There's a nearby pentesting firm that's hiring via some type of contest:

"... After applying, we will review your resume, and based on your experience and completion of a two-question video screening, you may be invited to participate in our 72-hour challenge. This exciting challenge involves connecting to the brand-new Offensive Security Proving Grounds which involves attempting to break into over 40 systems, each mimicking real-world scenarios."

"Applicants will be challenged to develop phishing attacks, compromising web and mobile applications, password attacks, development of custom exploits, man-in-the-middle attacks and social engineering. In our business, it’s far too easy to throw in the towel and make assumptions. We need top talent who won’t give up because attackers aren’t either."

Show thread

"After completing the challenge, participants are required to write a report outlining what they’ve found, and provide guidance to improve security within the lab environment. The top 5 candidates will be invited to the Packetlabs Corporate office for a final meeting with the team before we select our newest recruit. We may hire two!"

So, am I wrong to feel a bit outraged by this entire fiasco? I like what OffSec does as much as the next guy, but this feels a bit insane, especially when so many people are looking for work. Our industry is small enough, and I'd rather find someone young and eager who's willing to learn and can be molded over some hotshot who can ace a CTF.

I know this company and they're a good group of guys, but man alive this bugs me. It feels exploitive and just downright insane. The job listing says having an OSCP is beneficial, which is nice, but still. If I wanted to work for SANS, IBM, or someone else I can see the need, but even they don't require some 72 hour hackathon to get people a job. Either hire people based on their skills and your interviewing ability or GTFO. This is bullshit.

Oh yes, from the job listing:

"Professional qualifications (2 or more): CISSP, OSCP, OSCE, GWAPT, GPEN, GXPN"

Sorry, if I have any OffSec or SANS certs, I'm not going to put up with this BS.


@JohnsNotHere this is exploitative and shows they do not value their candidates time. A short quiz or test during interview sure but this pop idol style job is downright disrespectful to candidates expected to work a week unpaid for them. I wouldn't even apply, can you name the company so I can warn others please?

@hackerfantastic It's a poor choice, but I'm not going to name-and-shame. To each their own, I was just sharing my own dislike for this practice.

@fallenhitokiri @hackerfantastic @superruserr The fact that the "cyber range" they're using is from Offensive Security, it feels as if they're just offering up their lab environment for 3 days. Crazy, IMO.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!