3

On the information security team at my company where I currently work, we have several critical / urgent roles we are looking to fill, amongst including a senior security architect, several senior security engineers, and several cybersecurity intelligence analysts.

We are having trouble with the local candidates so I am thinking of discussing with my manager the possibility of traveling to several cybersecurity conferences coming up across the country (example and example)to market our company and hopefully broaden the applicant pool. As a bonus, all team members have certifications that require continuing professional education credits (CPE) to maintain, so it seems such idea is valuable. We also have surplus budget for travel and training.

However, our team has never attempted to hire through industry events, and all previous roles have been filled through the traditional office interview. I am not sure how many attendees would have their resume ready or be in the interview state of mind. Therefore my questions are:

  • Although networking opportunities are mentioned, are overt attempts to hire appropriate at these kind of events?

  • From experience, are candidate quality different than say if candidates apply themselves the traditional method - through company posting or recruiting firm

  • Given the different and assuming more informal environment, should interview technique be changed, and if so what strategy is preferable?

Improve this question
5
  • Do you plan to interview them right there at such conferences?
    – DarkCygnus
    Commented Mar 13, 2019 at 23:53
  • Also, what do you mean exactly by "overt attempts"? Is it the fact that you plan to interview them right there?
    – DarkCygnus
    Commented Mar 14, 2019 at 0:07
  • @DarkCygnus - Yes, given these are not likely to be local candidates, we are thinking of interviewing them at the event, albeit more informally in a low pressure manner. Just want to start a conversation with them about the role
    – Anthony
    Commented Mar 14, 2019 at 0:12
  • It's perfectly acceptable to say to someone at a conference - "by the way, we're hiring". Keep in mind, most people at any conference are highly valued by the company that paid their way to attend.
    – selbie
    Commented Mar 14, 2019 at 0:17
  • Some conferences with expo space will rent out lower tier "table space" or pop-up space that allows small companies that don't have a large booth to still have a presence in front of the foot traffic that comes through. Other conferences just have open tables or poster walls for vendors to put out flyers and brochures for anyone that walks by. You just have to reach out to the conference organziers to find out what's available.
    – selbie
    Commented Mar 14, 2019 at 0:17

6 Answers 6

Reset to default
2

Industry events are often a good place to find recruits. However, you usually need to go beyond "being there".

Most cybersecurity events will have a job board or, if smaller, a whiteboard where people post jobs. That captures immediate direct job seekers. But in general that's not worth the 5k ticket + T&E of a large conference to go do.

  1. Speak. There is nothing more attractive to candidates than someone who knows what they are talking about. Many speakers say "and by the way we're hiring" at the end of their talk for this reason. You may have to start with smaller conferences, or look for smaller independent tracks at large conferences - like at RSA there's a B-Sides, a DevSecOpsDays, etc. happening colocated and somewhat affiliated.

  2. Promote. Get a booth, not a big expensive one at the RSAs of the world but again those smaller more local events. Here in Austin we have LASCON, a DevSecOpsDays, a regular OWASP chapter, and so on, and there's other cybersecurity events in nearby cities where companies do buy a booth strictly for recruitment purposes. You have to build up some mindshare about who you are and why someone wants to work for you other than "it's a paycheck." If your company is a recognizable "name" then that helps, if not then yes you need to make some more sustained activity and conferences (and online and...) to make people think you're an infosec destination.

  3. Tune your pitch. What kind of candidate do you want? There's a lot of advice here for hackathons or CTFs but that's for a specific kind of "cybersecurity" candidate. Blue team? Red team? Threat intel?

So yes, recruiting is welcome and expected at these events (as long as it's not impolite).

And yes, you will get much better candidates than "resumes off the street" because there's a higher chance the people there are at least meaningfully in infosec (50% of resumes for any job posting are just plain trash), and they are reinvesting in themselves by attending conferences.

It's unlikely you'll be interviewing on site though - it's not impossible, it's more likely if there is a hiring fair or lightning recruiter dating or something like that to leverage, but most folks coming there may get interested in you but they have other things to do at an expensive-per-hour conference than sit down with you. Build the relationships and worry about interviewing later. The main exception is people you have already made contact with and you're both going to be at the event, then it can be a tempting tradeoff for flying someone in yourself.

Improve this answer
2
  • 1
    Accepting answer as I love the concrete steps provided to increase company visibility. Never knew about LASCON so thanks for the name!
    – Anthony
    Commented Jan 4, 2020 at 0:22
  • Just got one of our SDET and DevSecOps roles filled by someone we met at another conference last year and so far so good. We were not targeting for either a defensive blue team or offensive red team candidate as we had roles for both when I asked this question
    – Anthony
    Commented Jan 4, 2020 at 0:27
2

Penetration Tester here. It depends on which events you are turning up to.

The more corporate events (e.g: Infosec) are more focused on selling products than actually talking shop, so to speak. These will be filled either with people that have jobs or people who are looking to sell their product.

The ones with talks that get into the nitty-gritty (e.g: B-sides) are the ones where you might want to go to, but don't just ask for CVs.

Set up a stall and some attack-simulation environments. Have some participants on some Kali boxes and task them to break into the target, and other participants looking at an instance of whatever SOC program you use, trying to discover and block out the attack.

If you want to tell which events are which, just look up their videos of past talks on YouTube. The ones you want will go into at least some sort of technical details.

Improve this answer
2

I'm sure there are several people at every one of those events that are looking for jobs.

If you stopped every random person and just start interviewing them, that would obviously be too much. Here are my suggestions.

  • Bring lots of business cards. Make sure they have your contact information, company web site, and job title that implies hiring authority.

  • Sign up for talks that are relevant for the position you are hiring for.

  • Think of a good comment or question for the speaker. This will increase your visibility, and people might later approach and want to talk about that.

  • In your questions, casually mention where you work.

  • Pay attention to what other people are asking, and later start a conversation with them about their question.

  • When waiting in lines, start casual conversations with people around you.

  • If you casually ask people about their work, and listen to them, they will probably enjoy talking about themselves.

  • When talking to someone, do more listening than talking.

  • If a conversation is going well, you can briefly mention you are hiring, but not go into details, unless the person asks about.

  • If they express an interest, tell them you can interview at the event, and ask them when would be a good time. Exchange business cards and contact information.

  • Unless it's mutually agreed it's an interview, keep conversations light and casual.

UPDATE: Other answers also mention having a stall - that takes more resources, but if you make your stall very interesting, with some cybersecurity-related puzzles, competitions, etc - that would generate foot traffic.

If you do a stall, make sure you have some catchy swag with company name and url.

Also, don't forget DefCon - Top Ten InfoSec Events of 2019

Improve this answer
1
  • 2
    This is good advice. I've done hiring at industry conferences and I've been hired myself at them - one of my most important hires was from randomly sitting down next to someone at a lunch break and striking up a conversation. The real art form is to take every advantage to engage and speak with people, yet you don't want to come off as pushy or not authentic. Following this advice will help with that.
    – dwizum
    Commented Mar 14, 2019 at 14:32
1

Although networking opportunities are mentioned, are overt attempts to hire appropriate at these kind of events?

I think a Hackathon type event is better suited to what you're describing. You're in a controlled environment, able to see how people perform, and you can ask if they want a job. If not, at least a good PR event for others to see your company.

In a trade show/conference/summit type event, people are there to learn. Meaning they're most likely paid or sponsored by their company to come to the event. In one example event you gave, it costs $1,000 to attend, and on top of that attendees have to travel there. That's no pocket change for anyone to just spend $1,000+travel, be jobless, and expect to get hired at these events. Then you have to question if they do have a job, and you "steal" them, how easily is it for them to hop jobs or why your company is better than theirs? They basically made their employer pay for their interview by going to you to interview, and get hired. Not exactly a great trait to show off that you're willing to spend employer's money to get a better job.

Improve this answer
0

Although networking opportunities are mentioned, are overt attempts to hire appropriate at these kind of events?

Attendees might (most likely) find that off-putting. These events aren't typically seen as events at which to hire or get hired.

From experience, are candidate quality different than say if candidates apply themselves the traditional method - through company posting or recruiting firm

Well... You probably stand just as good a chance of finding good candidates there as you would in a traditional interview and hiring process. I don't see why the quality of candidates would be any different. These are very specifically targeted industry events. I wouldn't think you'd get a bunch of unqualified, uninterested "randos" at these events.

Improve this answer
0

Do you offer a relocation package? If not, that would be one way to entice people who may be aware of your company from a distance but unable to get to you. I am in cybersecurity and changed states for my current role. For me, relocation reimbursement was a huge factor. A candidate may be on the fence about taking another job that pays $10,000-$20,000 more per year, but will cost the, half of that just to move out there and get settled, effectively cutting their salary increase in half for the first year or two.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .