matasano   84

« earlier    

Broken record: startups are also probably rejecting a *lot* of engineering candi... | Hacker News
Broken record: startups are also probably rejecting a lot of engineering candidates that would perform as well or better than anyone on their existing team, because tech industry hiring processes are folkloric and irrational.
I co-manage a consultancy. We operate in the valley. We're in a very specialized niche that is especially demanding of software development skills. Our skills needs also track the market, because we have to play on our clients turf. Consultancies running in steady state have an especially direct relationship between recruiting and revenue.
A few years ago, we found ourselves crunched. We turned a lot of different knobs to try to solve the problem. For a while, Hacker News was our #1 recruiting vehicle. We ran ads. We went to events at schools. We shook down our networks and those of our team (by offering larger and larger recruiting bonuses, among other things).
We have since resolved this problem. My current perspective is that we have little trouble filling slots as we add them, in any market --- we operate in Chicago (where it is trivially easy to recruit), SFBA (harder), and NYC (hardest). We've been in a comfortable place with recruiting for almost a year now (ie, about half the lifetime of a typical startup).
I attribute our success to just a few things:
* We created long-running outreach events (the Watsi-pledging crypto challenges, the joint Square MSP CTF) that are graded so that large numbers of people can engage and get value from them, but people who are especially interested in them can self-select their way to talking to us about a job. Worth mentioning: the crypto challenges, which are currently by far our most successful recruiting vehicle (followed by Stripe's CTF #2) are just a series of emails we send; they're essentially a blog post that we weaponized instead of wasting on a blog.
* We totally overhauled our interview process, with three main goals: (1) we over-communicate and sell our roles before we ever get selective with candidates, (2) we use quantifiable work-sample tests as the most important weighted component in selecting candidates, and (3) we standardize interviews so we can track what is and isn't predictive of success.
Both of these approaches have paid off, but improving interviews has been the more important of the two. Compare the first 2/3rds of Matasano's lifetime to the last 1/3rd. The typical candidate we've hired lately would never have gotten hired at early Matasano, because (a) they wouldn't have had the resume for it, and (b) we over-weighted intangibles like how convincing candidates were in face-to-face interviews. But the candidates we've hired lately compare extremely well to our earlier teams! It's actually kind of magical: we interview people whose only prior work experience is "Line of Business .NET Developer", and they end up showing us how to write exploits for elliptic curve partial nonce bias attacks that involve Fourier transforms and BKZ lattice reduction steps that take 6 hours to run.
How? By running an outreach program that attracts people who are interested in crypto, and building an interview process that doesn't care what your resume says or how slick you are in an interview.
Matasano  interviewing 
december 2016 by HM0880
[no title]
Link from Steven with some good (?) ideas about hiring.
hiring  Matasano 
may 2016 by overthink

« earlier    

related tags

a-e-s  aes  algorithms  apex  appsec  archive  article  assembly  bestpractices  beveiliging  blog  business  c4  cache  challenge  challenges  chargen  code  codegolf  coding  computer  consulting  cookie  crypto  crypto_challenges  cryptochallenges  cryptography  cryptopals  ctf  dankaminsky  debugging  decrypt  dev  development  diffie-hellman  dns  druid  education  embedded  encryption  engineering  exploit  fingerprint  funny  game  gpg  guide  hack  hackernews  hacking  hash  hashing  hdmoore  hiring  howto  humor  idea  ifttt  indie  info-sec  infosec  interactive-approach  interview  interviewing  ios  javascript  kryptographie  latacora  learning  lijst  low-level  mac-os-x  mac  management  matasano-crypto-challenges  matasanochargen  metasploit  ncc  net-sec  network  obj  password  passwords  pentesting  pgp  pinboard  privacy  program  programmeren  programmierung  programming  projects  ptacek  python  rainbow_table  recruitment  reference  resource  review  rsa  safety  salt  security  software  solution  sourcecode  square  ssh  ssl  startup  step  stream  study  systems  techculture  tips  tls  todo  training  unix  unread  web  webdev  webdevelopment  whitehatters  work  wrong  xor 

Copy this bookmark: