1

I am a manager within the cybersecurity division at the company where I work. Our team is responsible for internal penetration testing and the application security strategy of deployed in-house applications.

Due to surplus training and travel budget this year, my team and I were approved to travel to a niche industry conference - Blackhat 2024 to be held in late summer of this year. Our team has several recent open positions for application security engineers that I am looking to fill. I am having trouble recruiting local talent so want to broaden the geographic region for talented prospective employees. These engineers will be dedicated to internal pen testing and working closely alongside application developers. I expect application security engineers and developers to be pre-dominant at Blackhat 2024.

I am thinking of incorporating some technical hands-on exercises to gauge work experience such as setting up a Kali Linux instance prepopulated with tools (JTR, BurpSuite, SQLMap, MetaSploit framework etc.) and a deliberately vulnerable VM and seeing if folks can identify and exploit the vulnerability to gain the ROOT user flag. However, I am skeptical if my plan is appropriate due to the below reason:

  • Main purpose of attending the conference is to learn , not to search for new job. The conference attendees are also being paid by their existing employer to attend, and poaching is not something I want to do as the cybersecurity industry is niche and rather small. Bad reputation haunts you.

Questions

In networking with other conference attendees who may be open for a new role, how appropriate is it to incorporate some technical hands-on exercises to gauge work experience?

If my plan is not advisable, how do I maximize connecting with potential prospective employees who may want to join my company in the future?

Improve this question
1
  • Sounds more like you want to set up a challenge/puzzle and let that do your initial screening. You wouldn't be the first company to do so.
    – keshlam
    Commented Apr 8 at 3:55

2 Answers 2

Reset to default
5

More of a long comment than an answer.

Why is the emphasis on doing this with fellow conference attendees? Why not just walk around with a T-Shirt that says "We're hiring", take contact information, and then just slot those people into the normal hiring process?

I'd also posit that the sort of people who attend these types of conferences would just love the challenge of cracking your system and could feign being a potential hire just for the hell of it, with the end result of wasting your time.

Finally I'd suggest that if you really want to be canvassing potential hires at this conference, why not simply pay for a booth, and have a "we're hiring" banner. To me, that would be the more "official" way of doing what you want to do.

Improve this answer
4
  • To answer your question: I work on the east coast of US , far from Las Vegas where conference will be, so arranging individual interviews will be difficult afterwards just due to geography alone. Live interaction with prospective employees is lost. Hands on skill is important and not only what one says
    – Anthony
    Commented Apr 4 at 1:12
  • 4
    @Anthony I'm not saying that hands on skills aren't important. But there's this thing you may have heard of called the internet. I've heard that not only can you do video chats with it, you can also remotely access computers with it (I regularly remote into computers on the other side of the world as a part of my day job).
    – Peter M
    Commented Apr 4 at 3:14
  • 2
    "Live interaction with prospective employees is lost." - it sounds like one potential way of maximising your potential to hire, is to accept the use of Teams calls rather than in-person. I think many hiring managers over-estimate their ability to discern relevant performance factors by in-person contact.
    – Steve
    Commented Apr 4 at 8:13
  • @Anthony The Black Hat conference pulls people in from around the world (including every major spy organization - Russian, Chinese, Israeli, etc.). Your organization will do well to include remote workers. (PS. Bring "burner" PC's and phones only. Everything within X miles of there is vulnerable to being hacked.)
    – David R
    Commented Apr 4 at 14:51
5

Testing hands-on skills as part of the hiring process? All good. Networking at industry conferences with a view to attracting potential candidates? All good. Combining the two? Not so much.

If my plan is not advisable, how do I maximize connecting with potential prospective employees who may want to join my company in the future?

As Peter M's answer suggests, make it obvious that you're hiring and let interested candidates approach you. This is the best way to ensure that people who are both open to a new role and willing to take focus away from the primary purpose of the conference to explore that. You can then set a suitable date and time for a more in-depth discussion to follow up - it doesn't even have to be after the conference. Since the event doesn't run 24hrs a day you could arrange a meeting for after the day's programme has finished if that suited. Heck, you can even have your pre-prepared skills exercises with you and do those there if you want.

As an aside something you mentioned in a comment:

I work on the east coast of US , far from Las Vegas where conference will be, so arranging individual interviews will be difficult afterwards just due to geography alone.

You're falling into the classic trap here - you're forgetting that just because the event is in Las Vegas doesn't mean that attendees are from that area. After all you are travelling from the east coast so there's every chance that other attendees are too, they could have come from pretty much anywhere.

Which brings us back to the original question - since you're already aware that widening the geographical net is something you might need to do to find candidates you're going to need a plan for how this hiring process is going to work while taking that into account. There's not a snowball's chance in hell that you're going to do a complete hiring process in situ at a conference, so you're going to need either remote (video calls, screen shares etc) and/or travel for the prospective candidates in any event, and if you're doing that the driver for doing these skills exercises at the conference drops off significantly.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .