This Content Component encountered an error
|Infosec Career Hacking: Sell Your Skillz, Not Your Soul
By Aaron W. Bayles, Chris Hurley, Johnny Long and Ed Brindley
472 pages; $39.95
In this excerpt from Chapter 2 of Infosec Career Hacking, authors Aaron W. Bayles, Chris Hurley, Johnny Long and Ed Brindley provide an overview on how to apply social engineering to the information security job search.
Being able to determine which type of job you are seeking is crucial. In-house and contract employees have different challenges. If you decide to pursue a federal job, FISMA scores are a starting point, as well as a goal for understanding the environment. Much information is available publicly for federal and private sector companies. Recent contract wins and any enforcement action should be noted, as well as awards and recognition for outstanding work and employee satisfaction. Purchases and sales of smaller companies are a good indicator of business growth opportunities, as well as knowledge about skills important to the company.
In order to gain internal information about the company, try to get personal interaction with employees of your target. Human Resources departments sometimes hold job fairs or community outreach allowing you to get more information about the employees and their opinions. Research into newsgroups and mailing lists can turn up topics of interest to the company. Knowledge of regulatory environments for the company's customers is critical for interview stages.
Solutions fast track
Narrowing your choices
For in-house work, try to match up your skill sets to a company with the same needs and challenges, in other words, remote connectivity, database intensive operations. Federal work needs to correlate to FISMA requirements.
Contractor work varies, but is still skill oriented. Large companies have stability, but are slower to move. Medium-sized companies are less stable, but more likely to create new opportunities. Small companies have a high level of risk, but are very flexible for new business and if successful, they are likely to be acquired.
Digging for information
Search for company history on hiring and layoff trends.
Search for acquisitions and divestitures of smaller companies to find out growth potential.
Determine if your target company has received awards for work or satisfaction, or has been involved with recent business wins. Make sure your prospect does not show up as having excessive compliance issues or enforcement actions.
Researching for rewards
Use Public Relations and Human Resource departments to gain personal interaction with employees.
Job fairs and outreach programs are a good way to gain face time with the target company.
Internships are a great way in for candidates recently out of educational work.
Making the contacts
Blend in for personal interaction, and be flexible with your responses.
Try to keep talking at a higher level; don't overload the person with all your skills.
Find out background information, such as compliance or regulatory environments.
Be aware of contractual issues within a particular job or industry.
Read the rest of Chapter 2, Reconnaissance: Social Engineering for Profit
Dig deeper on Information Security Jobs and Training