I am a manager within the cybersecurity division at the company where I work. Our team is responsible for internal penetration testing and the application security strategy of deployed in-house applications.
Due to surplus training and travel budget this year, my team and I were approved to travel to a niche industry conference - Blackhat 2024 to be held in late summer of this year. Our team has several recent open positions for application security engineers that I am looking to fill. I am having trouble recruiting local talent so want to broaden the geographic region for talented prospective employees. These engineers will be dedicated to internal pen testing and working closely alongside application developers. I expect application security engineers and developers to be pre-dominant at Blackhat 2024.
I am thinking of incorporating some technical hands-on exercises to gauge work experience such as setting up a Kali Linux instance prepopulated with tools (JTR, BurpSuite, SQLMap, MetaSploit framework etc.) and a deliberately vulnerable VM and seeing if folks can identify and exploit the vulnerability to gain the ROOT user flag. However, I am skeptical if my plan is appropriate due to the below reason:
- Main purpose of attending the conference is to learn , not to search for new job. The conference attendees are also being paid by their existing employer to attend, and poaching is not something I want to do as the cybersecurity industry is niche and rather small. Bad reputation haunts you.
Questions
In networking with other conference attendees who may be open for a new role, how appropriate is it to incorporate some technical hands-on exercises to gauge work experience?
If my plan is not advisable, how do I maximize connecting with potential prospective employees who may want to join my company in the future?