So, we’re pulling up to #BSidesLV (after attending, I’m still not sure what the hell that means), and I’m about to swipe my card through the taxi meter when suddenly, the screen goes black. Suddenly, some Linux instance popped up (I know because it was written on the bottom of the screen), although I have no idea what the hell it said, since I’m not that technically proficient. If you’re not familiar with BSides (I wasn’t), it’s sort of an un-conference for hackers, with open conversations and attendee participation driving an event that purports to put the “Info” back in “InfoSec.” So, Edward Snowden, Julian Assange, Kim Dotcom and LinkedIn’s data privacy team walk into a bar…and you kind of get what was going on.
That’s why when I saw what looked to be a harmless enough system error pop up upon arrival, I got a little freaked out, frankly. Lines of code suddenly popped up like the Matrix, and I had no idea what the hell was going on except to say that there seemed to be some strange things afoot at the Circle K.
I didn’t have to know code, though, to get the message loud and clear. I gingerly put my debit card back in my wallet (crisis averted), then asked my partner in crime Pete to borrow some cash. He’s much more prepared for this than I am, with a burner phone and shit. I just run a pretty solid VPN I got in the iTunes store and make sure to use my browsers in incognito only, with all location services turned off.
This I do as a matter of course – I figured that with thousands of hackers descending upon Vegas for three concurrent cybersecurity conferences, if I was going to be penetrated, then there was really nothing I could do about it. About that word. Turns out InfoSec guys like using the phrase “penetration testing” out there about as much as TA types talk about “candidate experience” or “big data.”
I would use Google to figure out what this actually means, but I’m pretty sure that ends with either Chris Hansen or the Feds at my door, and instead, I just laughed like a little schoolboy every. single. time. the word “penetration” was used. And believe you me, it was a lot. I’m like 12, seriously, but c’mon, you guys. That’s ridiculous.
I’m not just using this as an excuse to talk about penetration, which, by the way, makes this literally a hard core post. This is apropos, considering that BSides/Blackhat/Defcon were the three most hard core conferences I’ve ever been to in my life. It was like the time I went to an Insane Clown Posse show in Missouri when I was growing up. I had no idea what the hell was going on, or what all these people were getting so into – only that I had no business being there.
I normally only get to go to recruiting conferences, which means I’ve got to trot out some well worn speech about “employer brand’ or “social recruiting” or some shit, run through a deck and sit through a bunch of presentations that are more or less variations on the same theme.
These mostly make me want to stab my eyes out, not because the content or other presenters aren’t good, but because you hit a certain moment in your life where you can’t listen to people talk about sourcing strategy or Boolean search anymore. You shouldn’t have to. Yet, from a technology standpoint, the fact that we’re even talking about stuff like X-Ray search would probably have cracked up the hackers I met up with in Vegas.
In the world of talent acquisition, I’m probably closer to the head of the curve in terms of knowing my way around tech; I understand stuff like APIs, am pretty proficient on social media and spend a ton of time advising on product roadmaps, integrations and the HR Tech ecosystem, which makes me like the Alan Turing of Talent Acquisition.
But at BSides, I was like one of those sweater wearing SHRM ladies asking about what the “pound” sign at the end of the “Tweeters” meant. I actually know a bit about coding and software engineering – the development side of the house, at least from a recruiting perspective. I just know next to nothing about how the business of protecting (or penetrating) all that code that “tech talent” gets paid big bucks to crank out, and turns out that Information Security professionals are among the most in demand on the jobs market. There are estimated to be 1.5 million open cybersecurity jobs by 2020, when data privacy will be even more dead than it is today. But it struck me that the people around me might look like they were straight out of a Hot Topic catalog or ComicCon Toledo, but they had more power than probably anyone in the world, and it can be used for good (protecting our personal identifiable information or proprietary data) or evil (LinkedIn Connect) – or just neutral, like seeing if you could penetrate the taxi’s payment system remotely.
So why was I there? Turns out that people who most recruiters would spend days trying to source were lining up for resume and career advice – and for some reason, they let me be the one to give it. Unlike most job fairs, I’d see these candidates, CISSPs and MS degrees and security clearances in hand, and I’d assure them they had nothing to worry about.
Some guy with a Johns Hopkins PhD and a section of his resume that was actually REDACTED (how f-ing cool is that?) asked if recruiters would think he was stalking them or weird if he contacted them directly for jobs. I told him I was pretty sure that he would be fine. They all would be.
Seriously, every candidate I talked to was placeable, the kind search firms get paid beaucoup bucks to track down. But there they were, worried about their resumes or what recruiters might think – and how to make a good impression or get a foot in the door for that kick ass job they saw posted and applied to (why didn’t they ever hear back, one Vet with an MIS/MBA from Harvard asked me – I had nothing).
Then it struck me. There’s no talent shortage in tech.
Just in tech recruiting.
The hackers pretty much agreed. Which is good, because these are the kind of people you don’t want to piss off. Of course, they can’t seem to find their way through an ATS, either, so guess they’re not so different, after all. Except, of course, for the obsession with Mr. Robot and UtilKilts.