In this excerpt from Chapter 2 of Infosec Career Hacking, authors Aaron W. Bayles, Chris Hurley, Johnny Long and Ed Brindley provide an overview on how to apply social engineering to the information security job search.
Being able to determine which type of job you are seeking is crucial. In-house and contract employees have different challenges. If you decide to pursue a federal job, FISMA scores are a starting point, as well as a goal for understanding the environment. Much information is available publicly for federal and private sector companies. Recent contract wins and any enforcement action should be noted, as well as awards and recognition for outstanding work and employee satisfaction. Purchases and sales of smaller companies are a good indicator of business growth opportunities, as well as knowledge about skills important to the company.
In order to gain internal information about the company, try to get personal interaction with employees of your target. Human Resources departments sometimes hold job fairs or community outreach allowing you to get more information about the employees and their opinions. Research into newsgroups and mailing lists can turn up topics of interest to the company. Knowledge of regulatory environments for the company's customers is critical for interview stages.
Solutions fast track
Narrowing your choices
Digging for information
Researching for rewards
Making the contacts
Read the rest of Chapter 2, Reconnaissance: Social Engineering for Profit