EPISODE · Oct 25, 2019 · 36 MIN
Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)
from Getting Into Infosec
Part 1 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years. BIO: I've been in infosec for 8 years, and in various IT roles since 1996 (Developer -> Sales Engineer -> BD Specialist -> Security BD -> Security Recruiting -> Dir. Corp Dev). However, I've also been one of the top recruiters for each company I worked at whatever role I've had. Show Notes: Internal recruiters != external recruiters Backgrounds are different External recruiters come from varied backgrounds, virtually zero from infosec Much like BD people Internal recruiters are more likely to have a greater understanding of infosec or at least IT A recruiter that doesn't understand security is more likely to make bad placements with higher turnover Motivations are far different I want to choose people to spend a career with They want to make a commission and meet SLAs Attention to detail is very different A tiny detail that could betray a hidden skill set or flaw would likely be overlooked by a 3rd party I have an interest in understating the person, not just the resume What is their desired career/life trajectory? How will our company enrich/hinder that life? You are in competition with an army of low-skilled counterfeits You need to be able to demonstrate raw skills, not just list your certs Have a body of work available for review on GitHub, your own site, etc. Internships are a nice touch, but they cut both ways You interned with unnamed-big-4-biz-consulting firm? Don't drag that culture in here. I fear for what you learned. Can't talk about where you interned because it was a non-DOD three-letter agency? Communicate that point to me in your way. If that is the truth, I'll trace you back and verify. Always be client-facing I have seen many recruits passed over for poor hygiene, arrogant treatment of interviewers, disclosure of illegal activity, and just generally obnoxious behavior You couldn't act like this on a client site and not get sent home; don't do it on the interview Yes, you are talented...there's always someone cooler than you Interview your interviewers You should have a standing list of questions for interviewers Why do you stay with them? What is the intended growth path? Organic? IPO? Channel? Is there any merger/acquisition activity going on? Planned? Intended impact? Is there any rebranding activity going on? Planned? Intended impact? What conditions are driving this open role? Turnover? Internal restructuring? Organizational growth? Will I be supported in my security research? How? Does your company have a defined mentoring path? Why not? How does the company support continuing infosec education? Meet your team Watch the team interaction closely Can you see cohesion? Are they supportive or adversarial? Are they authentically happy with their jobs? Understand the org chart you are stepping into To whom does security answer? CXX? IT Director? General Counsel? Understanding this will help mitigate surprises later Understand the company culture Big corp? Big corp problems. Boutique?...
What this episode covers
Part 1 of 2 - Nick Jeswald has been an external and internal recruiter in security. He shares with us what he looks for in a candidate, common mistakes made by candidates, and the nuances of hackers he's learned over the years.
NOW PLAYING
Nick Jeswald - Confessions of a Cybersecurity Recruiter (Part 1)
No transcript for this episode yet
Similar Episodes
Feb 4, 2026 ·18m