the time or money to earn certs, but who'll run circles around many of the more 'certified' individuals.  Paper-certified individuals are all too prevalent.  It's all in being given the right opportunity to step out, prove themselves, show their worth, and advance.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Nov 04, 2011 9:57 am

Re: Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

The traditional methods of finding talent are not quite working.  Big companies want to hire the paper certs to make HR happy.  If they want true talent, they need to check out the security conferences, the OWASP groups and other similar tech groups.  The talent is out there but either they are happy with their current situation or they don't have the degrees or certifications to get them on the radar. 

In this day an age when college grads with masters degrees are working at Subway, well kinda deters the high school student from wasting the money on a college education if the ROI won't be there when they get out. 

Granted I saw the writing on the wall in college and went into MIS.  You need to learn to predict where the job focus will be when you get out.  But I digress.  Basing your hiring on certs such as CEH or CISSP might get you some qualified applicants, but anyone worth there salt with those certs is probably hired and happy.  The relative experience should support the cert as well.  Another item to consider is the material the certs cover.  CISSP is not a technical cert so to require that for a technical job is a but wasteful.  CEH material is older and not always up-to-date.  Educate HR on what technical certs you want from applicants.  If you want a real savvy pen tester or blue team type, look for those OSCPs, GPEN or other GIAC related pen testing certs.  Only problem is some of the courses are a bit expensive for the individual to go for and the cert tests aren't cheap either compared to say an MCSE related test. 

So there are talented people out there but they may lack the big corporate dollars to get them up to snuff on paper.
Certs: GCWN
(@)Dewser
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Nov 04, 2011 10:47 am

Re: Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

I think the biggest problem is defining what Qualified means.

my interests lie in network, and OS security. While I'm qualified for security jobs, it doesn't mean I'm qualified for Software security jobs. :)
OSWP, Sec+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Fri Nov 04, 2011 2:46 pm

Re: Wanted: Software Security Specialists, Engineers, Testers ...but are there any?

You'll also find that "youthful indiscretions" hinder being hired in a lot of security positions.
ISC2 Associate, WCNA, CWNA, OSCP, Network+

Return to Career Central

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software