How to assess candidate's learning aptitude for red team in Cybersecurity?How can I assess an organization to better my career?Accidentally mentioned the names of shortlist candidates for a jobHow should I adjust my interview questions for female candidates?How to interview candidates above your understanding?Value of using a 3rd party recruiter's candidates, for employerInterview Question: How would you assess your own performance when working as part of a team?Candidates that are late for interviews?How to assess a candidate's ability to receive criticism?Interviewing candidates for “bad” projectsHow to assess non standard resume in a conservative industry

What does the following chess proverb mean: "Chess is a sea where a gnat may drink from and an elephant may bathe in."

My current job follows "worst practices". How can I talk about my experience in an interview without giving off red flags?

Which dice game has a board with 9x9 squares that has different colors on the diagonals and midway on some edges?

What should I watch before playing Alien: Isolation?

Reissue US, UK, Canada visas in stolen passports

What kind of curve (or model) should I fit to my percentage data?

Book in which the "mountain" in the distance was a hole in the flat world

Can a creature sustain itself by eating its own severed body parts?

Why do we need an estimator to be consistent?

Can "Taking algebraic closure" be made into a functor?

Oriented vector bundle with odd-dimensional fibers

Calculating Fibonacci sequence in several different ways

What are "the high ends of castles" called?

Count the identical pairs in two lists

Does switching on an old games console without a cartridge damage it?

Killing a star safely

Can the caster of Time Stop still use their bonus action or reaction?

Is it OK to accept a job opportunity while planning on not taking it?

Finding Greatest Common Divisor using LuaLatex

On a Gameboy, what happens when attempting to read/write external RAM while RAM is disabled?

What is the standard representation of a stop which could be either ejective or aspirated?

Why is there an extra "t" in Lemmatization?

As the Ferris wheel turns

Is it better to merge "often" or only after completion do a big merge of feature branches?



How to assess candidate's learning aptitude for red team in Cybersecurity?


How can I assess an organization to better my career?Accidentally mentioned the names of shortlist candidates for a jobHow should I adjust my interview questions for female candidates?How to interview candidates above your understanding?Value of using a 3rd party recruiter's candidates, for employerInterview Question: How would you assess your own performance when working as part of a team?Candidates that are late for interviews?How to assess a candidate's ability to receive criticism?Interviewing candidates for “bad” projectsHow to assess non standard resume in a conservative industry






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















Our company has grown to the size that we are looking to specialize in the roles within the cybersecurity function. At a high level, we are diving into offensive security employees- colloquially also known as red team to act similar to a penetration tester attempting to exploit security, and a Blue team focused on defensive security, controls engineering, and incident detection / response.



Currently the Security Operations team is almost entirely focused on defensive security. We are starting recruiting for new employees to work in the offensive security capability. Form my experience in cybersecurity, and interacting with my network members working in cyber, successful penetration testers / red team members are "future focused",and "think like a black hat" reading and educating themselves on vulnerabilities discovered and how an adversary can exploit them. To summarize, learning how to learn.



I realize evaluating candidates how they learn and keep abreast of news within the cybersecurity profession may be somewhat subjective, because learning styles are different for all individuals. Also, the importance of events are often also subjective. For example, some sectors may be exposed more to a particular event / breach.




How can I best objectively assess a candidates learning aptitude
within specialized field in IT?



  • Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it
    as "intrusion" into their work - life balance and be turned off
    therefore?










share|improve this question



















  • 1





    "Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

    – DarkCygnus
    56 mins ago

















1















Our company has grown to the size that we are looking to specialize in the roles within the cybersecurity function. At a high level, we are diving into offensive security employees- colloquially also known as red team to act similar to a penetration tester attempting to exploit security, and a Blue team focused on defensive security, controls engineering, and incident detection / response.



Currently the Security Operations team is almost entirely focused on defensive security. We are starting recruiting for new employees to work in the offensive security capability. Form my experience in cybersecurity, and interacting with my network members working in cyber, successful penetration testers / red team members are "future focused",and "think like a black hat" reading and educating themselves on vulnerabilities discovered and how an adversary can exploit them. To summarize, learning how to learn.



I realize evaluating candidates how they learn and keep abreast of news within the cybersecurity profession may be somewhat subjective, because learning styles are different for all individuals. Also, the importance of events are often also subjective. For example, some sectors may be exposed more to a particular event / breach.




How can I best objectively assess a candidates learning aptitude
within specialized field in IT?



  • Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it
    as "intrusion" into their work - life balance and be turned off
    therefore?










share|improve this question



















  • 1





    "Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

    – DarkCygnus
    56 mins ago













1












1








1








Our company has grown to the size that we are looking to specialize in the roles within the cybersecurity function. At a high level, we are diving into offensive security employees- colloquially also known as red team to act similar to a penetration tester attempting to exploit security, and a Blue team focused on defensive security, controls engineering, and incident detection / response.



Currently the Security Operations team is almost entirely focused on defensive security. We are starting recruiting for new employees to work in the offensive security capability. Form my experience in cybersecurity, and interacting with my network members working in cyber, successful penetration testers / red team members are "future focused",and "think like a black hat" reading and educating themselves on vulnerabilities discovered and how an adversary can exploit them. To summarize, learning how to learn.



I realize evaluating candidates how they learn and keep abreast of news within the cybersecurity profession may be somewhat subjective, because learning styles are different for all individuals. Also, the importance of events are often also subjective. For example, some sectors may be exposed more to a particular event / breach.




How can I best objectively assess a candidates learning aptitude
within specialized field in IT?



  • Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it
    as "intrusion" into their work - life balance and be turned off
    therefore?










share|improve this question
















Our company has grown to the size that we are looking to specialize in the roles within the cybersecurity function. At a high level, we are diving into offensive security employees- colloquially also known as red team to act similar to a penetration tester attempting to exploit security, and a Blue team focused on defensive security, controls engineering, and incident detection / response.



Currently the Security Operations team is almost entirely focused on defensive security. We are starting recruiting for new employees to work in the offensive security capability. Form my experience in cybersecurity, and interacting with my network members working in cyber, successful penetration testers / red team members are "future focused",and "think like a black hat" reading and educating themselves on vulnerabilities discovered and how an adversary can exploit them. To summarize, learning how to learn.



I realize evaluating candidates how they learn and keep abreast of news within the cybersecurity profession may be somewhat subjective, because learning styles are different for all individuals. Also, the importance of events are often also subjective. For example, some sectors may be exposed more to a particular event / breach.




How can I best objectively assess a candidates learning aptitude
within specialized field in IT?



  • Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it
    as "intrusion" into their work - life balance and be turned off
    therefore?







interviewing software-industry recruitment






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 38 mins ago









DarkCygnus

44.2k21 gold badges96 silver badges185 bronze badges




44.2k21 gold badges96 silver badges185 bronze badges










asked 1 hour ago









AnthonyAnthony

6,33916 silver badges62 bronze badges




6,33916 silver badges62 bronze badges







  • 1





    "Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

    – DarkCygnus
    56 mins ago












  • 1





    "Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

    – DarkCygnus
    56 mins ago







1




1





"Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

– DarkCygnus
56 mins ago





"Given a certain amount of learning may happened outside of work, is such a question fair to the candidate? Would candidates likely see it as "intrusion" into their work - life balance and be turned off therefore?" - Would you mind clarifying what you mean here, please? Are you expecting that your employees study work-related things outside work hours? Is that something you plan on asking during the interview?

– DarkCygnus
56 mins ago










1 Answer
1






active

oldest

votes


















0















How can I best objectively assess a candidates learning aptitude within specialized field in IT?




First of all it is a bit tricky to be able to truly gauge and understand a candidate's aptitudes and skills solely during interviews. That is why most times there are several rounds of interviews, coding tests, etc..



Now, that being said, if you want to assess the learning aptitude a candidate has, I would suggest focusing your questions towards the ways and resources the candidate uses to solve problems.



You want to ask questions like "When facing a new penetration project/test, what are the usual steps you take?", or well "When you find a dead-end or are unsure what to do next what you usually do?"... and you want to see if the candidate's answer indicates learning aptitude (googling, searching on SO, searching on forums, reading doc, etc., or whatever aspects you are looking for).



As mentioned before, assessing candidates during interviews is not trivial, and sometimes only when the candidate is on-board and starts with real projects and tests is that you will really see if they have learning aptitude. That is why sometimes job roles may have a probation period, so both you and the candidate can see if you are a good fit. You could consider having a probation period so you have more time to better gauge their aptitudes.






share|improve this answer

























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "423"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f140896%2fhow-to-assess-candidates-learning-aptitude-for-red-team-in-cybersecurity%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0















    How can I best objectively assess a candidates learning aptitude within specialized field in IT?




    First of all it is a bit tricky to be able to truly gauge and understand a candidate's aptitudes and skills solely during interviews. That is why most times there are several rounds of interviews, coding tests, etc..



    Now, that being said, if you want to assess the learning aptitude a candidate has, I would suggest focusing your questions towards the ways and resources the candidate uses to solve problems.



    You want to ask questions like "When facing a new penetration project/test, what are the usual steps you take?", or well "When you find a dead-end or are unsure what to do next what you usually do?"... and you want to see if the candidate's answer indicates learning aptitude (googling, searching on SO, searching on forums, reading doc, etc., or whatever aspects you are looking for).



    As mentioned before, assessing candidates during interviews is not trivial, and sometimes only when the candidate is on-board and starts with real projects and tests is that you will really see if they have learning aptitude. That is why sometimes job roles may have a probation period, so both you and the candidate can see if you are a good fit. You could consider having a probation period so you have more time to better gauge their aptitudes.






    share|improve this answer



























      0















      How can I best objectively assess a candidates learning aptitude within specialized field in IT?




      First of all it is a bit tricky to be able to truly gauge and understand a candidate's aptitudes and skills solely during interviews. That is why most times there are several rounds of interviews, coding tests, etc..



      Now, that being said, if you want to assess the learning aptitude a candidate has, I would suggest focusing your questions towards the ways and resources the candidate uses to solve problems.



      You want to ask questions like "When facing a new penetration project/test, what are the usual steps you take?", or well "When you find a dead-end or are unsure what to do next what you usually do?"... and you want to see if the candidate's answer indicates learning aptitude (googling, searching on SO, searching on forums, reading doc, etc., or whatever aspects you are looking for).



      As mentioned before, assessing candidates during interviews is not trivial, and sometimes only when the candidate is on-board and starts with real projects and tests is that you will really see if they have learning aptitude. That is why sometimes job roles may have a probation period, so both you and the candidate can see if you are a good fit. You could consider having a probation period so you have more time to better gauge their aptitudes.






      share|improve this answer

























        0












        0








        0








        How can I best objectively assess a candidates learning aptitude within specialized field in IT?




        First of all it is a bit tricky to be able to truly gauge and understand a candidate's aptitudes and skills solely during interviews. That is why most times there are several rounds of interviews, coding tests, etc..



        Now, that being said, if you want to assess the learning aptitude a candidate has, I would suggest focusing your questions towards the ways and resources the candidate uses to solve problems.



        You want to ask questions like "When facing a new penetration project/test, what are the usual steps you take?", or well "When you find a dead-end or are unsure what to do next what you usually do?"... and you want to see if the candidate's answer indicates learning aptitude (googling, searching on SO, searching on forums, reading doc, etc., or whatever aspects you are looking for).



        As mentioned before, assessing candidates during interviews is not trivial, and sometimes only when the candidate is on-board and starts with real projects and tests is that you will really see if they have learning aptitude. That is why sometimes job roles may have a probation period, so both you and the candidate can see if you are a good fit. You could consider having a probation period so you have more time to better gauge their aptitudes.






        share|improve this answer














        How can I best objectively assess a candidates learning aptitude within specialized field in IT?




        First of all it is a bit tricky to be able to truly gauge and understand a candidate's aptitudes and skills solely during interviews. That is why most times there are several rounds of interviews, coding tests, etc..



        Now, that being said, if you want to assess the learning aptitude a candidate has, I would suggest focusing your questions towards the ways and resources the candidate uses to solve problems.



        You want to ask questions like "When facing a new penetration project/test, what are the usual steps you take?", or well "When you find a dead-end or are unsure what to do next what you usually do?"... and you want to see if the candidate's answer indicates learning aptitude (googling, searching on SO, searching on forums, reading doc, etc., or whatever aspects you are looking for).



        As mentioned before, assessing candidates during interviews is not trivial, and sometimes only when the candidate is on-board and starts with real projects and tests is that you will really see if they have learning aptitude. That is why sometimes job roles may have a probation period, so both you and the candidate can see if you are a good fit. You could consider having a probation period so you have more time to better gauge their aptitudes.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 39 mins ago









        DarkCygnusDarkCygnus

        44.2k21 gold badges96 silver badges185 bronze badges




        44.2k21 gold badges96 silver badges185 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to The Workplace Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f140896%2fhow-to-assess-candidates-learning-aptitude-for-red-team-in-cybersecurity%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

            Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

            199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單