Revenge of the Nerds.
So, we’re pulling up to #BSidesLV (after attending, I’m still not sure what the hell that means), and I’m about to swipe my card through the taxi meter when suddenly, the screen goes black. Suddenly, some Linux instance popped up (I know because it was written on the bottom of the screen), although I have no idea what the hell it said, since I’m not that technically proficient.
I didn’t have to know code, though, to get the message loud and clear. I gingerly put my debit card back in my wallet (crisis averted), then asked my partner in crime Pete to borrow some cash. He’s much more prepared for this than I am, with a burner phone and shit. I just run a pretty solid VPN I got in the iTunes store and make sure to use my browsers in incognito only, with all location services turned off.
This I do as a matter of course – I figured that with thousands of hackers descending upon Vegas for three concurrent cybersecurity conferences, if I was going to be penetrated, than there was really nothing I could do about it. About that word. Turns out InfoSec guys like using the phrase “penetration testing” out there about as much as TA types talk about “candidate experience” or “big data.”
I would use Google to figure out what this actually means, but I’m pretty sure that ends with either Chris Hansen or the Feds at my door, and instead, I just laughed like a little schoolboy every. single. time. the word “penetration” was used. And believe you me, it was a lot. I’m like 12, seriously, but c’mon, you guys. That’s ridiculous.
I’m not just using this as an excuse to talk about penetration, which, by the way, makes this literally a hard core post. This is apropos, considering that BSides/Blackhat/Defcon were the three most hard core conferences I’ve ever been to in my life. It was like the time I went to an Insane Clown Posse show in Missouri when I was growing up. I had no idea what the hell was going on, or what all these people were getting so into – only that I had no business being there.
I normally only get to go to recruiting conferences, which means I’ve got to trot out some well worn speech about “employer brand’ or “social recruiting” or some shit, run through a deck and sit through a bunch of presentations that are more or less variations on the same theme.
These mostly make me want to stab my eyes out, not because the content or other presenters aren’t good, but because you hit a certain moment in your life where you can’t listen to people talk about sourcing strategy or Boolean search anymore. You shouldn’t have to. Yet, from a technology standpoint, the fact that we’re even talking about stuff like X-Ray search would probably have cracked up the hackers I met up with in Vegas.
In the world of talent acquisition, I’m probably closer to the head of the curve in terms of knowing my way around tech; I understand stuff like APIs, am pretty proficient on social media and spend a ton of time advising on product roadmaps, integrations and the HR Tech ecosystem, which makes me like the Alan Turing of Talent Acquisition.
But at BSides, I was like one of those sweater wearing SHRM ladies asking about what the “pound” sign at the end of the “Tweeters” meant. I actually know a bit about coding and software engineering – the development side of the house, at least from a recruiting perspective. I just know next to nothing about how the business of protecting (or penetrating) all that code all that “tech talent” gets paid big bucks to crank out, and turns out that Information Security professionals are among the most in demand on the jobs market.
There are estimated to be 1.5 million open cybersecurity jobs by 2020, when data privacy will be even more dead than it is today. But it struck me that the people around me might look like they were straight out of a Hot Topic catalog or ComicCon Toledo, but they had more power than probably anyone in the world, and it can be used for good (protecting our personal identifiable information or proprietary data) or evil (LinkedIn Connect) – or just neutral, like seeing if you could penetrate the taxi’s payment system remotely.
So why was I there? Turns out that people who most recruiters would spend days trying to source were lining up for resume and career advice – and for some reason, they let me be the one to give it. Unlike most job fairs, I’d see these candidates, CISSPs and MS degrees and security clearances in hand, and I’d assure them they had nothing to worry about.
Some guy with a Johns Hopkins PhD and a section of his resume that was actually REDACTED (how f-ing cool is that?) asked if recruiters would think he was stalking them or weird if he contacted them directly for jobs. I told him I was pretty sure that he would be fine. They all would be.
Seriously, every candidate I talked to was placeable, the kind search firms get paid big bucks to track down. But there they were, worried about their resumes or what recruiters might think – and how to make a good impression or get a foot in the door for that kick ass job they saw posted and applied to (why didn’t they ever hear back, one Vet with an MIS/MBA from Harvard asked me – I had nothing).
Then it struck me. There’s no talent shortage in tech.
Just in tech recruiting.
The hackers pretty much agreed. Which is good, because these are the kind of people you don’t want to piss off. Of course, they can’t seem to find their way through an ATS, either, so guess they’re not so different, after all. Except, of course, for the obsession with Mr. Robot and UtilKilts.
Read more at Fistful of Talent.
Snark Attack 
Classic Charney: perfect mix of snark, cross-realm analogy and dead-on insight that makes you chuckle and groan simultaneously!
Thanks. I think that’s my new pull quote.
A very serendipitous article for me Matt as I am in the midst of a search for a Hadoop developer and before I started had no freaking clue what Hive or Pig is…. I’ve found the best (and placeable) candidate s are the ones who can actually explain what Hadoop is to a non-tech guy like me cause I have to put these people in front of senior managers to do the same… But like you say, there’s no shortage in tech talent, just tech recruiting who can actually understand wtf they are looking for lol
For InfoSec I have no idea where you’d even start, so at least you have codebase to look for, not the guy who’s looking to get into said code and screw it up. Could be worse, but good luck and thanks for the comment amigo.
Great article Matt! I just started following your blog and love your writing. Sounds like these guys are as worried about their resumes as recruiters are about using the phone.