Re: Can Dave be cloned?

[Kevin Ponds <kponds () gmail com>]

On the flip side of the coin, what can people coming out of college in
a field like this do to make sure their skills are allocated in the
right place?

My experience in job hunting (I'm about to graduate college) is that
you can either get a job developing security products or using
security products.  The latter environment is much more prevelant in
the college job hunt.

We can ride the career fair / interview treadmill that college grads
with "regular" skill sets do, and get offered a corporate IT job where
our specialized skills won't be used to their greatest potential.  At
best, we'll get a job where we run Retina a few times a week and draw
up some reports (ok, this is massive generalization, but you get the
idea).  The problem here is that the people who are looking for
college grads are F2000 corps, not specialized innovators like
Immunity and probably whatever company you're recruiting for.  So we
either get stuck in 1) General IT jobs, or 2) Someone sees our
security talent, so we get to do a security job for a Megacorp, but it
isn't an innovative job and we end up doing scanning and reporting.

When we go to, say, securityfocus jobs, we see more of the same. 
Security development firms want proven experience for their
developers, and rightfully so.  A company like Immunity can't hire a
CS major right out of high school.  Sure, they might find a really hot
coder, but will they be familiar with advanced security concepts?  I
guarantee you that more than 1% of CS graduates would not be able to
understand what MOSDEF is when explained to them, and they shouldn't,
because they don't concentrate on the subject of security.

This makes it hard for the security college grad.  We can either take
the F500 corporate job and not use our advanced programming skills, or
we can try and try to get on with a company such as Immunity or eEye,
which is a very tough battle to fight when corporations are trying to
throw money at you.

Personally, though graduation is still a few months away, it looks
like I'm going for the MegaCorp.  I'd rather get a job where I could
do advanced and puzzling work all day, but they're offering a really
good amount, in a good city, I already had an internship with them,
and I'm almost sick of looking.

My advice, look where the college graduates will look.  Post on
SecurityFocus jobs, different security forums and mailing lists, etc. 
Stay relevant, and don't post job advertisements in low traffic lists
that like to stay on subject.

We are interested in computers, but we aren't interested in fumbling
around with Crystal Reports all day, and thats what's being shoved
down our throats.

On Tue, 5 Oct 2004 16:17:35 -0400, David Stein <david.r.stein () gmail com> wrote:
> Desperately seeking Dave...
>
> I need to find one or more smart computer security hackers.  People
> who do research, but have some idea what goes on in the real world.
> People who write excellent software (especially in Python or Perl) but
> who are not merely software developers.  People who can do software
> engineering in both the forward and reverse directions.  People who
> can make new discoveries without having their hands held.  People who
> are frighteningly intelligent.  People, in short, a lot like Dave
> (well, the arrogance is optional).
>
> Do such people come out of school anymore?  Can anyone suggest a good
> way to look for them?  I've found a number of ways (starting with my
> corporate HR department) to get deluged by piles of resumes for MCSE's
> and computer rackstackers and Java ("The COBOL of the 21st Century
> (TM)") programmers, but I can't seem to find any true hackers.  It
> seems like the species is extinct.
>
> The degree of difficulty is increased because I'm looking for someone
> who has to be a US citizen.  It seems like a lot (maybe most) of the
> best work is being done outside the US these days.  From what I can
> tell the brightest US college students aren't interested in computers
> any longer.
>
> Anyone have any suggestions?
>
> Thanks,
> --
> David Stein
> david.r.stein () gmail com
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave