Options

Fun Question

Okay, what if a 19 year-old guy applies to your current employer for an entry level position. He has no high school diploma, no college degree, and zero work history. (not even McDonald's)

But, the dude has one certification, an OSCE.

No OSCP, no Sec+, no CEH, nothing else; just an OSCE.

What would you do if that's all you saw on a resume?
Would you bring him in for an interview?
Would you be curious about that backstory?
Would you assume he's lying?

Comments

  • Options
    BuhRockBuhRock Member Posts: 71 ■■□□□□□□□□
    I would bring him in for an interview for sure. I'd quiz him as I'm taking the OSCE currently. I'd like to know what he plans to do in the future for school, if any. We'd basically just talk tech for like an hr to guage his skillset. I might even have him whiteboard some scripting problems.
  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    They wouldn't get past HR, especially without even a HS diploma. I'd be curious, if it's legit I'd assume they were really bored in HS and dropped out and did their own thing. I'd also wonder if that same person would be willing to sit though the boring parts of the regular job, write reports, present findings, and all the other stuff regular employees have to do.
  • Options
    DatabaseHeadDatabaseHead Member Posts: 2,753 ■■■■■■■■■■
    Agree with Daniel, he/she wouldn't get past HR.
  • Options
    BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Agree with Daniel, he/she wouldn't get past HR.

    I think we are assuming he did. Friend or family of employee?
  • Options
    PhalanxPhalanx Member Posts: 331 ■■■□□□□□□□
    In the UK, HR wouldn't have a say if they get past that point or not. Here, I'd be watchful of him. I'd bring him in, but I'd make sure he was tested in some manner. If it's entry-level, I'd be more inclined to look for the personality and initial drive than how good a qualification is.
    Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
    Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
    Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
    Currently Studying: Microsoft 365 Enterprise Administrator Expert
  • Options
    BuhRockBuhRock Member Posts: 71 ■■□□□□□□□□
    Agree with Daniel, he/she wouldn't get past HR.

    Maybe he wouldn't at your company.
  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    BuhRock wrote: »
    Maybe he wouldn't at your company.
    I think that's part of the exercise, we're talking about our experiences.
  • Options
    NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    BuhRock wrote: »
    Maybe he wouldn't at your company.

    Assuming he wouldn't get passed HR at my place either. That's all someone wants, someone who has obviously spent a lot of time learning how to hack but has never worked in a professional setting and has shown no ambition to actually finish anything else. I see nothing wrong there.
  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    Depends on the competition. His/her resume certainly isn't going to stand out without any experience or at least some education. So even though they probably wouldn't be ruled out completely, they'd likely never make the cut.
    An expert is a man who has made all the mistakes which can be made.
  • Options
    adrenaline19adrenaline19 Member Posts: 251
    So, is HR hurting your company by not giving him a chance or are they saving you time by throwing his resume in the trash?
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Assuming he got past HR, I'd give him an interview, one of our laptops, and tell him to hack away. He wouldn't get very far, but I'd watch what he tries to do, what tools he tries to load, ways he tries to get around our defenses, and I'd know if he knows what he's doing or not. Then if he's no good I'd email the other infosec mgrs in the area and give them a heads up the guy's full of it
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    I would give him a call but given that he's never held a job or completed any form of school, he or she might have trouble adjusting to a job, office ettiquette, structure, etc. Since it is an entry level job, he would only be considered for such so something like help desk, NOC, etc and it's likely his OSCE qualifications would largely be irrelevant for the position
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    Oh one more thing to add: since he or she would not have even a HS diploma, I would worry about their ability to craft formal reports and emails a little more than others.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • Options
    TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Why not verify the OSCE before calling them in?
  • Options
    adrenaline19adrenaline19 Member Posts: 251
    If you verified the OSCE, would that be enough for you to give him/her the job?

    I think Iristheangel made a good point when she said that you'd have to worry about quality reports because of the lack of a high school diploma.

    I feel like this is a really interesting question given the current state of the industry.

    Would it help if the applicant also had some verifiable bug bounties under his/her belt?
  • Options
    IristheangelIristheangel Mod Posts: 4,133 Mod
    OSCE would tell me that this person is fairly technical but in a way that was no way related to an entry level job so it wouldn't really sway me a great deal. In the same way that if someone with a CCIE were to apply for a helpdesk job, you can think in the back of your mind that they might understand how to troubleshoot that TCP/IP stack on a computer a little better than their peers but the rest of the CCIE-level skillset would be largely irrelevant for the job they are applying for. It's the same for the OSCE. It might tell me that they are stronger in Linux than the average helpdesk person but it's largely irrelevant to an entry-level gig like desktop support, helpdesk, etc. Regardless of bug bounties.

    If they are applying for an "entry-level security job," instead of the above jobs I specified, then it's still somewhat irrelevant because most entry-level security jobs aren't full blown pentests and still require years of experience in other parts of IT. It's probably wiser to cert-up based on the professional level you're at right now or the next rung on the ladder instead of jumping too far ahead.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • Options
    xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    I think this is where the great leaders get set apart from the good leaders. Coming from the military, not everyone has the same skillset, background, life/learning experience. Me, personally, I would reach out to them and set them up to a fast track, try to mentor best I could, would try to talk to them on a personal level and get them setup at an entry level and watch them closely. Sometimes, people need a little guidance and direction. I'm grateful to the people in my past, so I would try to return the favor. Might come out bad, but I would try.
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • Options
    636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    I think Iristheangel made a good point when she said that you'd have to worry about quality reports because of the lack of a high school diploma.

    Honestly, most reports I've seen over the past few years are canned templates with a few details customized based on the customer's network. Not a lot of writing skill is actually needed once the template is made.
  • Options
    UnixGuyUnixGuy Mod Posts: 4,567 Mod
    I would hire all the guys with decades of experience, certs, knowledge, and LIFE EXPERIENCE over him.

    OSCE, good for him. Now he needs to get life experience before I can put him in front of customers, colleagues, and others who worked very hard to be where they are
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.