Re: Finding pen-testers

[AK <platsakos () gmail com>]

Depends what kind of pen-testers you are looking for.
- If you are after the certification crowd, I think certain
organisations such as SANS and I assume maybe more publish their
certification holder list so you might wanna have a look there.
- +1 for Miguel's suggestion. Looking up people from mailing
lists/twitter/blogs/professional social networking is likely to yield
some good candidates, however chances are most of them will be already
employed :)
- I would stay away from Dice/Monster and related generic job sites.
Speaking from experience, I had to wade through 150+ CVs per month from
a local job site, most being completely irrelevant to the position
discussed. We ended up hiring from a personal recommendation.
HTH

On 05/20/2011 02:09 PM, Miguel Dilaj wrote:
> On 19/05/2011 19:07, amoeba () amoebazone com wrote:
> > There are always posts to the list on
> > recommendations/skills/requirements for people looking to get into
> > pentesting. How about some discussion from the hiring side: How are
> > you finding your testers? While companies can go the usual
> > Monster/Dice/etc route, where do you go to look for specific skill
> > sets like pentesting to have a higher chance of hitting your target
> > audience/job seekers without having to wade through a billion resumes
> > that don't even come close to what you're looking for?
>
> Hi all,
>
> Recommendations of existing consultants are always considered and the
> prime source of new starters.
> Other than the above, at my company we hired some consultants by
> asking for people with security expertise in Linux mailing lists and
> groups (that's a matter of personal preference, I'm pretty sure there
> IS people with security experience using other Operating Systems,
> don't blame me for liking Linux and Linux people), then grinding on
> the individuals who answer. So far that channel has been quite
> successful.
> Occasionally I receive a resume because either:
> a) someone knows me and submits it (I tend to be easy to find for
> people who looks for me). Got in touch with some cool people this way,
> although not always to work with them.
> b) someone came upon our company page (not mentioned here so it's not
> considered spam!) and uses the contact form. I must add that this is
> the main channel which produces resumes far from what I'm looking for.
> Regards,
>
> Miguel
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review
> Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs
> require a full practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------


-- 
What is the air-speed velocity of an unladen swallow? 


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------