Hire Ground — Career Track

Name: Hire Ground — Career Track
Uploaded: 2022-08-11
Duration: 6 h 14 min 39 s
Description: A career focused track with sessions to provide the tools and knowledge needed for job search and career development. Resume reviews by industry recruiters and career coaching sessions by industry veterans are available on a first come, first served basis. For more information, check out https://bsi

BSides Las Vegas · 20226:14:39366 viewsPublished 2022-08Watch on YouTube ↗

Tags

CategoryCareer

TopicCareer & Soft Skills

About this talk

A career focused track with sessions to provide the tools and knowledge needed for job search and career development. Resume reviews by industry recruiters and career coaching sessions by industry veterans are available on a first come, first served basis. For more information, check out https://bsideslv.org/hire-ground

Show transcript [en]

[Music]

so [Music] [Music]

[Music]

[Music] do [Music]

[Music] do

[Music]

[Music] do [Music] do [Music]

[Music]

do [Music]

[Music]

[Music] do

[Music]

so [Music]

[Music]

[Music] [Music]

[Music]

do [Music]

[Music]

[Music] do [Music]

[Music]

[Music] so [Music]

[Music]

[Music] [Music]

[Music]

[Music] do

[Music]

[Music] do

[Music]

[Music] do

[Music] so [Music]

[Music]

[Music] do [Music]

[Music]

[Music] do [Music]

[Music]

[Music] so

[Music]

so [Music]

[Music]

[Music] [Music]

[Music]

do [Music]

[Music]

[Music] do [Music] do [Music]

[Music]

do [Music]

[Music]

[Music] so [Music] so

[Music]

[Music] so

[Music]

[Music] [Music]

[Music]

[Music] do

[Music]

so [Music]

[Music]

[Music] so [Music]

so [Music]

[Music]

[Music] [Music]

[Music]

[Music] so

[Music]

so [Music]

[Music]

[Music] [Music]

[Music]

[Music] [Music]

[Music]

[Music] do [Music]

[Music]

we're sitting on the tables if you could just be sure not to put food or drink on them because people will be doing resume review on those tables later and resumes get a lot of stuff on and that's not the kind of edits we want to see on our resumes so i'm kathleen smith yes it's kathleen on twitter i created higher ground seven years ago it is just an absolute wonderful thing to see so many people show up here to invest in themselves as far as what is going to happen with their career and why are why am i struggling and is everyone else struggling and coming here and being able to find out that everyone

is struggling and thank you for those who came on wednesday the second morning early because it means you're really serious so we always make sure that we have a really serious talk on the second day um if any of you follow me on twitter you know that my friend mike murray usually has this spot but mike decided that life was too hard in april and left us so we have a memorial in the back but that is actually for everyone we've lost and so if you have someone you've lost over the last two years you're welcome to write a note about what you miss about them sorry i keep promising myself i won't cry and i do

so it was really thank you so it was really hard to find someone who could talk about management because that is what we always talk about on the second day first day we really talk about sort of career search and challenges and how to make things better and how do we stand up to the challenges that we're facing so i was really excited when tom submitted his talk and i went yay we have so many great managers in our community who have learned through their mistakes and through their opportunities and their challenges and are willing to put it together in a talk and share with you so tom thank you for being here this morning and really

looking forward to your talk and remember to talk into the might because we have an audience at home well thank you kathleen much appreciated and thank you for having me um thanks to everybody at b-sides the whole event crew everybody here has been amazing hope everybody is having a good time at b-sides this is such a great conference and i'm just really honored to be here this is actually my first time speaking at b-sides which is i know sounds a little weird besides vegas that is so i'm really happy to be here so before we get started i want to ask how many of you are current managers okay a large large amount how many of

you are new managers so like you just just got started okay all right we've got several ah okay excellent yeah because i was going to say that you know welcome to the world of spreadsheets meetings and email um yeah yeah so you know you know right well there's more to management than just spreadsheets i assure you but uh but welcome um and how many of you are kind of aspiring managers you want to be there one day tim i know you do of course right few of you okay awesome well don't run away scared right by some of the things i'm going to be talking about as you can see on the agenda here there's a lot of material

that i'm going to kind of cram into a 45 minute session that's why we're calling it kind of a one-on-one session but you know i want to take you kind of through my management journey and some of the things that i've learned over the years some of the failures i've made and also just some of the concepts that i've come to learn which hopefully you can take things uh take something out of this talk and then you can apply it in your daily job um so if you do me a favor think of like three things that you can take away as as i go through the presentation um and then think about how you can apply that when

you get back to your job when you get when you leave vegas so a little bit about me so my career journey started you know about 17 years ago after getting out of the military i served in the united states marine corps i was probably in the best time that you could be in the military so from 1993 to 1997 it was between the desert desert storms the desert wars so not a whole lot going on even though i was in infantry as well my recruiter lied to me so that's how i ended up in infantry had to meet the quota i guess but after i got military went to school started getting involved in i.t type

work so i started out on a help desk did vulnerability management i was the server guy i was running networks and servers and all of that and i was presented with an opportunity to join the very first infosec team i know i say infosec i'm saying that because i'm old right information security was before cyber security um and so i got the opportunity to start this department i was the first hire and i helped build an information security policy i got to do all kinds of things identity management i was exposed to things i had never been exposed to before and i got to coordinate our first pen test of the company and this was a

kind of medium-sized property management real estate company and let me tell you it was glorious right the company i hired owned everything like in 10 minutes and i loved it i loved every minute of it and of course my my manager at the time is like freaking out they can be oh my gosh they've got access to all this data we're so vulnerable and i'm just loving every minute of them like this is what i want to do i want to be a pen tester i want to be a hacker because this is this is great so i shadowed this this gentleman i learned everything i could just from what what tools are you working on are you using you know tell

me more about this and that was really kind of my catalyst into you know getting into pen testing and and of course staying technical so after that i ended up on uh at the time wasn't even called a red team it was an internal pen test team for a large bank in cleveland where i'm from and um i started doing things like physical security assessments and physical pen tests social engineering it was kind of in the golden age and i think uh chris nickerson if you know who he is he kind of coined the term tiger team he had that tv show where he was like stealing cars and all that fun stuff and and that's really was kind of

the at the the start of red teaming so i was kind of in the infancy of that which is pretty cool um and then one day i started uh i left the bank and i um was consulting and i i left the bank because those of you that worked in finance or a bank they're they're like dinosaurs right very slow moving takes a long time to fix and make changes to things so i went into consulting which was the complete opposite right you're seeing different networks different clients the good the bad the ugly it was very exciting until one day my manager at the time said hey i'm taking a new position within the firm

i'm going to head up like research and development and so that opens up a position in management and i said first thing i said was does it pay more money [Laughter] and he said to me no but we can change your title and i'm like okay great i'll i'll take it and in that kind of discussion with him i thought about like well do i really want to go into management when i'm a technical person i'm a pen tester i really like the technical aspect and he said well don't worry you could do both [Laughter] and i said all right great i'll do both and i did both for for a while for almost four years i was a principal

consultant still doing pen testing still doing consulting but also managing a team of pen testers eventually though i got to the point where i felt burnout i was getting burned out and i needed to make a change and so i left the consulting gig that i had i went to varicode and became a manager where they told me we don't want you doing any pen testing we just want you doing um you know management and so that was uh unfortunately the last time i did a pen test was those many years ago um and we'll talk about you know people ask me like do you miss it do you miss the technical aspects and i'll say

sometimes i do but management to me is actually a little bit more rewarding in a lot of ways and we'll talk about that too in this talk but um but throughout that those experiences have led me to bishop fox where i was a practice director and now an avp of consulting where i now deal with different things at the executive level so maybe one day i'll be doing a talk on executive and director level type stuff but um but yeah it's been a journey a great journey and i'm glad to share some of this with you today um and also i'm the founder and co-host of the shared security show so i've been doing that for 13 years not sure how i

found time to do all that but we're one of the longest running uh security podcasts so check it out if you're looking for something to uh listen to so this presentation is i really put this together to to make us better leaders and managers and i've kind of laid out three things you'll hear three themes uh in this talk and they're all about conversations and about communication so one how can we improve as managers amongst ourselves and as our peers right it's important to talk to each other about how ways we can be a better manager and this is one of the reasons is this talk we're here we're talking about it we're listening um and hopefully we're gonna

be better because of it the next one is having conversations with our teams so seeking feedback of how am i as your manager what type of feedback do you have for me how can i do my job better how can i help you that's one thing that we'll be talking about and then having more conversations with our teams about communication or i'm sorry about career conversations because that's something that i find that we forget about we get so busy in our day-to-day you know fight fighting fires and what's the next thing we need to talk about on our 101s and it's typically you know whatever the current fire is but what i'm saying is we need to take

take a step back and really start having more career conversations because our employees are asking for those they need our help they need our guidance and our coaching on how to take their careers to the next level so this is important and there was a really good talk yesterday wes shepard gave a talk on failing upwards which i highly recommend you check out uh it'll be on the youtube um and great talk but you're gonna fail your teams are gonna fail and that's okay i think we have to embrace failure at some point because that's how we learn that's how we get better and i've made lots of mistakes and lots of failures in my career and and

honestly early on i would get pretty upset with myself that you know especially with one thing i think a lot of hiring managers will understand if you make a bad hire if you hire somebody and you end up having to let them go say after a couple weeks in my case it was literally a couple days that i had to let somebody go that i hired that hurts that really stings and you kind of take it personally but over time i've kind of learned to just like not take those things so personally i'm human i make mistakes we all do but i look back and i think what did i learn from that experience and how

can i do my interviewing how can i do my hiring processes how can i do a better job and i will say that i think over the years i've done a better job of hiring people because of those failures and because of those those bad experiences so um but failure is really the way that we learn and improve so who's uh grace murray hopper fans here yes yes she's she's an incredible leader i love this quote from her you manage things you lead people a little little thing about grace murray hopper way back in 1947 she actually kind of her and her team coined the phrase debugging um and they actually found a moth that

was stuck in a relay which was stopping the operation of the computer and computers back then 1947. you can imagine it's like this entire room right um and then they took the moth out and they actually wrote a note that said first actual case of a bug being found i thought that was like really cool so back in the 40s but what i like about her is that she's absolutely a technical powerhouse right back she she's she's done so many things for the industry but she's also an amazing leader she's an admiral in the us navy right she's managing people large teams of people and so that's a little thing i like to call out about her that inspires me as

someone that's been technical and now moving into management and managing large teams so hopefully she's someone that can also inspire you as well so let's talk about the problem with management um first thing i'll say is it's it's definitely the hardest and most challenging job that i've ever had um because of all the things that have to deal with especially with people but it's also the most rewarding job that i've had i thought getting you know 50 shells on my screen from you know popping boxes and accessing sensitive data that's a huge rush but it's more of a rush in my opinion of seeing my team do amazing things seeing them grow their careers seeing them challenge and doing stuff

that they told me there's no way i can do this there's no way i'm capable of doing these things and they do it and you watch them do it or you help coach them through that and that is an experience that i don't think i could ever replace it's absolutely amazing the other thing about technical teams is that it can be a little bit different because i think as pen testers and hackers there's definitely the introverse verts for the versus the extroverts breakers versus fixers right we've got communicators and non-communicators you know pen testers and security consultants are an interesting bunch so sometimes you have to adapt your leadership style to those different personality types and we'll talk about

personality types in a little bit but coming from a technical background jumping into management it can be very challenging and very difficult and so we'll share i'll show you some of the stories around that here coming up so do we all know the difference between a boss and a leader so a boss is i'd say more on the negative side of things right and i kind of put together just some some differentiators just so you can see but a boss really is about driving employees right and a leader is more about coaching and we'll talk more about coaching a little bit um but i did want to call out one thing in this um who has ever had a manager take uh

credit for work that you did isn't that the worst absolute backstabbing thing anybody could do to you i've had it happen to me too and it's absolutely awful um so i take i kind of look at these these uh these differences you know a boss uses people they take credits but a leader develops people and gives credit and i think that's the one thing to take away from like this slide and just think about the bosses and the managers you on that bosses maybe bosses you've had in the past we all remember the good ones but we also remember the bad ones that um that maybe we even left an organization because we had a really bad manager

so what is your role as a leader and speaking of kind of bad bosses i know there's a funny movie about that too but how many of you had a micro manager oh another one that's really bad right just horrible i've had those two i've had i had one manager that hovered over me back when we were working in offices and you know make sure are you done yet are you done yet are you done yet and like stuff that drives you crazy um but we don't want to be micro managers right as a leader you're really there to guide and facilitate your employees you're not there to hover over them um and you know thinking about how often

we're talking to our direct reports so we'll talk about one-on-ones and the importance of that in a minute but we really need to be keep having those conversations uh about their jobs about their role and really encouraging them to do the best they can in their job and a lot of that comes down to setting the right expectations so i find that employees don't like to ask what's expected of me they want to hear from you typically so we'll talk about expectations in a little bit but i found some ways of how you can communicate those expectations a little bit better where you're not sounding maybe so forceful or you know like a dictator right but um there's

things that we can do to to help that um and then when we're talking about career conversations um it's true employees are responsible for their career they're responsible for managing that but you as a leader you're there to meet those goals help them meet their goals and coach them through that so um i i find this funny too is like i've got employees like that just won't say anything of like you asked them hey so what do you want to do for training or where do you want to take your career and they just say that they say well i'm not really sure so that's your job then is to encourage them like have you thought about this

have you thought about that have you thought about this and then they come back and say okay yeah i haven't thought about that that's what we mean by coaching you know giving them those ideas not telling them but giving them the encouragement so setting expectations so this is probably one of the most important aspects of managing in my opinion um and i asked too like all of you if you ever had managers that just never set any expectations with you right you're just kind of left to figure that out on your own and honestly it just never goes well because you don't know if you're doing the right thing or not because no one has told you otherwise

so um and this can also vary right so depending on your job title or level so i put in here you know different expectations for a senior member of the team versus junior team expectations will be a lot different so we have to communicate those expectations at all times because we don't want our employees trying to figure that out on their own it just never ends well so let's talk about respect so respect is interesting because it's one of those things that i you know when i like when i came to varicode and some people in the audience uh that were on that team probably know um you're coming into a brand new team you

don't know anybody and of course they're like who the heck is this guy like he's our new manager you know because you inherited all these people you don't know them they don't know you so you have to earn respect as a leader and that goes both ways so a lot of times we think as leaders like i'm going to do all these things to get their respect but employees need to do the same thing to you as well so i always say that respect goes both ways and a lot of that comes down to listening we'll talk about the art of listening here shortly and that's the first thing i did when i came to that team was

i wanted to hear about all the problems i wanted to hear about what's going on i didn't change anything i was there to listen and take that feedback and then you start talking about with the team about what you're going to do to make things better and all that so don't come in there like a bull in the china shop right just making all these changes they will not respect you if you do that so the art of listening this is something that has taken me quite a while and i still have to work at this because it's it's tough um but i think it's really important especially in a world of remotes where we're using

teams and zoom for everything still where like things like eye contact and body language you may not think are important but they still are even in a virtual world so one of the things i do is um with video chat so ever going to a meeting and nobody's got their video on but as soon as one person turns that video on a lot of people start doing the same thing it's like the lemming effect right um that's one technique i use i don't force people to put their cameras on but i really feel that it's valuable to at least have some kind of eye to eye contact with that other person when you're having those

conversations um put the camera literally like you know so you're looking into the camera um move your hands i mean those types of things i think are very important um in active listening so what we what do we mean by active listening so we're talking about clarifying what the other person just said so it tells the other person oh you are listening to me you understood what i just told you and the way you do that is by asking questions so your your direct report will say something like oh yeah i did this blah blah so what i heard you say was or you can say are you saying that or did you mean that and that clarifies that you

are indeed listening to them and you understand what they're saying and that goes a long way just by changing the conversation a bit but the general ground rule i found with with any conversation and this applies to not just the business world but your personal life in relationships and other things as well 90 of that conversation should be you listening um so you should be talking less and listening more and that's really hard um for a lot just a lot of reasons right so think about all your personal relationships and other things sometimes we just want to start talking and and we just inadvertently not that we're being malicious but sometimes it comes across like we don't care about what the

other person's saying when we really do but if you stop pause and just let them talk sometimes that's all you need to do to improve the relationship and and the conversation so this is a big one that i instill on all of my managers throughout my career that it took me a while to learn this but the the really the importance of the one-on-one meeting because this is really your only opportunity to connect with your team and you have to make these meetings a priority i've moved meetings canceled meetings this to me is one of the most important things that a manager can do to connect with their teams and this is where you need to talk about

things outside of work as well so these don't have to be like they don't have to be your best friend you have to like you know really connect with them but you do need to ask them personal questions like how are things going at you know with your family how your kids how are things at home because you know as well as i do personal problems and things going on at home will affect the the workplace they just do they've affected me i've needed time away for personal things everybody does so you have to ask those questions you have to show that you care about that person on a personal level because you do you're their leader that's what

they expect of you so definitely have those conversations um if you're still in an office i recommend going for a walk going get coffee they don't always have to be at your desk um virtual coffee i guess if you're using zoom and then if there's nothing on the agenda i mean just talk you can cut the meeting short if you need to but just check in and say hey how is everything going anything you want to talk about and then keep the meeting short but just the fact that you prioritize that for that employee goes a long way they may not say it but they really really appreciate that time with their boss i've talked to people that have said

that they've worked in organizations where they haven't talked to their their manager in months or weeks and and that's really scary so don't be one of those leaders where you're never talking to your teams um the last thing i'll say about one-on-ones is this is also where you have those career conversations so you can talk about hey so what you've been thinking about training or you know what do you think in the next couple years you want to do and or hey i saw that there's a an opening on in another department that you might be a good fit for you know these are the times to have those conversations and don't do it during like the annual review or the

mid-year review i mean you could certainly do that but you should be doing that outside of those those times as well so the skip level so for those of you that are managing managers or you have a manager in between this is something that i also recommend doing and i personally like to see more executives doing this type of thing this means to skip over somebody's manager and it's that opportunity to find out what's really going on the ground so those of you that know uh general james mattis he's the former secretary of defense uh four-star marine general in afghanistan iraq incredible leader um he had a book called uh callsign chaos which is a great read but he talked

about how he would talk to the junior um the the junior ranks the lance corporals the privates um quite frequently asking them questions how are things going how are you feeling um and this is a four-star general like this guy is busy right i mean he's got things to do but he took the time to meet with the juniors the junior people to really find out what's going on and um and since i've been doing this especially in a director and an executive position i've actually found out things that my managers didn't even know like i had a case of like you know a bunch of people were having laptop issues like they weren't telling

anybody that we had this patch that was rolled out and nobody knew um but they told me and i was able to fix it and i wouldn't have known that and my managers probably were oblivious to it but because i had that skip level i found that out so um the last thing i'll say about this too is set expectations on why you're meeting with them because sometimes when they get an invite from you know somebody higher up they're like oh i'm in trouble what did i do the executive or director wants to meet with me uh um but literally put a sentence like hey i just want to meet with you see how things are going you know you're not in

trouble it's cool but set that expectation with them it really means a lot so what makes a great team let's talk about these four things these are four areas that i found in my career that make a incredible team and the first is diversity so this has been proven there's tons of studies you could probably google and find on this but diverse teams are the best teams they really are for lots of reasons but mainly because different backgrounds different cultures varied personalities and different skills brings a whole lot to the holistic team to solve problems to work on things together um it really is is the best i i've i've been honored to be worked working with so many

diverse teams in my career and i can tell you that all of them have eventually been high performing teams and i really believe it's because of the diversity that we had on that team one one thing that's interesting i'll share a quick story and some of you that have worked on this team may realize um we were very open about things like politics and i know politics is a big hot button and other things going on in the world and so we had a chat you know going on just talking about world events and things like that and i found it amazing that despite political differences and different opinions everybody could come together and have respect for everybody

else's views and i thought that was really really cool of course we had ground rules right like be respectful you know be kind all these things but um it amazed me that this team very diverse team could still talk and i and i thought to myself like could we why can't we do this in the real world right like with politicians and why can't people come together and and i really believe that's because of the diversity and the respect that everybody on this team had with one another it was really amazing to see so challenge so your team members have to be challenged and they may not ask you to be challenged but what they're

but they're they're secretly knowing they're secretly saying they do want to be challenged so i think it's kind of a myth that you get quiet more introverted people that say i just want to do my job like i don't want to do anything else and i found that they actually want to be challenged but no one has actually challenged them in the past they probably never had a manager or a leader that said hey you know i want you to do this project because i think you can do it i know you don't think you can but i know you can um and so i've always challenged individuals that were more on the introverted side and kind of brought

them out of their shell and and they appreciated that i had people thank me it's like hey thanks for putting on that project i really like that um i learned a ton and can i do another one right um and this is coming from introverted people um but you want to kind of divvy things up in terms of like giving people work that's different work that pushes their limits um and of course work that has a purpose like we all want to do a job that has a purpose it's really important to our our human well-being and then communication right big theme about this this talk is communication and and communication is really consistent it has to be consistent it

has to go both ways so it can't be one way right can't be all you communicating your team has to communicate back to you as well it has to be there has to be feedback around that communication lessons learned and follow-up is really important um you know i've seen you know communication go really good and really bad and i think a good example of that is like data breach notifications right it's the good and the bad and the ugly um so if you want to see like you know how a company responds to a data breach you do you know hopefully you're you're in full disclosure and you're responding you're talking about what really happened and

all those things but there are some companies that don't say anything or they don't do anything until later so keeping that in mind just for how you communicate with your team uh can go a long way and respect i mentioned respect already but this is also i think one of the more most important aspects of a great team and i think respect starts with empathy as well we'll talk about empathy in a minute but this is empathy for your team members and making sure that they have empathy with each other as well um and so that's part of building that culture within your team um and so that also includes kindness as well um you know i think we

all would say we have a no rule right on the team of like who we hire but we need people to be kind and we also need people to be self-aware of of who they are what they're bringing to the table how they respond to angry customers angry employees from other departments all of that is is about generating respect um and i like this quote it's it's really like a mirror so the more you show it to others the more that they will show it to you so i wanted to quickly talk about a team charter and there's lots of information on the internet about team charters and you can do them in different ways i've got a

link at the end that you can uh check out if you're looking for like kind of a template like a general template for a team charter but i really find a lot of value in this because it kind of levels the playing field in terms of making sure everybody is on the same page on your team so it defines the mission of vision for your team like what are we doing what is the purpose of our work what are our goals what are we trying to accomplish because you'd be surprised a lot of people they don't know they know they're doing a job but they don't know why they're doing that job so as leaders

we're here to define that for them and and set them in the right direction right um it also outlines expectations so outlining what's the expectation of your role so like in my world what's the expectation of a senior consultant compared to a consultant three there's very different expectations but that those are not communicated and documented they're again left to figure that out for themselves and that never ends well the other thing i'll mention about a team charter it's a living document it's not meant to be set in stone it's not meant to be you know this is this is it this is and we're never changing it um i actually revise mine every couple months

um six months what i recommend twice a year is good um and you meet with the team meet with your leaders and talk about like what's working what's not and where do we need to make changes but i found this is a great way to just put everybody on the same page so just some examples and i'll just take bishop fox as an example um what do we mean by like a mission statement and a vision statement so for bishop fox mission so it's defending forward to safeguard our digital world it's very straightforward very simple easy to understand these things don't have to be complex i know there's some companies out there that put a lot of time and marketing

effort into that vision that mission and vision statement there's tons out there you could probably google but make it very simple you know why are we here what is it that we're doing and then the vision so to be the most advanced admirer defensive cyber operations team and then for your own team so if you're in a smaller team or a department break that down into what what are you trying to do so in my area of the business it's to have the best defensive security offerings in the industry it's very clear concise and sets everybody in the same path that's all it needs to be so here's an example just some rules and responsibilities and at least how i've

done it over the years um so this is defining and setting uh expectations for each role within your team and what i've done is i've broken those out into very specific categories so some of those categories could be you know professional development communication mentoring business development just depends on your business and and what categories of those roles that you're trying to define and that's really going to vary on your business but you need to document it and you need to communicate it so don't leave this like on your desktop or you know somewhere where nobody can find it i recommend using like an internal internet or a wiki or some other place that everybody can see it it's pinned

everybody understands where it's at and then it's updated so it's very important to also reference this in your one-on-ones so when someone is thinking about hey how do i get promoted to be a senior consultant as an example i show them this we talk about it and now they have clear expectations of okay so i need to be working towards this role and doing these things and showing you know that i'm capable of being promoted into this role it makes it really clear right because it's documented and it's understood so let's jump into hiring what a great conversation right we love hiring because you know there's so many jobs we need to fill right in this industry not

enough people i know there's a lot of debate about that um some people say it's more about lack of skills versus lack of people and you know we won't have that debate here but um we need to ask ourselves like who do we hire and how do we hire correctly or at least as best as we can so we're making the best decisions uh on who's we're bringing on to our team um and a lot of this comes down to you know looking at who you have on your team looking at their skills looking at yourself and you know what are my weaknesses like what do i what do i need to fill in maybe what are some things i

don't do as well as i should and where could i bring someone in to help with that so i'm not sure if anyone knows or heard of sarah blakely um yes yeah sarah blakely is awesome she founded spanx which is actually a billion dollar business now i definitely recommend you like kind of reading more about her because she has an incredible background with she had tons of failures in her career she had lots of experiences that set her back but she could overcome a lot all those and a lot of it was because of the people she hired and the people that she surrounded herself with so she's very inspiring from that and uh really is an

example of of hiring for your weakness and something we should all think about too so with that it kind of leads us into emotional intelligence and one of the arguments that maybe not really arguments but i've had with uh some other leaders is um should we prioritize emotional intelligence over technical ability that's a good debate right because we need people with technical skills to do the technical jobs but we also need those people to have well people skills right they need to be able to communicate they need to have empathy they need to know you know they're not going to get angry at every little thing right they had to have self-control all those things so in my

eyes i kind of value eq a little bit over technical skills because i look at technical skills you're coming in the door with those and those can probably learn and adapted and that's great but i'll value the the eq a little bit more and it's something that i focus more on during my interviews that tells me a lot about a person and if they're capable of doing the job and doing the work even from a technical ability because of those those people skills they're still very important um the other thing you'll find about um emotional intelligence is it actually increases with experience so as you kind of grow your career as a leader you'll kind of find that you'll be more

empathetic you'll develop better social skills i found that myself especially with empathy that was something very hard for me early on in my career and now i can say that i'm doing it much more i'm doing a lot better than i used to because it's something that can be learned and improved on so you may think like you don't have a lot of self-awareness as an example right now but that can change if you put some effort and time into it so let's talk about self-awareness so this is about recognizing how our emotions affect our performance so uh you know do you let your emotions get the better of you right do you get angry

and then kind of freak out and then need to go away and you know think about what you just did right go into the corner right you've done something bad but think about your team do they know their limits and their abilities this is hard right everybody has a different level of self-awareness so we have to think about that and we have to coach our team through that as well one thing i know we talk about a lot about on our teams is burnout how do you know when you're burned out yourself but also how do you know and identify when one of your employees is burned out and a lot of that again is about asking

questions right don't assume that your employee is going to come to you and say i'm burned out i need time off i need to do something different nine out of 10 times they're not going to say that to you it's you that has to ask that question you have to phrase it in a way where you're coming across with kindness with caring and really understanding you know where they're at so there's some things that we could think about when you consider burnouts and some identifiers of that but it really comes down to asking questions self-regulation so this is about uh controlling or redirecting one's disruptive impulses so especially in a professional setting so have anybody

ever seen someone completely freak out on the job and start yelling screaming just totally unprofessional behavior i've seen it on like conference calls i remember this one conference call i was on where a customer literally started swearing at a sales person and just going completely off and the sales person was just like i'm sorry but that is inappropriate i'm pretty offended by this you know i think you should give me an apology and the customer is like i'm sorry you're right i freaked out i'm sorry i didn't mean to swear at you but those types of moments somebody has lost self-control and for whatever reason and so we have to think about that of could our own

team members do that right um and so one thing i want to mention too is like change who likes change some people thrive on change but most of us as humans hate change right that's just in our nature we don't like change well guess what when changes happen in the organization you and your team members are going to go through change as well and so there's some techniques that you can do to kind of help help your employees through that change one thing i recommend is this change cycle i had some training on this a couple years ago and i thought it was amazing so you know thinking about lost doubt discomfort discovery understanding and integration those are the stages

that everybody goes through with any kind of change personal business whatever it is but check that out and think about how your team and you handle change in your organization social skill so this is about managing relationships so how do your team communicate and interact with others can they influence and persuade in a positive way right maybe not social engineering for manipulation but actually persuading people so this is a skill that people can learn do they delegate do they support others on the team this is all about social skill this is another one where i think introverts kind of get a bad rap here just because someone is quiet or a little more introverted doesn't mean

they have no social skills um you know sometimes they just need a little bit of push sometimes they just need communicated to and talk to and uh and they'll start communicating so and this is the big one i think empathy this is something that we all struggle with at some at some level but how often do you put yourself in somebody else's shoes do your employees take an active interest in the concerns of their other teammates their other employees others outside of your team i know in the consulting world there's kind of a you know oh the sales people we don't like talking to them we don't want to be part of sales right and so and some of

that comes from lack of empathy we don't really understand their job we don't understand what they do maybe we didn't even take the time to ask or understand their job so we need to think about that of like how can we have more empathy with each other and that can make a huge difference but it's hard it's something that everybody needs to work on and frankly i think that lack of empathy is a huge problem in the world in general and it's probably a big reason why we have so many issues going on with politics and all these other things because of that lack of empathy and we need to change that motivation so we're going to talk about

motivators here in the next couple slides but um this is important right so being driven to achieve for the sake of achievement right um i like this uh this motivational poster right work harder or will fire you i like the motivational ones better yeah definitely um but when hiring people we have to ask and think about what's going to motivate them and i will tell you that it's not always about money that's always the first thing people say it was like we'll just pay you more we'll give you a big bonus and that's all you're going to need well people want a lot more than just money and it comes down to what motivates them and

we'll talk about some different ways that people like to be motivated that hopefully you can look at back at your team on your teams and help them get motivated so talking about interviewing so um i wanted to share a couple of my favorite questions that i like to ask to kind of call out eq and see what level they're at in terms of their their level of eq and this starts with things like asking what their what's their passion so how do you define success um define an environment which you would not thrive in that's always a good one right and usually they'll talk about like maybe their current environment or their current job role and ask them we'll talk

more about that you know what would you like to see in this new role what are you most proud of i love that question and a lot of times it doesn't have anything to do with work it's like you know i'm most proud of my kids or i'm most proud of i got this trophy when i was on this baseball team i mean like it could be anything but it gets them talking and you really get to understand a person and their personality by just asking questions like that but my favorite question of all is kind of a twist on the you know what's your weakness question because everybody hates that right what's my weakness oh

yeah well ask this next time is what's the biggest misperception that people have of you and every time i ask that question they'll say that's interesting i haven't thought about that and you will get some very creative answers to that that kind of pull out some weakness right but also gives them a chance to really think about how they're going to answer that question so it's not a trick question it's not the met to stump them or anything but really meant to get them to think and i always love the answers that i get from that question so old macdonald had a farm e-i-e-i-o right yes um i will not quit my day job being a

singer but old macdonald had a farm this is an acronym that you can use um which stands for e is energy and enthusiasm so thinking about these things when you're doing the interview are they passionate excited energized about your work i mean there's no the worst interviews in the world or when someone comes in just like they look bored they don't want to be there i think we've all experienced that you want someone that's energized ready to go they're excited about the job that's the first thing you look for intelligence are they smart you can usually figure this out pretty quickly just in like five minutes of a conversation you're not giving them a test right of course

there may be things they'll be doing on a technical aptitude test or they're doing like a mini pen test in our world or something like that the show technical skill but you want to look for intelligent right do they know what they're talking about is is the bottom line experience have they been in similar roles what have they learned so ask them questions like what'd you learn in your next role how is that role going to help you in this role and seeing how they answer integrity this is an absolute requirement if you have a candidate that doesn't show integrity is either you catch them lying you catch them cheating it's an instant no right you cannot have

people with a lack of integrity on your team and then organizational fit so this is about culture so everybody should hopefully know the the culture of your organization um and are they gonna fit um personality wise it's really important you don't want to bring someone in there that's gonna just like a bull in the china shop gonna start you know wrecking havoc you've got to keep that culture so we have to keep that together so the other thing i'll mention here pretty quickly is this thing called the 20 60 20 rule has anyone heard of this before this is this is a pretty cool technique to kind of identify where your team is at so for example

the top 20 drive 80 of the results which is your positives and the bottom 20 fall under two categories of negatives so they're either skill based issues or there's attitude behavior issues but 60 percent make up most of your staff and so we'll talk about in a minute here about where you need to spend your time in terms of your team so the top 20 they're already self-motivated you probably know who these people are in your team they're your high performers um you should you know you still need to spend time with them um but not as much as you would expect because they're already doing the job that you want them to do and more

you should spend the least amount of time with the bottom 20 and we'll get to why in a minute but that's the least effective of your time but the best use of your time is to spend time on that middle 60 because they have the most potential they can grow into that top 20 and really makes up the bulk of your team so how do you identify the top 20 well like i said these your your stars you know who they are they're self-motivated they're always coming to you with you know situations that they want to be involved with they're solving problems they're just on it right they know what they're doing you love hanging on the

team you can give them any project they excel at it and these are the people that we obviously want to keep around right they're your high performers the middle 60 these are your kind of good loyal workers right um they just need to know they're doing a good job they need sometimes a little bit more feedback um they're more of your followers than your leaders in an organization and that's totally okay sometimes they avoid taking risks and they just want to play by the rules what's interesting about the middle 60 is that they're kind of torn between following the top 20 and listening to the bottom 20. so we'll talk about that in a second

so your bottom 20. this should be pretty clear as well right they're the ones questioning authority they complain about the company and and what the company is doing um they enjoy playing the victim right um and they have really just a poor attitude about everything um and then they're just difficult to engage in in in dialogue um what i find interesting about this is that they're sometimes these are the high performers that have a bad attitude um and these are the ones that kind of become i'll call it a cancer here in the next slide but in your organization um and they kind of need to be removed eventually if they don't change so what you do at the top 20 so you

challenge them give them interesting assignments um reward learning and encouragement and then these are great for mentorships right pair them with other high performers in the company company executives even pair them with people from outside the organization what do you do with the middle 60 so these are the backbone of your team so you want to create an environment you know where they feel valued you're rewarding them for learning um and again thinking about mentorship you know pair them with other high performers as well maybe some of your top 20 and see how they can be developed bottom 20 they can be a cancer right they need to be removed if they don't change i kind of go with the three

strike rule right you give them three chances to improve come to you with solutions or they're out right um unfortunately people in the bottom 20 just negatively influence the organization we've all had them um in fact we had a few individuals that we've had to let go i've had other people in the team actually thank me like we're glad so-and-so is no longer here because there's such a drain on our energy and they're so negative and really brought the team down so consider all that when you're looking at your team so real quick i know we only got a couple minutes left here so i'll talk about motivation so what motivates the team there's different types of

motivators so there's intrinsic and extrinsic motivators and we all fall into these categories so these are uh intrisnik means you know you like belonging you have a curiosity you love what you're doing you're not necessarily looking for rewards like money or badges or other types of things but on the other side some people like that some people like badges some people like fear of punishment right that's why those burn boot camps and other things are very popular because some people like getting yelled at to lose weight right that's just something of a motivator to them so we kind of have to put our team into these two different categories and think about how do they

like being motivated and the way to do this is just to ask them how do you like being motivated is it money is it rewards is it public thanks ask them those questions um i will talk a little about this because i know we're running out of time but mccullen's human motivation theory is something that's pretty cool um that you can find more about but everybody falls into these three categories you're either achievement affiliation and power and you have a dominant category with like kind of a sub category but this is something you can check out and i found a lot of value in it and how i categorize my team in terms of who's a

high achiever versus who's more power hungry and those types of things personality types so i'm a big proponent of multiple personality tests so we've all heard of the enneagram the myers-briggs disc my favorite though is the process communication model which is something used by nasa to to figure out the personality types of astronauts and astronauts obviously have to be of a certain personality type if you're going to space which is kind of neat so the thing i'll say on personality types is just remember that there is no one good personality test i would say take multiple of them and they all have an aspect of who you are that's what i'll say about that so no matter

take the different tests and you'll find out you know the type of person that you are lastly communication um the one thing i'll mention about this is always create an agenda for meetings hopefully all of you are thinking about that because i hate it when i get a meeting a meeting invite and there's no agenda like why am i here um what you know what am i doing right so as a leader always create a meeting agenda encourage your team to do the same and one thing i'll mention the last thing i'll mention about communication is well it takes seven times to get people to remember something so if you're not getting questions about what you just said then they probably

didn't understand you and you probably didn't communicate it correctly so over communication if you can is really important coaching so let's jump right to we all know as a good coach but asking questions right so when you're in a coaching session um you want to focus on questions of inquiry and curiosity so what could you have done differently what well or worked tell me more about that help me understand those are all phrases that you can use in a coaching session but first start with your observations invite their response to reactions don't interrupt always listen when you're coaching and then share your personal thoughts and reactions and then you work together on the solution that's the most

important thing and then summarize right so sometimes that's in an email of hey this is what we talked about this is maybe a goal that we set for something to be accomplished and you have it on record right so an email follow-up is really important in any type of coaching session and just want to touch on career development so i talked about career conversations early on but this is important right so we have to have these conversations to help develop our our team's skills and where they want to go in their careers but it's not about like completing forms like in an annual review these are about quality conversations we're having about about career so we want to explore

possibilities and opportunities with our teams we want to get responses from them and we want to help and guide them through that but like i mentioned before employees really have to own that conversation but you need to guide them because a lot of times they're not going to tell you of like this is what i want to do in my career so you as a leader need to identify that for them so just to conclude hopefully we're right on time here um you know be very clear about your expectations like i said spend more time listening versus talking look for emotional intelligence in your hires prioritize one-on-one meetings apply that 2060 rule that i mentioned

understand your team members talk to them work on your own communication style and who you are and just let your team do great things right they're going to do great things if you're a great leader and you're inspiring them they're going to do awesome things so here's a couple things just to finish up a couple books i recommend especially for new managers this book called the making of a manager i highly recommend if you're just getting into management existing managers hopefully you've heard of the five dysfunctions of a team this is a great book as well and then one thing around career conversations is help them grow or watch them go great title um also a very good book on how to

have better career conversations and just some other links and i will post this by the way um if you follow me on twitter agent0x0 i'll post this for you and i don't know if we have time for questions probably not but i apologize we have to keep on uh thank you tom you're welcome i'll be around so if you want to talk uh ask questions feel free to come up thanks everyone

[Music]

do [Music]

[Music]

[Music] do [Music]

both thank you for coming for the continuation of day two of higher ground i'm kathleen smith yes it's kathleen on twitter i'm the lead and creator of higher ground because we wanted to create a safe and valuable space for people in the community to learn about their careers get advice get feedback be able to have beneficial conversations rather than being hounded by a recruiter in the afternoons we do career coaching and resume reviewing resume reviewing is done by recruiters that i trust and vet that are part of the community and then career coaches who have had more than 10 to 15 years experience and have had a varied career so that we know that they can provide

you advice as far as different challenges that you've had or if you wanted to switch around from one industry to the next i'm really excited to have phil with us this morning i've always seen him presenting at other conferences and i finally got up enough for you know gumption to ask him to submit a talk because i can't pick i have to just ask people to submit just so you know we are recording this so phil's going to have to stay really close to the mic but also you don't need to take screenshots of what he's going to present because you can just go back and watch it on youtube later so with that phil thanks for coming and joining us

here thank you thanks for having me thanks everyone for joining today and uh thanks to kathy for uh in uh recommending me submit a talk here so this is a this is awesome village for me because uh one of the things i love doing is helping other people a few years ago you know i've always been a competitive person i used to compete in powerlifting and i worked in a jewelry store before selling jewelry and always wanted to sell the most although you know whenever i was 15 i got shot and the bullet pumped through my heart and i actually almost died from it but the thing i was worried about was laying on the ground before the ambulance got

there is that my 250 pound bench press would be passed up by my classmates so i've always been super competitive and you know in the industry you know you always try to be competitive too it when you get to be almost 60 years old it's hard to keep up with the younger people it's easier to stay up to three five a.m in the morning learning where as you get older it gets more difficult you need more sleep to recuperate and one of the things i started thinking about is that to play towards my strengths is i was a lot better mentoring coach than i was a pen tester although i did well as pin testing but

i'm patient i like helping people i'm a pretty decent listener so that's what drew me to to that area so it's an honor to be here and this is actually the perfect village for me to be speaking at so for those of you that don't know me i'm phillip wiley i have my cissp oscp and sans web app pen testing certifications so my current role as manager of tech evangelism and enablement is psychognato so speaking is part of my job doing webinars podcasts going to conferences as well as education internally because our product does some of the things that pen testing does and security assessments do but to be able to explain to our sales people

how those items work so it was a good good fit for me so i've been in uh offensive security for a little over 10 years a total of 18 and a half years in cyber security prior to that i was uh assist admin for a little over six years and so i used to teach ethical hacking and web app pen testing at dallas college and really that's what all get really got me started in speaking at conferences because my book the pentester blueprint came from a class lecture which got turned into a conference talk and eventually a book so also run a couple different groups the palm school project and defcon 940 in denton texas

uh i'm the concept creator and co-author of the pentester blueprint and i host a podcast called the hacker factory podcast on itsp magazine so if you're interested in hearing some inspiring stories and advice from others it's a good good platform we've had dave kennedy alyssa knight but the interesting thing is is the people just got into the industry industry those are the ones that usually uh interest people the most and so i'd like to share this slide of how i got into to uh pin testing because when i graduated high school in 1984 i was a power lifter you know and just you know your stereotypical uh you know meat head power lifter you know

all bronze no brains and i didn't think it ever be you know using my mind for a living so i like to share this because some people have imposter syndrome or lack of confidence and don't think they can do it and you can if i went from being a pro wrestler to being a pen tester you can do it too if you're passionate about it and want to learn that's great some people are gifted and they learn it well but really the people that have the the passion the desire and persistence they'll outperform the people that are gifted because they're putting in the time they like what they're doing so i started out as a pro wrestler

needed a more stable career i'd worked putting up fences worked in retail sales was a bouncer in a nightclub did all sorts of jobs back then physical security and other things i really liked and i really couldn't keep a job or work in a place long because i didn't enjoy what i was doing i was working at a jewelry store and the the family that owned the joy store they were starting a new chain and they wanted me to be an assistant manager there but the manager of the store had someone else he liked better and i kind of learned at that point i got to get some skills and it's got to be based on something although you get

in the industry there can be some politics but you know when you're working retail sales and working in restaurants a lot of times your promotions and stuff are based on whether the manager likes you and so forth so i went to a trade school and learned autocad did that for a while and before that i had no computer experience and i found they had more of a knack for the computer side of things so i taught myself how to build computers got nobel network certified and then got a course got a my first job contracting for a company doing server and uh workstation rollouts so during that sysadmin period of my career i found out about uh

information security so i moved into the security team at the mortgage company i worked for started out doing network security also some security assessments and risk assessments and then we had a new cso come into the company and he set up an apsec team he had more of a modern view of the way companies were doing things so i got to move over the appsec team and that's where i found out about pen testing i was managing third party pen tests that we have consultants come in and do as well as doing some vulnerability scanning i got to go to some vendor demos of web inspect the web application vulnerability scanner and it really got

me interested and so in 2012 i got laid off and i went to work as a pen tester the one thing that helped me an advice i like to share is if you don't have all the experience everything needed still apply because what got me the job was i was talking to the hiring manager i'd run vulnerability scanners i worked in security i had a system in background had some some base level knowledge i didn't have the hacking piece i'd never performed a pen test but he saw that i had a home lab and i was teaching myself i taught myself how to do web design i hosted a web server at home with my clients

websites set up sendmel for my mail transfer agent and hosted among dns so i got this experience so he saw that i like to build things and learn on my own and so that helped me get the job because there really wasn't i really wasn't qualified the guy took it took a risk on me and when i got into that i had to to learn how to do pen testing so i took the oscp where i gained my hacking skills so if you want to do this apply for it i've had students that come in really uh ambitious the first day of class saying yeah i want to be a good pen tester as you but i want

to do it in a shorter period of time so yeah you put in the more time and effort you put in there you can get in there as quick as you want to second week into the class he comes up and say hey do i have to read the textbook if i want to be a pentester so i said well if you need to spend more times in labs learn the hands-on piece because that's important and then he turned around at the end of the semester he got an internship as a pen tester and he was like the last one in the class that i thought would get it but just from his uh motivation and passion he was able to

get the job so don't let thinking you don't have all the skills uh you know let it pass you by on a job because you know you apply so many times and maybe you apply that one time the first time without the skills maybe you wait five or six years and unless you're you know applying you're not going to get the job so i highly recommend doing that there's so many jobs out there needed and sometimes your background kind of resonates with that hiring manager so if you're a assist admin or you worked on help desk they can kind of relate and sometimes that'll help you get fired let me get hard enough that's a different talk

so uh just kind of cover some some basics here so what is pen testing so pen testing is assessing security from an adversarial perspective the same way a threat actor would use using the same tools and techniques that they would use uh and pen testing is also the shorter version of penetration tester and it's also known as ethical hacking and sometimes it's easier to explain people ethical hacking although you would tell some people sometimes i'm an ethical hacker and they'll ask you is there really such a thing as ethical hacker they don't they don't realize that you can do that i mean it's like having lock picking skills you can do that for good or bad but

pen testing or hacking seems to get kind of a bad rep so as far as getting the experience you know you need the knowledge but you need the experience with the tools so taking some different online courses like try hack me the hack the box uh you know different ctfs and stuff learning how to use the vulnerability scanners like the oscp certification i don't i don't know if they've updated that where you can use vulnerability scanners but they don't let you but in real world you're using vulnerability scanners so knowing how to use those tools so using vulnerability scanners you can download a 16 ip version of nessus which is widely used in pen testing you can

download that and you can scan 16 ip addresses so you could do pen tests for small companies your home lab environment and 16 ips is a pretty good amount of ips to to learn how to use nessus so get through there and get that experience with that and also learn the different uh pen testing linux distributions like kali linux imperatos and you can even build your own using ubuntu and install the tools but one of the things i'll say is when you're using one of these pre-built distros it's easier to install the tools because sometimes they do some tweaks to get tools to work so if you're trying to install something on ubuntu there may be

some uh all sorts of missing python type items in there like pip pip add-ons to python to be able to stall with that you have to do all that so sometimes it's easier and faster to use cali and impair it and then pin testing tools nmap is one of the most widely used tools you'll use as a pen tester because there's even nmap scripting engine scripts that will perform vulnerability scanning whenever i perform a pen test the first tool i use to verify findings is nmap because there's different in-map scripting engines scripts that you can go through there and validate certain findings so if you go through a search for that you can find that so you need to when you're

performing a pen test you do vulnerability scanning you use other tools to detect vulnerabilities but you have to validate those findings and so that's where nmap comes into play and you can also do manual pen testing with nmap so there's like a volume script that's just vuln that you can use in your nmap scripting engine syntax when you're on your nmap scans you can find some of these vulnerabilities and so understanding how to use nmap is very important and then metasploit is a very popular exploit tool they have a free version whereas a lot of the other exploitation tools like core impact and some of those other tools they don't have a free version so

metasploit is widely used and you can do pretty much everything with that you can with metasploit professional when i worked in organizations where we had metasploit pro i would stick with uh metasploit framework since i was used to the command line so understanding how to use those tools you can download metasploitable there's several different versions of that metasploitable two and three are some of the best versions but the good thing about metasploitable you're they created those those uh vms originally so you could test metasploit against it and some companies will do that also for their vulnerability scanners they'll either have a vulnerable website online or vulnerable vms you can download to practice using their tool

and the metasploitable vms they give you enough vulnerabilities that are exploitable that would be equal to uh numerous you know several different vms on your system that are vulnerable so it takes up less disk space and there are exploitable items on there that you can use and you can find some walk-throughs to learn how to exploit those vulnerabilities and there's a lot of other different tools within cali linux that are very helpful so as far as commercial tools just to kind of learn this on your own you've got burp suite community it doesn't do some of the things but you got a wasps app so you can use that so there's a lot of functionality you can

get out of these free tools that you don't have to have the paid tool to learn those skills to get into the industry and so also learning the web app pen testing tools like burp suite a wasps app and web application vulnerability scanners and one of the things too is i really focus on if you're wanting to get into pen testing is really work on the web app pen testing stuff because there's bug boundaries out there that's an easier way to get real world experience and with that experience and help you get a pen testing job because you're able to describe how you found vulnerabilities even exploit them during an interview back in 2020 i was looking for a new pen

testing job and i interviewed with a very famous boutique pen testing firm and the hiring manager was telling me that we have an easy time finding web app pen testers because people are participating in bug bounties they're able to get that experience there's not that much opportunity when it comes to network pen testing that you're able to find these opportunities some bug bounties will have that but you don't see that as often they usually have the things that are you know that you can test from the internet so that makes it easier for them to test so understanding the web app contesting piece so the pen testing skills it's good to understand some networking you

don't have to be a ccna but to be able to set up your ip information within your pen testing distribution you know if it's an environment that doesn't have dhcp be able to know how to statically assign or an ip address to your your system be able to understand routing and subnetting enough so if you see an environment you're going to understand different subnets whether you're able to test from that that vlan or move to others so you don't have to be a guru in networking but you need to know some of it and then operating systems you want to understand operating systems like an assist admin level because if you get a shell to a system

if you know linux you're able to do things on that system to shut down services do further testing if you understand windows and know the right commands you may be able to shut down a firewall so understanding that from a sysadmin level is works out great and one thing i'm saying now if you're starting from you're just getting started you don't have that experience don't let it overwhelm you and say i'm not going to be able to learn how to pen test i have all this stuff to learn learn it in parallel as you're learning windows you're learning windows how to install it learn how to secure it at the same time learn how to exploit windows as

you're going along so you don't have to wait and get through all this and then start the hacking piece kind of do it in parallel as you're going a lot longer so understanding the hacking and pen testing piece that's where i was at when i got my first pen testing job so uh platforms like hack the box and try hack me are really good i really like try hacking because it's very beginner friendly they've got some basic level stuff that you can go in there and learn and it advances and and and you gain uh more advanced skills you go along but at least it starts you at an easier level some some platforms like

defensive security when they came out they were more geared towards helping providing certification for people that were pen testing so you had to be at a certain level before you do that or there was a lot of study to prepare for that and so some of these they've gotten better with some of their prerequisite training materials for the oscp but things like try hack me is very cheap and they've got some free room so that's a good place to get those hacking skills and reverse engineering is a good skill to have you know if you find like an android apk file on a network while you're doing a pen test it may have some some credentials that are contained in

there hard-coded credentials so maybe they give out the apk you're able to authenticate and you gain access to the system so look for those hard-coded credentials any kind of database information how to connect to databases and java files java jar files could be reverse engineered defined default credentials database information other things helpful on a pen test so reverse engineering is not as complicated as it sounds you know understandable basics of coding just looking even viewing the source of a web page looking for maybe some uh hard-coded credentials database connection information sometimes in the html hidden field sometimes there's good information there that you can find coding is and scripting can be uh this is kind of not a required

to get started but as you advance your career you may want to do that because if you're able to write your own tools and scripts once you get to that advanced level it's going to help you progress in your career but when you're starting out you don't have to do it i see a lot of people that they want to become a pen tester but they're going to learn python first now start learning and you can learn python along the way and then also like mobile and device hardware if you're someone that really understands that that may be a place for you to get into but understanding uh mobile devices you know especially how some of the applications work because uh

the applications for mobile devices ios and android are need to be pen tested and some bug bounties actually include those as well and one of the things is too is there's less talent in the mobile testing space because a lot of things were kind of slow for people that are in the field that maybe they were you know started out pen testing and they totally didn't train on cloud or some of these other devices mobile testing they have to go back and do it later so sometimes these newer technologies that are not so new now maybe like cloud and mobile learn that because a lot of the experienced professionals don't have skills in that area i mean i've worked on 15 people uh

pen testing teams at a bank and there was only like maybe two or three of us and you have to do mobile pen testing and sometimes it's not always that's up to you to learn on your own and sometimes you don't get the opportunity to do that in organizations but so if you're really trying to break in learn that some of the upcoming technologies or some things that are really hot now is api knowing how to api pen test because it's another one that's there's not as many skills at that as well as even getting into some of the the web 3 stuff some of the blockchain pen testing and stuff uh beau bullock from black hills he's got

some information out there on uh be able to pen test blockchain so as we move towards that understanding those technologies and kind of start learning if you're just starting out you learn how to pen test blockchain 90 percent i'd say probably 95 percent of pentesters out there don't know how to do that so that could be your your step to get into pen testing and also some of those more complex areas like that can be a lot more interesting to learn as well and so getting the pen pen testing experience so bug bounties uh or crowdsourced pen testing so like bug crowd synack hacker one integrity are really good ones to start out with i heard integrity

is probably one of the better platforms because there's not as many people on it get out there get the experience if you're not finding bugs that you actually can write up that you get credit for if you find duplicates you're still finding vulnerabilities think about you know you're able to go through a job interview and you're able to tell the hiring manager how you found cross-site scripting or sql injection during these vulnerabilities so that's actual real world experience so that's something that you can put on your resume and so pen testing as a service uh is a little different what they do with pen testing and service cobalt offers that synack bug crowd and hacker one i believe added that and so

what they do is uh some of these i think synthetic may be able to pay a little bit better but like cobalt you get fifteen hundred dollars to perform a pen test so whether you find bugs or not you're getting paid and this is real world pen testing experience you get that experience you do that for six months to a year then you go apply for a full-time pen testing job and you'll make a lot more money fifteen hundred dollars a week is not much as a pen tester but once you you know once you get those skills it's easy to make six figures working as a pen tester as an internal resource but this is a

way to get experience because you know back years ago you didn't have these opportunities to get that experience you just had to get lucky like i did and get hired by someone willing to give you a chance so these are good ways to get experience pronoun pro bono pen testing so any non-profits or religious organizations you could perform free pen tests for them and even not only pro bono you can do low-cost pen testing maybe you're making a little bit of money they can't afford to pay you know someone like black hills or uh trusted sex to a pen test you know if you charge that i've seen people that were doing a pen test for

a non-profit that was charging a thousand dollars from one week that's very fair compared to what you know a consulting company is going to charge and so common vulnerabilities and exposure cves getting cve numbers on your resume is good because there's a lot of pen testers out there that don't have cvs i don't have any cvs if i could have figured out how to if i would have been the right place to record my my iphone screen i was able to find a bypass one time back when apple was still in the touch screen without using the home button to get in i was able to do it and apple said yeah you need to

record it with a camera or something and every time i'd be out a stop light it would come up a pop-up would show up i'd go touch it and it would open up and i'm away from home i couldn't get a camera so i was never ever to get it but regardless that was like the only closest i'd come to getting cv but there's a lot of people that don't have them because they had certifications they got in so cbe is a big thing and joe helly if you've heard of joe helly he goes by the mayor he started uh playing around with uh finding cves and he's able to find a lot of them and so

if you look on medium he has an article called how i was born how i was bored one night and found two uh cves and what he recommends is downloading some of this free and open source hotel booking software just different free software is downloaded in your environment install it and find the bugs and then write it up you get cbes on there that's going to go a long ways towards helping you get the job some cases some hiring managers would hire someone for cves or they would like oscp or some other certification because this is going showing you something you did in real world opposed to an environment used for for testing your security skills

and one of the things too when mentioning the bug bounties and stuff once you get those skills sign up for cobalt go on there and what they do is they'll give you a an assessment they give you like a vulnerable vm or a vulnerable environment or application that you have to perform a pen test against and if you do good enough you're going to get recruited so if you've got the skills to do that so what you're gaining through all your your learning you'll be able to sign up and get on with them like i said they're paying 1500 uh per pen test for like 35 hours of work and that's pretty decent side money

and then once you get the experience you can move on to full time and so uh further information on how to get the experience the simulated experience you know we're talking about bug bounties real world experience so ctfs are still good ways to get experience if you're in college national cyber league is like a national uh competition it's a ctf and they take the the rosters of people and rankings and employers will ask for that information hire people for that database if you're in a college that does the the the red team blue teams games as ccdc competing in those hiring managers will hire from that so hack the box try hack me getting experience in those environments you

know if you've got a really good ranking somewhere on one of those platforms that's good to have and then a home lab using vulnerable vms i used to really stress that a lot but with all these other online platforms i think that's probably a better way to go because some of the vulnerable applications you find online are more real world juice shop is another good one you can actually can the heroku cloud service you can go on heroku and install your own juice shop instance and test across the internet there so using these cts try hack me and hack the box are really great ways to get experience try hack me and hack the box also has a lot of great

education material hack the box kind of took a page from what tri hackme was doing and started their academy so there's a really good way to learn learn those environments home labs are good but there's all the stuff built that you don't have to spend the time building your home labs at one time that was really pretty much your only option but now with those those uh resources you're able to do that and so how to showcase that experience so when you're doing these pack the box rooms and try hack me and all this in cts write those up write an article on medium as long as it's like hacked the box you're able to

disclose and do write ups there may be some vulnerable vms they don't want that disclosed but you can even do this privately so you could have a github account or medium or whatever the blog platform and you can do like write ups on the vulnerabilities you found even if you're doing bug bounties you know write up some of the findings you may want to redact it to make sure they'll see the customer information but write these up and you can actually prove this goes a long way of proving you know what you're doing and that you can communicate that communication skills sometimes are lacking you take some of the best hackers and they're not really good at

writing you know we live in a world where you're sending text messages you're sending acronyms not completing full sentences so those communication skills are great so if you're able to go medium and write these up even do like youtube videos on these walkthroughs in these rooms if there's been a lot of people that have built their careers as content creators you look at the cyber mentor heath adams he was learning uh and did a lot of his education to to train to teach himself made all these videos and now he's got a pen testing company been working as a pen tester got his certifications offering certifications but he started out as a content creator and now it's such a great environment

for that there's a lot of other people i don't know if any of you uh know who uh michael patrick or fearless from infosec twitter he uh networked in the in the industry and that's how he got in and also finding cvs that helped him get a job and so github to display scripts if you're writing scripts so you're creating some automation for some of these these different platforms you're working on put those scripts and and that github so it goes to show you're doing things you know because you can go in some place you say you're doing all this stuff but if you can prove it you're it's going to go a long long way for helping you and

your efforts to get a job and so you see a lot of people that are experienced professionals with the github out there if writing is your thing right you know you can do write-ups or on different uh ctfs even your overall review of like the sans uh challenge that they do each december write this stuff up people see that and they'll find you because social media youtube all those platforms the more people know who you are the easier you can find a job for me now whenever i got started out you know when i got started security there wasn't twitter linkedin has started out but now if you get on social media you go to

conferences and network with folks it's able to get you in there and so creating videos and writing blog posts is a really good way to get uh experience and showcase your talents and with the nice thing about medium as a platform people that are interested in the same subject as you will find your write-ups and stuff and another prime example of someone that really took off too is ronnie khalil if you've seen any of her oscp write-ups and videos and stuff she also does a lot of good content for port swiger's web application security academy she does write-ups and videos on that and so that really got her a lot of exposure and those people can go

anywhere get a job anytime so you may not have the experience yet but if you can demo that on a display you know on a video i've seen people do talks at conferences and local meetups i saw a recent college grad at one of our local defcon groups did a talk on malware analysis analysis a hiring manager from city was it in the off in the audience and asked for his resume he already saw his technical skills through his presentation so just getting out there if it's even on a smaller platform in meetups or either going online through social media those are really great ways to to get that uh exposure out there and display what you're not what you're what

you're learning and on your resume you know talk about the different things you're doing ctfs the different uh platforms you're on try hack me and hack the box talk about the different rooms that you've completed and just kind of you can list this under your training under education and you can put the you know the the different skills on there and if you're wanting to be a pen tester and you're looking for that job and you're studying and training for that on your linkedin profile put aspiring pen tester because you're going through learning you know the same way someone is going to college to get a degree you know people know they're studying for that so let people know that

and here is my connection information so feel free to reach out to me and also if you go to my youtube channel i have a whole semester's worth of my pen testing lectures and the book was based on the pentest plus but in those videos i do some some hacking demos as well to share my real world pen testing experience when i started the class we're using georgia weedman's book as a textbook but then we the pentest plus came out that year and i wanted to be able to offer my students a way to get a certification so we moved over to pentest plus so like i said that lectures if you go there there's a

a playlist on there with all those lectures for the pen test plus i just talked to someone recently that it passed the pen test plus certification and they said that the videos actually helped them in their their certification process and so that concludes my presentation but i'm happy to answer any questions that you may have questions

and for our audience at home if someone asks a question

i may not be the guy but i'm the person i help people get in the industry because it's interesting i have my domain name is the hackermaker.com so i really like helping people get into the industry so so i'm definitely good at helping people get started so do you have a question questions and if you can't think of it now feel free to reach out to me on on twitter linkedin i'm always monitoring my dm's and i'm happy to answer your question you may get out of here hear something later on and and come up with a question but feel free and feel free to connect either way i'm always happy to connect with people one of my favorite things

that come to these conferences getting to meet my friends in person to meet new people yes yeah what are you doing no you just you just ask a question and he'll repeat it sorry we're limited on switching careers when you find the most challenging most challenging and i'd say probably the most challenging pieces was when i was first getting into cyber security once i had that base level experience and one of the things too if you're working in other areas of security it's not going to be difficult to move into other areas of security but first getting into security because i had my cissp i had some of the domains i worked in physical security i used to help work

for a company doing cad that designed prison system security systems so i had that but uh just getting your foot in the door and sometimes if you're working for a company you're an i.t or maybe in other areas of company in other areas of the company try to move into those different groups get to know the the people in the pentest team or the security team that you want to move into you know go out there and and network with those folks sometimes they may let you shadow them some companies have programs so they'll let people shadow other people in i.t or security but that's the more difficult thing and so the question was someone asked uh what

was the most difficult thing getting to change careers and one thing to realize in changing careers conferences like this are really excellent for that because especially if you participate in any of the ctfs or any of the pros versus joe's being able to network with the people that you're competing against or that you're collaborating with really you know you you are learning that you can work with those people and then you find out where they work or that they can recommend you because i can tell you more than 80 85 of jobs are filled through referrals so network of an event if you've followed someone on twitter and you finally get to meet them building these relationships in the

community is not just you know one tweet one dm one slack message it is a layering and meeting people following them engaging on twitter engaging in linkedin in a respectful manner is a really great way to build your connections in another industry question thank you so much yes probably linkedin yeah someone asked what was the the best medium to reach out to me for mentoring and i said uh medium i mean linkedin so yeah i do that a lot well i do a lot of cases and one things i recommend too if you're looking for mentors you don't have to have one specific person to take care of all of it find several people you can go to because

people have different experiences and can help you out so one of the things i do is i never turn away people i mentor but what i'll do a lot of cases i'm able to provide someone with enough information they go off and study and learn and then they come back later on when they have other questions so yeah if anyone wants need someone to mentor advice you know a lot of times i'll you know message through dms or we can set up a zoom call i'd be happy to to mentor people and give your advice because one thing i get a lot of people coming to me wanting because from what i was teaching people always came to me looking for

entry-level pen testers and i not only recommended my students other people i knew if i knew their skills knew they had to do certain things i'd recommend them and i'd love to refer people actually at my former company i'd referred seven people while i worked there seven people you're welcome so in having a mentor realize there are two things one a mentor-mentee relationship because they should stand closer here mentor mentee relationship is a two-way responsibility and relationship don't just ask someone can you mentor me have three specific things that you want to get from that person and three things that you're going to be able to provide them back it is not all take take it is give and take

phil's not the only one on this stage that's over 60 and i can tell you when i was starting my career there were no women in an executive position so there is something called virtual or ghosting mentoring i just found people on twitter on linkedin on social media that i really liked who they were professionally and personally integrity and i just sort of sort of stopped them you know that's how we connected through twitter that's how we connected we stopped each other so realize that you can stalk someone in a respectful way follow what they write read what they post engage with them a little bit it was really sort of gratifying to me i work

in the government contracting space and one of the people that i was stalking became the first female cio for the government for gsa and i went to her and i thanked her for being my you know sort of mentor and she turned around and said well you've been mine so it was one of those wonderful moments so another question in the back josh so i get this question [Music]

yes the question was how if you get go through all these steps to learn this how do you get past hr to be able to get into hiring managers and so one of the things i say there is your networking is really going to be helpful going to your different meetup groups because i and the thing is a lot of people refer to it as the hr firewall because sometimes they don't understand you could have some certification that's just as good but they don't understand that they got a written up job description and they're fitting to that so if you know someone in the company you know even i hear a lot of people sometimes if they see someone they're

connecting on linkedin maybe they'll know them that well maybe they'll message them and say hey i'm interested in a job in your company could you pass my resume on a lot of cases people will do that and so that's the biggest thing is directly connecting with people a prime example here is i worked for u.s bank and uh i got the job there but around the same time i applied for a job at bank of america you know kind of same type of company same type of uh experience and so forth i applied online i didn't hear from them until a year later i knew someone i got referred to u.s bank and i got a job offer and it was

like a very minimal process i got the interview two interviews and i got the job otherwise like us you know if i'd applied online it might have been the same scenario because a lot of times hr unless you find someone like kathleen as far as recruiters some recruiters don't understand that space so the more people you can get to refer you get to know those people and do that and sometimes like even for me if you're looking for a job i will share for people share people's profiles say hey you know jason is looking for a job he's looking for a pentester role in your little pentester role this is experience tag them in it and that way they get the

response and the you know the value of of my connections to help them get the job but yeah just make sure the networking piece is very important i don't i don't even really you know really have to go through recruiters anymore just because my network networking with people and one of the things i have to say too go past just the connecting with someone don't just connect and forget about it maintain those those uh relationships because i'm at conferences i'll see people that run conferences that they're there like at texas cyber summit i'd run into sciatic nerd that runs b-side san antonio we would talk and i would get asked to do a workshop or other opportunities would come up

because i was talking to someone that runs hughsetcon so we see those people make sure to talk to them periodically just say hi and and sometimes meet people for coffee when they're in town like we've we've met up before so yeah just constantly connect and just keep those relationships going because you know people will forget about you after a while but if you maintain those relationships opportunities just constantly keep coming

yes the question was uh if i had experience with purple teaming and balancing the red team with the incident response so really the thing is you have to really make sure that you're communicating and this is a group effort uh the one company i worked for we were doing purple teaming it was a really good process because the the defenders instant response were really interested in seeing in these exercises because one of the best ways to mature your your organization because you can perform pen test vulnerability scans and go through those iterations and remediate and you can't constantly be pin testing normally you don't have resources but if you're able to run purple teaming you're

able to take tools out of the hands of attackers like mimikats different powershell scripts risky powershell hygiene in the environment so the experience i had was at a large global consumer company is a really good experience the i would say probably the the ir folks and and defenders were more interested in what than the the red team and there's some really good scripts out there like a atomic red team has their or canary has the atomic red team scripts and some of those are scripts that you can run they don't have payloads so like you can run mimikats and it does have a payload it just has that signature so you can cut down the risk of your

environment and that's good too if you're wanting to bring in junior level pen testers or red teamers to let them use those tools safely in the in that environment thanks for the questions you're gonna have to yell because we've got the fans up here so uh

okay yeah someone said they had qa experience on the uh ua or ui ux side and there's one how to get uh they work in the different sprints for the software development life cycle and how to get pentest experience i would say familiar if you haven't familiarized yourself with like the oas top 10 and use like the oas testing guide start learning web app pen testing because one of the things too organizations a lot of times have their appsec folks or their uh devsecops will be performing das you know they're scanning and static code analysis through that process but sometimes they're running pen testing so if you're able to learn pen testing there may be an organization

in your in your company that does the pen testing after you go through that process but if you're able to do some testing maybe even learn how to retest those items after a pen test if you go back and retest those things to see if they're vulnerable to make sure you're remediated before they go back to the pentest team to retest that's the way for you to get those skills and working in your area i've known several people working qa that have moved into application security or web app pen testing so learn those skills and port swiggers uh web application security academy is a great place to learn it's all free content and they show you how to use burp suite

which is a very popular industry tool that's good to use so i would start with that resource and owasp's top 10 oas testing guide kind of learn those and once people know you can do that they're going to get you to to test it because maybe they want to they need to retest it right now but the pen test team is not available for you know a couple weeks or a month you're able to test right away so that's a good way to get in there and once they see that if they need someone in that group they may recruit you over so good question any other questions let's [Applause] so thanks for joining us for the second

day first part of day two we will start our resume reviewing and uh career coaching at one o'clock we have recruiters and we have career coaches coming in first come first served so thank you everyone

[Music]

[Music] [Music]

[Music]

[Music] do

[Music]

[Music] do [Music]

[Music]

[Music] do

[Music]

[Music] so [Music]

[Music]

you

[Music]

so [Music]

[Music]

so [Music]

[Music]

[Music] [Music]

[Music]

do [Music]

[Music]

[Music] do

[Music]

so [Music]

[Music]

[Music] so [Music]

[Music]

do [Music]

[Music]

[Music] so

[Music]

[Music] this

[Music]

[Music] do [Music]

[Music]

foreign [Music]

do [Music]

[Music]

[Music] so [Music]

[Music]

foreign

[Music]

[Music] so [Music]

[Music]

do [Music]

[Music]

[Music] do

[Music]

[Music] do [Music]

[Music]

[Music] do

[Music]

[Music] so

[Music]

[Music] so

[Music]

so [Music] [Music]

[Music]

[Music] do

[Music] do [Music]

[Music]

do [Music]

[Music]

[Music] this

[Music]

[Music] so [Music]

[Music]

uh [Music]

[Music]

[Music] so [Music] [Music]

do [Music]

[Music]

[Music] [Music]

[Music]

you

[Music]

so [Music] do

[Music]

[Music] fabulous career coaches and resume reviewers if you can just sort of keep your conversation a little bit on the quieter side we'd appreciate it uh talk to jen about what we've been doing we're good okay thank you for coming to the last session of higher ground this is always sort of a a difficult position to do because everyone's tired you had a late night you don't want to be here so i really applaud those of you who came because you know what you're really interested in this talk whose line is it anyway i should probably explain who i am i'm kathleen smith creator and director of higher ground and the two people to my left your right

have been with me since the beginning and i knew that i can count on them to come and be part of this conversation throughout all of our conversations that we've had at higher ground these two days we've really talked about it from the job seekers perspective sort of what do professional coaches what do professionals in the community talk about as far as how you move forward in your career but we have not had any conversations led by recruiters and if you didn't realize it you actually are going to have to talk to a recruiter at some point in your career and at some point during a specific job search so as i said i have my two most wonderful recruiters uh

the third most wonderful recruiter showing up later so we'll just give him grief um and we're going to talk about the overall job search process and we invite a lot of questions with that so to my farthest left we have kirsten renner and i'm going to have kirsten sort of explain who she is because if i do the description i'd be going on for hours and hours and hours so kirsten tell us a little bit about you the community calls me krenner so that's what you might know me by on twitter i am currently running the recruiting team for the national security portfolio at accenture federal services that was once novetta where i was for uh six years

and i have an amazing team of recruiters several of whom are here in the room with us and one of my hiring managers is here i i help lead their requirements analysis and gathering and sorting of of candidates and getting them lined up against the managers and i also am a co-organizer of the car hacking village so as you can see there are recruiters who are involved in this community and you can network with them you don't have to just talk to them when you're desperate to find a job so the handsome gentleman with the wonderful accent that we all love listening to we do is chris rides and i usually have something against staffing firms

chris is one of those rare exceptions that i allow him to be involved in everything because he knows how to be respectful and cultivate great great relationships so chris please tell us a little bit more about you thank you very much i am from london hence the accent not from west texas okay and i'm not australian either which is what i normally get uh so yeah so i i've got a cyber security staffing and professional services company it's called tyro security uh it's 10 years old as of the 6th of august so happy birthday happy birthday um and i've been in tech staff in in total for over 20 years so i'm involved i'm still very hands-on it's a small

business really developing clients building relationships i still get involved with some of our search projects so i'll often manage those be involved in the final sort of qualification processes we go through often spend a lot of time on fi on the phone to to clients and actually talking through what they're looking for and why they're struggling consulting with them about what's really out there in the market and then other than that i've got a whole load of other hats i've got a non-profit i founded uh co-founded that's trying to provide more diversity in grc and cyber security it's an apprenticeship program completely free and i've been involved with the cloud security alliance for a very long time

so very involved in the community and i absolutely love it and love kathleen and everybody that's involved with helping make us do what we do so yeah chris gave this absolutely hilarious videotape um seven years ago at uh what was called just the career track in 2015 it was all of the things that you should not do with an interview and i really think you you need to bring that back so what we have here on the panel is we have what is called a direct recruiter someone who actually works for a company and finds people to fill roles and then we have someone who is part of a staffing firm who works with clients so

kirsten let's talk more about what your specific role is in explaining what a direct recruiter is um my specific role is for leading a a team of full life cycle recruiters uh i want to talk a little bit more about what their desk looks like because that's really relevant uh to the conversation they're connected to what we call our customers as the internal hiring managers within the company that we work for and so we have we have leads who are connected to all of those delivery teams so they're understanding on a on at least a weekly basis if not a daily basis what their priorities look like based on who their end customers are what they need

um there may be surge activities that they need to go through for a proposal that they're trying to get people for and so forth but on a day-to-day basis the recruiters the full life cycle recruiters are going to spend time sourcing they're going to source in the places where you are making yourselves known as available talent and more importantly they're going to be doing activities like all the things you see across all of these conferences this week where they're networking with people who might be passive or who might not have resumes yet or who are just getting started in their journey their day is going to be split up from sourcing scheduling spending time with

the hiring managers and talking to you all in and getting all those screenings done so that they can then lead you through your journey within the company line you up against the right hiring managers and hiring teams so i just want to clarify one thing that kirsten said which is she has internal customers internal customers are actually government contracts that she is supporting so she needs to go out and make sure that her internal customers who are various different agencies various different contracts so it's still a customer it's still someone inside but it is the same cultivation that is going on so chris let's counter that with what kind of role you have and what your customers

are okay yeah so as an agency recruiter it's a little different so we do something uh that's called full desk recruitment so that often the same people that are talking to candidates and finding them for jobs are actually going out and actually finding new new clients new hiring managers that would be at various different companies so we would actually have you know various companies that we search for and we might only work with some of the hiring managers in some other companies we work with whole teams and and we'll be providing all of their staff so it's it's unusual in the instead of internal clients or internal customers ours are external customers so um you know there might be somebody like

sony for instance as a customer of ours will work with just their cyber security team or in some cases we might just work with their incident response team so we have developed those different relationships constantly but then we're very involved in in filling roles all over the country so we'll differ how it's certainly changed over the last couple of years i'd say but um certainly you know we're very involved in local community to find people but also you know linkedin i'm sure we're gonna get to some of that stuff but it it differs a little bit in terms of probably who our customers are and how we connect with them some of them we might have weekly catch-up calls if

we've got a particularly important search on we might catch up with them every single week other times it can be very transactional so it could literally be a four week search get them placed follow it all the way through to the actual placement and then making sure that that person's settled so one thing that a lot of job seekers do not understand and it's amazing that i'll get this call i'll get this request that will say i had one call why am i why don't i have the job and i have to explain to a lot of people don't quit your job until you know where you are in the process for the next job

i deal with a lot of transitioning military folks and they wait until their last week before they're leaving service to start looking for a job so kirsten how long does it take and what are the different steps between your initial outreach to someone actually onboarding oh wow do you mean for the candidates journey what they are the candidates journey from outreach all the different steps and then they finally get the offer and they're onboarded so this this this yeah it depends obviously right uh it how long it takes you to get the get connected to the right person if you are fortunate if you uh work with somebody like like in chris's group for example um they're

they're going to be like like your personal agents and they're going to walk you through the steps the best recruiters are going to guide you through what to expect next so depending on either the contract or the customer and what their requirements are whether or not they require an extra background investigation whether or not they require like a customer fit review different different customers put different things in the journey right so it's not a good straight answer um ideally i want to meet you i want to have a conversation with you and as soon as i've established mutual you know interest with you i'd like to go straight to offer but so my intention is always to get there as

fast as i can but there's a you know if there's a clearance requirement if there's a background investigation requirement all those things are going to add days sometimes weeks to the process uh i tell all my recruiters and they cannot well they're not paying attention they they could hang or they they're doing resume review not your head if it's true i say customize the experience to the candidate right take care of them schedule around them force the managers to get together with them if there's three managers interested cool more opportunities for them they all got to show up when the candidate is is available so that is the ideal experience so that you're not having to

run through multiple interviews i hate that i hate that that does occur but if it does i mean imagine the scheduling and all of that right so this process i like to keep it inside of 30 days to be fair i i have a company that i worked with and it took 18 months from the original interaction until the onboarding and the candidate actually went and got another job while they were waiting for this process so please realize that you've got a long timeline on this chris how about your candidates um so yeah it's a bit of an it depends on the client um often but probably a good way to describe that when we're involved in this process so

the first thing we'll do is sit down with the client and find out why the roles open often they're coming to us because they've already tried to fill it internally um using maybe internal talent acquisition or sometimes talent acquisitions are so busy that they just need some assistance and some help our companies most of them are commercial less public sector and defense which does mean they can be a little bit more agile and one of the priorities one of the ways we prioritize our roles is to look at what are they looking for does that person exist do they skills go together um and then what is their process so it's their process five interviews and a

panel and it's going to take a month that's not going to be very good for us because the candidates that we give them are not going to probably be available by the time they finish their process so we always have a very good understanding of what that specific process is and we will talk about that with a candidate so something that you all could do is just ask that question what is the process how how long is it typically um and we've had roles that have been filled in as quick as two weeks maybe probably would have even been a week but but two weeks is is is probably the quickest up to four weeks um and the

quicker the clients can move the higher up the priority list they are for us to work on their jobs so let's dive into this a little bit more deeply and what are the different steps because a lot of times people think it's just a phone interview or it's just uh this or it's adjusted that and with all of these roles there are many different levels there are many different customers who have to be satisfied so chris why don't you start with sort of you know because it's not just one phone call one meeting right and we want to make sure that everyone who's in the room is prepared for the various different levels that they're going to

go through yeah certainly so what you'll typically find is for us anyway you'll you know you'll send a resume you'll connect with somebody we will have a qualification call with you which is normally just a general call find out what you're looking for what your salary requirements are why you're looking to move on from where you are currently and what your goals are and then we might straight away or immediately have a position in mind for you in which case we can then talk about a specific position or we might call you back at a later date with a specific position that's the first part once we've qualified you for a specific role we send the resume across to the

client sometimes we work in partnership with talent acquisition other times we'll be working directly with the line managers as well we always find it's important to make sure the talent acquisition is on board with whatever we're doing in that process and so we'll get get the resume across we'll then follow up very quickly because part of our qualification is telling the hiring manager you need to turn these around 48 hours we need full feedback because that helps us change up our search at that point typically we'll see a telephone interview normally with the hiring manager some businesses will will put if it's if we have not worked with them a lot of times they tend to put a talent

acquisition person in to have a conversation first um but once we've established a relationship with them usually the hiring manager will just say right yes i want to interview that person telephone interview then typically a panel um and then at the panel stage after that sometimes it can be a direct decision then sometimes it's like one more interview with with perhaps hiring other other directors or other people higher up so that's a typical process kirsten so you've got culture fit you've got technical ability you have a whole variety of things and i didn't clarify earlier kirsten works in government contracting so there are a few extra levels called security clearance adjudication review and things like that so my apologies for

not making that clearer earlier but go on i probably should have as well um so because of that factor there are some it's very similar the flow the funnel is is very similar so we're going to we're going to schedule a call initially with the recruiter this screening call is where we build your profile we uh we speak to you about what am i looking for what do i want to do next so that we can make sure that we're delivering to all the managers that you're interested in talking to we get an idea from you these are the types of positions i'm looking for so we know who to show you to we're not just going to show you one position

unless that's all you want so the recruiter who who reached out to you probably reached out to you because they had something in mind a requirement on their desk that they're responsible for and they explain it to you and they say hey listen i'm trying to fill this full stack development position it's in springfield virginia and it requires a secret clearance and you say i don't care about my clearance anymore or i'm interested in upgrading my clearance or i'm interested actually into going into camera you're telling them that's when it's up to you right you're gonna let them know what you're looking for now they know who to share your who to share your information

with so that they can give you more opportunities that are potentially a fit for you and as uh as was mentioned uh any clearance that is required has to be verified that typically only takes a day or it should only take a day um i try to put sla's on managers that they have a day to respond right that's that's my dream um they have a day to respond and then we have to you know as a team be collaborative with each other and notice for each other so the whole team my whole team sees what each other is submitting and in seeing what each other is submitting they can poke each other and go hey here's this other thing that

might work here's this other thing that might work right because it's not it isn't fair to expect every manager to know every other manager's roles or every recruiter to know every other recruiter's role so if they're all working together they can make sure that no opportunity is missed so you're going to have your quick screening call let's just say all the managers do their job and respond in a day i want you to be interviewed at your earliest convenience and i think a decision should be made that day i think they should be able to speak to you and figure it out if there is a further requirement because of the government customer or in any situation even your commercial

customers if they want to meet you as well we'll explain that to you up front we'll say you know what there's one more phone call you're gonna have to do or maybe you need to go on site um and frankly maybe you might want that you might say i'm not ready to make this decision until i see the office or meet some people so so i hope you realize you we have two extraordinary recruiters here but there are sort of two little bits of information pulling out of this one whenever you're having that conversation with any recruiter depending on if they're a direct recruiter or staffing firm one question you should be asking them is what is the process

when am i going to be meeting with people what am i going to do a panel interview am i going to do a phone interview am i going to do a technical interview do i get to meet the final customer do i get to go on site do i get to meet my team because this is part of your job in the search the other thing you should be pulling from this is you should always be networking with a recruiter this might not be you might not find a job with chris or kirsten this year but sometime down the road you're going to want to talk to them about a job you should be keeping up

with them cultivating that relationship you should have at least five to eight recruiters in your network that you like talking to that has given you honest feedback that have helped you not someone who has hounded you but someone who has actually helped you in the process because great recruiters like these two network with other recruiters and will say i can't find this person for this position they'll network with other recruiters and say i just interviewed someone who would be absolutely fabulous for that job great recruiters network with other great recruiters so always be having net recruiters in your network so the title of this talk is whose line is it anyways i remembered a comedy show years ago but

it's also something that comes up a lot in when i talk to job seekers they always think that it's not their job to do x or y or z in job search they think that throwing a bunch of stuff on a resume all of the recruiters are mind readers and they're going to be able to tell what you're trying to convey in your resume so chris what are some of the good tips and not so good tips about resumes what are some of the things that you've seen and that you've cringed about while you've done resume review here so um i will actually i'll start slightly before the resumes if somebody posts a job or something on

uh on linkedin don't just comment i'm interested that is my bug bear i'm interested and then never no contact no sending resume no application and then you get a message out the blue that said what what's happening with that job okay it happens a lot yes you you like i can't respond to everybody that just posts i'm interested you know i send send connect with us send us a personalized message actually apply to the job the link that's on there um but don't just post i'm interested so that that's a little bug bear um had to get off my chest you forgot to say in the process that you have to apply yes yeah yeah big big step you have to

it's fine we're quite good at recruiting but not that good um so yeah so that's one part i think when it comes to resumes um my big story is you need to make sure your resume represents the right set of experience and skills for the job you're applying for so uh you know i think keep your resume really straightforward two or three pages if you're hugely experienced you might get away with four but really anything that's 10 years plus experience nobody's really interested in so that can be one line of just where you worked in the dates or you might even consider taking off if you're worried about ageism certainly some people remove stuff that's there's quite a lot

of years because people guess people's ages and they worry about ageism so i would say on a resume look at this why did you keep looking at me when you were saying that look at you i've got a lot more gray hair than when we than eight years ago when we did that video right um i think if you if you're looking at a job description you should have that next to you as you look at your resume and if you've got relevant experience just move just make sure it shows in your resume and then apply for the job so yes it will take you more time to apply for jobs that way looking for a job is a job in itself

like there's no there's no easy route round you might get lucky and have a friend turn around and say oh and will you come and work for me that happens but when you're looking for a job earnestly and you're going through recruiters make it easy for recruiters to look at your resume and know straight away yes this person is good because we do get an awful lot of ad advert response and an awful lot of applications and probably 98 of them are not a good fit so you want your application to stand out and be very obvious that you are worth taking to the next step my dear i was going to say if you remember

anything i said today the first thing you should do on your resume is start with not a dissertation not a story just a i am a this and i would like to be in that this that that's it don't assume that that we know based on what you're doing or based on what you listed what that means your job is based on what you're doing what you want to do next it's going to help us drive this in the right right direction just just let us know right at the beginning one sentence i am a systems engineer looking to become a solutions architect i am looking to get into sales like if there's a different direction you want

to go in and and he touched on a really important point and that is that you should take a moment to review what you're applying for and and especially when you get when you get up in years uh customize you know try to to summarize and customize how your resume looks based on the job that you're applying for it is true that nobody cares what i did in 1994 um but they probably care what i did in the last five years so that's a really good point one of my biggest bugaboos on technical resumes because i did i used to do a lot of resume review on discord was the infamous i want to make it look

pretty because i don't think my experience is enough to get someone's attention content over pretty please you know no bolding no script no italics no scented resumes you know none of that the other thing that i that is a big bugaboo for me is a lot someone out there and whoever it is i want to sit down and have a drink with you and tell you how wrong you are is don't put a table or a graph in the middle of your resume that says i have all of these skills and all of these certifications and everything one it is really not going to go through the applicant tracking system because you don't know what the user interface is

for where your resume is going to be reviewed and two everyone loves to put as much in there as possible i have a cissp and i'm really good at business i have a security plus and i'm a creative thinker no you put your certs in one area you put your technical skills in another and you know if you have business skills show how you have business skills don't just tell me you have business skills i managed a budget i had a team of 10. i volunteered at besides las vegas and i managed 20 people and we built a knock have that in as something that you have done not just put it on there because you're

looking to fill up space i have business skills so yes i'll also add columns to that i don't like columns on a resume so i know it's tempting to have i'm going to have my skills here my education down here and then here's my experience don't do that again applicat ats's subject tracking systems don't really like those things and as recruiters for external recruiters i we put cover sheets on your resume the moment we add a cover sheet it loses all that format in and and it causes a complete mess so you don't i would not do columns please yeah and there are so many templates that are out there that i can't tell you i'd say 90

of the resumes that i review they've been you know force-fed into a template that's really pretty simple left to right top to bottom boring just very boring because again you don't know who's going to read it you don't know what user interface is going to read it so you want to make sure your content is coming through so another thing that job seekers don't really think is their job or is their line is preparation chris talk about preparing job search preparing for interview preparing for meeting with people what should people be doing uh so yeah there's a lot of stuff that you can do to to make sure you're on top of it and just speak to the recruiter

first of all ask them right what you know if this is a video is this a telephone call is it a video call how should i be prepared for it what should i wear um you know those kind of things you can like we all ask and find that information out because we want you to put your best foot forward straight away so ask us all those questions anything you're not sure of have a piece of paper and a pen or a notepad or your phone open something where you can take notes and because that'll remind you to come back remind you to ask questions have a few questions prepared in advance there's certain ones that i quite like

which is which are good for personal questions so why did you join this company how long have you worked here what makes you stay here what do you think is the best thing about working here get those feelings if people can't answer that you might want to consider whether you want to work there so there's some questions you can have in advance that work really well and show that you're genuinely interested in the company as well there are others that you might want to jot down as the interview goes on so that's why it's useful to to be prepared and have your paper and stuff ready yesterday actually i was doing some resume reviewing while there was a

really good talk on about preparing for remote interviewing yeah remote interviews will baggett did a great presentation yesterday it's on our youtube channel yes so definitely watch that because he had some really good points uh of things to prepare for and even i it's quite a lot of the things i do before i have meetings with my clients right you know check the bandwidth make sure i'm working might do a quick check of the zoom calls and turn off all of my other apps yeah all of those sort of things so some really good stuff in there one point that you made earlier that i want to make sure people didn't miss is that you were talking about listing some

of the volunteer activities that you've done or anything that you've done within the community and how that translates into some of the requirements within even if it wasn't part of your job or if you're more junior in your experience level there's a lot of uh business skills that uh that you have to exercise here in the in community events right so don't don't lose track of how valuable that is as well and then you you touched on my very favorite part i always tell people when i'm coaching them going into an interview you know to bring a notebook and to write things down shows that you're interested in what they're saying right when they're talking and then at

the end the thing that they always ask this this means the interview's over when you hear do you have any questions for us that means the interview's over right you say you crack your knuckles and then you say yes and you make it about them exactly like chris said because people are self-interested and and for a minute they won't be the interviewer anymore they'll be a human being telling you a story about what it's like to work here what is the best thing you learned in the last year that's a really good question because if they haven't learned anything how interesting is this place right so just get them to tell you exactly like what chris was saying about

what it is like for them here what why did you come here and is it is it still true for you the thing that you thought was going to be interesting about this place do you still feel that way have you you know how have you grown here that's going to tell you if that's a good place for you based on what they're telling you can i i'm going to add something to that because as you're speaking it's reminding me we should write a book you're right um so also one of my favorite questions to to to ask and this is because we don't always get the feedback that we really need from hiring managers sometimes we just

get yeses and no's and and that's it and it takes days sometimes to get a bit more than that from them um you won't always get the truth but you can ask the question so i always like to con encourage people to and it can feel a bit awkward but you know how do you think i did in this interview what do you think i could improve um how do you feel that i would be a fit you know just open questions like that that they might say well i'll i'll think about and come back to you or i've got another three people to interview and then i'll tell you they might avoid it but they may well just give you some

some things to say and what you might even find is you might find something comes out and you haven't discussed it in the interview and it's not in your resume but you have the experience so it might be oh this might be a challenge for you and it might just be your opportunity to say oh wow i realized we never covered that i actually did that here so you know there's always an opportunity there you might might miss out on something that would stop you getting the job and you might actually find out about it and manage to to get in there before before that happens that's an excellent point and don't be afraid to

tell the recruiter afterwards they should be checking on you but tell them what the experience was like because trust me they're going to let the managers know that if the if the person felt uncomfortable or you know so that they can they can use that to to do a better job as well so two points i just want to summarize on what they were saying is realize that if you do volunteer in the community if you volunteer at a con if you volunteer on a meet-up if you do your own um what is it at home your own not beowulf holster your own lab if you have your own lab sorry it's been a long two days so

anything you do extracurricularly is that a word it sounded right it sound right be sure that you're weaving that in to your resume and if you can't find a place to weave it into the resume be sure that you're taking notes so that you can answer that in the interview because a lot of times you may have learned something in your volunteer community work you know like you made a mistake and you learned something and you became better for that you don't really want to say you made a mistake at your work you know because they're like you don't want to do that and also realize that you need to do the preparation to find out what the company

does how they make their money how they operate i can tell you i went into an interview really excited about this interview and the company was named kaiser and i thought it was kaiser permanente and i went in to talk about you know health care and all these great things i was going to do in customer service and sales and stuff and the guy just sat there and stared at me and said we're kaiser the steel company the interview was done you know we we both just sort of stared at each other like okay there's no conversation here to have um i was embarrassed someone had recommended me for the job so do your preparation please so follow up my

favorite favorite thing so it's interesting job seekers always think it's the job of the recruiter to do the follow-up it is but kirsten what should job seekers be doing don't be afraid to to reach back out please don't just wait please don't assume that you've uh that there's a certain period of time that should go by uh they're gonna appreciate the reminder they're gonna appreciate you the recruiter is gonna appreciate i certainly that was my biggest weakness right it really really was me uh intending to get back to everyone uh still a issue that i have uh but but honestly they appreciate the reminders right and and go about it in more than one way

like if you haven't made contact yet that's when you need to probably be creative don't just think the application is the only way um you're gonna find that some people linkedin is the best way some people a lot of recruiters um for me it's twitter you i have people that are like well you never responded to my application and i can't you know you never responded to my email they they were creative and they found me on twitter um so don't be afraid to to keep reaching out i think um should job seekers do thank yous i think so i think so i think you should especially if you get an interview uh reach out ask the recruiter for the

hiring manager's information let them know that you're thankful for the time that they gave you for the interview chris what follow-up yeah i was going to say thank you for sure i mean nowadays a lot of these interviews are over zoom you have access to their email addresses often when you see the invites so you can send them a follow-up email you know same day to say thank you very much for your time i really enjoyed it i'm very interested in the role uh you should certainly follow up with recruiters you know we we have a whole load of processes that hopefully mean that we are chasing you very quickly to try and get feedback so that then we then can go

and speak to the hiring managers i our preference is to have the candidate feedback first so that when we speak to the hiring manager we kind of have some idea what to expect and also we might have already discussed how we're going to deal with some of the anything that came perhaps have come up um so certainly chase us connect with us even connect with the hiring managers on linkedin as well and maybe we'll send them a connection saying oh thanks i really appreciate your time i would even say that you can do that you know as soon as you've got the invite you should be checking out their linkedin hopefully you've worked hard to make

sure that your linkedin profile is attractive and and is the same as what's on the resume there's not too many differences um so i would even say that you could connect with them say oh we've got a an interview lined up for tuesday i'm looking forward to speaking to you so connect with them beforehand so and also you've done a bit of background there and you can do some background on the company and on the person to see their background as well so one thing that there's no it's never really talked about is whenever you see a job position opening or an advert there's nothing on there that tells you how best to connect with the recruiter

it will tell you how to apply for the job but there is no place on the position that position opening that says to connect with the person who you will be talking to you will find them on twitter you will find them on linkedin you will find them on instagram you will find them on facebook you will only be able to connect with them on email why i'm saying this is that you have to become proficient in all these various different ways of communicating because as kirsten said you can connect with her on twitter but if you don't have a twitter account and you're trying to reach out to her on linkedin it's going to be a while versus i sent a

message to chris this morning on twitter and he was like i never look at my twitter i should have sent it on linkedin i knew that i didn't even follow my own rule so let's let's sort of delve into that deeper um and i run into this question a lot do you have separate emails and social media accounts personal versus professional i didn't know she was going to say that but i was about to say this might sound a little provocative or sensitive but if i'm actively looking for a job i am cultivating the things that are public that i am saying i'm not saying don't be who you are but keep in mind i'm also not saying that we're all

stalkers okay however if you post every single day my boss is a jerk i hate it here i hate working but it's just even if they're not doing it consciously you you it's it's just it's not very attractive appealing right professional something like that right and and but i mean there's different places where we should be able to voice you know be ourselves and be humans right but just just i just i think be careful um with with that so even if they don't even realize it if you're popping up in their feed every single day as the most miserable employee probably don't want to even talk to you right so just just cultivate that um and

be cognizant of that particularly you know different spaces um are appropriate for for different types of content i think um like what what you're seeing on my facebook is very different than you know what you're seeing in in other areas so i'm going to put chris on the spot so if you don't connect if you're not connected with chris yet you will be by the end of this session realize that chris spends an awful lot of time on linkedin asking a lot of provocative questions and really engaging so how do people stand out on linkedin when they're engaging with you because as you said you post a position and someone says i'm interested and then they ghost you so

what would be sort of if if someone was going to connect with you on linkedin and then wanted to engage with you on not engaged because you're married to a beautiful woman to have a beautiful daughter but how how would you talk about someone who wanted to be considered for one of your positions sort of wanted to stand out but didn't want to be a creepy stalker right that's it this is the time i should say something i'll wear yeah i met my wife on linkedin and that's how we got no it's not it was a different app though it was a dating app funnily enough um so i would say this like engage with my

content and make genuine comments i was speaking to somebody earlier on today and i kind of have a process that i think works really well and i i talk to my consultants and other people and and really encourage people to to do it i call it the one three ten rule um so make the effort to post one piece of content a day uh whether that's sharing something of somebody else's but make it genuine content make it authentic and make it professional um three is three comments on other people's content so not just yeah like that or yes agree you know actual valid genuine con yeah if you're interested and passionate about what they've written about explain why and

actually put that on there because that's the stuff that stands out for anybody it's what stands out for me people have taken the time to to actually engage truly with it um and then the ten part is look to connect with ten people each day that are going to help you forward in whatever your goal is so if your goal is to get a new job connect with 10 people that would be the hiring managers in that job so that's just a process that i really like and and i think if you're genuine and authentic with the content you put and and the engagement that you do you're going to catch people's eyes so certainly i've i've you know established

really good relationships over linkedin and have come to places like this and get to meet people that i've feel like i know really well that have never actually met so so do we have any questions in the audience

oh come on yes sir hi uh so you talk about linkedin a lot uh maybe i'm too old-school but uh i remember linkedin when it was first growing it was family fun and still have the knee-jerk reaction that i hope it does a thousand suns uh do you ever encounter candidates who would just put our blanket down how do you handle that so i'm going to repeat the question because we have our at-home audience and let me know if i got right so how do you connect with candidates who don't who just are not comfortable being on linkedin or just not there so what do you say to a candidate who just doesn't want to be on social media

doesn't want to be on linkedin i mean that's fine like we're not we're not at the stage where we're replacing resumes with linkedin yet now that might happen or something similar to that might happen at some point but you don't need to be on linkedin you know there's pros and cons to it you know if you're not on linkedin it's hard to do that networking remotely and maybe get connected and build engagement with people that you're going to want to to try and better your chances of getting a job but likewise you're not also going to write something really silly that's going to stop you getting something as well um so you don't have to be on linkedin i

think it's a major part of the job search now and i would encourage anybody that's thinking about it to to actually get on there because i think it would usually help the opportunities increase the opportunities you've got i would say that they're starting to see other i i used to love peer lists i don't know whether anybody knew peer list but it was a you know social media site it was just really for security and grc people and fortunately um it was also needed to make a profit so it it was wasn't able to do that so it doesn't exist anymore but there are other other companies working on similar things the cloud security alliance has

got uh the circle platform so it's a there's still a bit of a work in process progress but there are places where security people can come together where it's kind of not all of the memes and some of the other rubbish that you have to deal with on linkedin sometimes so just real quick i love that you asked that question there's a there's a large chunk of the candidates that are qualified for the roles i'm looking for that aren't allowed to have a linkedin profile and then there's a whole other section that if they have a linkedin profile it just says jane works at a company like that's literally it so um obviously there has to be other

ways right so that's when we have to be creative and and that's when i would say to anyone who isn't advertising themselves in that way to go the extra step for us so that we can find you so that we can discover you um by either researching the company it doesn't mean you can't go on linkedin by the way right you say let's say you don't have a linkedin account you don't want one that's cool you can still go on it you can still look at the company all the companies that you're interested in they probably have a linkedin page and then you go to people see who the recruiters are or see who the managers are in the areas

that you're interested in being in right the departments that look like they're interesting to you who's in a management role send them a direct message right without a linkedin account you probably have to like pay money or something i don't know or get get a get a free account temporary one and just message them they'll respond and and realize that you could do a boolean search through google and most of it will bring up if you're looking i'm looking for recruiters in cyber security who work at this company and in the google search results you're going to get most of that profile but you can do the preview and get their contact information so you can still use it as a

directory without having an account any other questions okay so our last session of higher ground last day please take advantage we'll have the uh recruiters and career coaches available until five let's give a round of applause to my favorite recruiters [Music] thank you thank you thank you everybody and thanks for setting this up kathleen jen everybody it's nice to be

[Music]

you

Hire Ground — Career Track

Related talks