Apply hacking skills to your job search

Hacking skills, such as reconnaissance and social engineering, can be used in a job search for a position in information security.

Infosec Career Hacking: Sell Your Skillz, Not Your Soul

By Aaron W. Bayles, Chris Hurley, Johnny Long and Ed Brindley

472 pages; $39.95


In this excerpt from Chapter 2 of Infosec Career Hacking, authors Aaron W. Bayles, Chris Hurley, Johnny Long and Ed Brindley provide an overview on how to apply social engineering to the information security job search.

Being able to determine which type of job you are seeking is crucial. In-house and contract employees have different challenges. If you decide to pursue a federal job, FISMA scores are a starting point, as well as a goal for understanding the environment. Much information is available publicly for federal and private sector companies. Recent contract wins and any enforcement action should be noted, as well as awards and recognition for outstanding work and employee satisfaction. Purchases and sales of smaller companies are a good indicator of business growth opportunities, as well as knowledge about skills important to the company.

In order to gain internal information about the company, try to get personal interaction with employees of your target. Human Resources departments sometimes hold job fairs or community outreach allowing you to get more information about the employees and their opinions. Research into newsgroups and mailing lists can turn up topics of interest to the company. Knowledge of regulatory environments for the company's customers is critical for interview stages.

More information

Read Chapter 2, Reconnaissance: Social Engineering for Profit

Read a review of this book by Information Security magazine

Read more book excerpts, chapters and reviews

Has this book helped your job search?

Visit our infosec jobs resource center for more advice on landing a job in information security

Solutions fast track

Narrowing your choices

  • For in-house work, try to match up your skill sets to a company with the same needs and challenges, in other words, remote connectivity, database intensive operations. Federal work needs to correlate to FISMA requirements.

  • Contractor work varies, but is still skill oriented. Large companies have stability, but are slower to move. Medium-sized companies are less stable, but more likely to create new opportunities. Small companies have a high level of risk, but are very flexible for new business and if successful, they are likely to be acquired.

    Digging for information

  • Search for company history on hiring and layoff trends.

  • Search for acquisitions and divestitures of smaller companies to find out growth potential.

  • Determine if your target company has received awards for work or satisfaction, or has been involved with recent business wins. Make sure your prospect does not show up as having excessive compliance issues or enforcement actions.

    Researching for rewards

  • Use Public Relations and Human Resource departments to gain personal interaction with employees.

  • Job fairs and outreach programs are a good way to gain face time with the target company.

  • Internships are a great way in for candidates recently out of educational work.

    Making the contacts

  • Blend in for personal interaction, and be flexible with your responses.
  • Try to keep talking at a higher level; don't overload the person with all your skills.

  • Find out background information, such as compliance or regulatory environments.

  • Be aware of contractual issues within a particular job or industry.

    Read the rest of Chapter 2, Reconnaissance: Social Engineering for Profit

  • This was last published in September 2005

    Dig Deeper on Information Security Jobs and Training



    Find more PRO+ content and other member only offers, here.



    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: