tag:blogger.com,1999:blog-13756280.post3717673893149184006..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Web Security Specialist ~ Tenacious Hunter NeededJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger29125tag:blogger.com,1999:blog-13756280.post-27516616353504935702008-10-04T18:05:00.000-07:002008-10-04T18:05:00.000-07:00That I do not know, best to email us directly and ...That I do not know, best to email us directly and go from there.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-34809455310253346482008-10-04T09:34:00.000-07:002008-10-04T09:34:00.000-07:00Thanks for your reply Jeremiah. I would require an...Thanks for your reply Jeremiah. I would require an E3 visa which is similar to canadian TN visa (easily acquirable-matter of 7-10 days). Would that be an issue?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-77306826947121640732008-10-03T07:40:00.000-07:002008-10-03T07:40:00.000-07:00Provided you can work legally in the U.S., yes we ...Provided you can work legally in the U.S., yes we would likely consider it. And these position are always open.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-43964529213908512882008-10-02T22:25:00.000-07:002008-10-02T22:25:00.000-07:00Hi Jeremiah,Would you consider an Australian candi...Hi Jeremiah,<BR/><BR/>Would you consider an Australian candidate wiling to relocate to USA.<BR/><BR/>(I understand this post is 2-3 months old and position might not be open anymore)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1802144230858395752008-07-27T18:38:00.000-07:002008-07-27T18:38:00.000-07:00Hello, I think it really comes down what exactly y...Hello, I think it really comes down what exactly you want to do. Programmers with security background/training tend to be at least slightly more marketable because they basically have more experience. If you are straight out of school, you could find a decent progamming position where you can apply and hone your skills. Then start personal research into secure programming and just maybe your employer will pay for specialized training. If not, then you have to do it on your own. Either way the best way to demonstrate your skills is be projects, either on the job or those that are public / open source. That says a lot about a persons capabilities beyond a resume.<BR/><BR/>Hope this helps.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-85826848814863294142008-07-27T17:12:00.000-07:002008-07-27T17:12:00.000-07:00Jeremiah Grossman.. I've recently graduated with a...Jeremiah Grossman.. I've recently graduated with a computer science degree and am looking to get my foot in the door in web application development. My focus is php,javascript,mysql tpe stuff. I think web application security would be a very important thing to have in addition to the programming side. I'm just curious do you think this type of position would steer a programmer away from his field? Would you qualify this position in the Quality Assurance area? I have done so much programming it be a shame to loose those skills by not using them. Just wanted your opinion.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-17804591793948384552008-07-21T02:46:00.000-07:002008-07-21T02:46:00.000-07:00Hi,is this position open for European candidates w...Hi,<BR/>is this position open for European candidates willing to relocate but who don't currently have a green card / visa ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-81672925464946142592008-07-15T20:37:00.000-07:002008-07-15T20:37:00.000-07:00Hey, that sounds fair and fundamentally I agree wi...Hey, that sounds fair and fundamentally I agree with you. I mean its not like WH is culturally against a remote work force. We have many people who telecommute extensively, sales people and such. Developers as well from time to time. Its just our operations department is very special and important to us. As an indication I personally feet away from to make sure things are running smoothly. For that sense of personal assurance,I'll pay the (inefficient) premium.<BR/><BR/>Thanks for the links!Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-76466275436290392372008-07-15T18:43:00.000-07:002008-07-15T18:43:00.000-07:00@jeremiahMy apologies... This is big gripe of mine...@jeremiah<BR/><BR/>My apologies... This is big gripe of mine and my frustration with other companies besides yours is coming thru.<BR/><BR/>I will hold my ground though. I will bet that you could get better talent and deliver more value to your customers if you were willing to look at remote workers.<BR/><BR/>This does not just apply to consulting, many companies and even the US Government have adopted the model.<BR/><BR/>http://www.businessweek.com/magazine/content/06_50/b4013001.htm<BR/><BR/>http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0787960365.html<BR/><BR/></soapbox>Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-67935629342587245882008-07-15T09:45:00.000-07:002008-07-15T09:45:00.000-07:00@anonymous, please don't assume that you understan...@anonymous, please don't assume that you understand our particular operating business requirements better than we do. We have very good reasons for doing the things the way we do, not the least of which is data security precautions. Our methods served us and more importantly our customers very well. We are not consultants and our model is completely different than the telecommuting model you may be envisioning. For many people the environment is simply not a good fit, but that's OK, timing as they say is everything.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-45474237345839120862008-07-15T09:19:00.000-07:002008-07-15T09:19:00.000-07:00Jeremiah:I think you're totally missing the point ...Jeremiah:<BR/><BR/>I think you're totally missing the point of the questions about working from home versus moving to the Bay.<BR/><BR/>There are absolutely TONS of brilliant people who you guys are missing out on because of this archaic and outmoded idea that somehow people are more productive in an office rather than working from home, and working from anywhere in the world.<BR/><BR/>This is a high tech industry... Even in the same office, most people communicate via IM, mail, phone, and a million other methods. <BR/><BR/>Why do so many companies, especially in the Bay Area, seem to expect people to work like they were living in the 1950s?<BR/><BR/>I'd love to work for you guys and would kick ass at the job, but I'll stick with my current employer who understands performance-based-management and a distributed remote workforce.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-67701414405974701552008-07-15T07:48:00.000-07:002008-07-15T07:48:00.000-07:00It feels good to be well thought of. Both WASC and...It feels good to be well thought of. Both WASC and OWASP have several projects that anyone can freely contribute to. <BR/><BR/>http://www.webappsec.org/projects/<BR/><BR/>For your skill set you might consider the following...<BR/><BR/>Distributed Open Proxy Honeypots <BR/>Web Application Firewall Evaluation Criteria <BR/><BR/>No need to be a webappsec or coding expert here. Obviously these are just ideas and I'd highly recommend contributing to the project you'd think you'd enjoy being a part of.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-27130501757074915832008-07-15T06:16:00.000-07:002008-07-15T06:16:00.000-07:00Jeremiah,I listen to pauldotcom and a bunch of oth...Jeremiah,<BR/>I listen to pauldotcom and a bunch of other security podcasts and your name gets mentioned a lot. Anyway what community projects can be contributed to in order to break into the security industry? I am a Unix sys admin by profession.... just like you used to be.<BR/><BR/>Keep up the good work.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-57678584050830986882008-07-10T15:48:00.000-07:002008-07-10T15:48:00.000-07:00Excellent advice. Working there sounds like a grea...Excellent advice. <BR/>Working there sounds like a great learning experience, I'm jealous! <BR/>Thanks for taking the time to reply!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-65026698646451420592008-07-10T14:55:00.000-07:002008-07-10T14:55:00.000-07:00Well, I can't speak for all employers in this spac...Well, I can't speak for all employers in this space, and while degrees and certifications are interesting to us, its not high on our must-have scale. <BR/><BR/>Our needs are very particular and we don't expect to find the skill set in the bulk of our candidates, so we have to train them up in the space and our processes. What we look for more than anything is a demonstration of passion, personal initiation, and a highly analytical mindset. These are the things we can't train.<BR/><BR/>So as far as breaking into the industry goes, my advice is get to know as many people as you can and get involved with community projects. Few things demonstrate ones capabilities better.<BR/><BR/>Hope that helps.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-66510325951229890172008-07-10T14:13:00.000-07:002008-07-10T14:13:00.000-07:00Jeremiah, besides read read read and tinker and br...Jeremiah, besides read read read and tinker and break it and tinker and read. What advice do you give to someone looking to get out of network support and into the security side of things. <BR/>Is a 4 year degree really something companies look for? (I mean I realize any company that even looks remotely interesting and challenging to work for "suggest" or requires a 4 year degree or higher)Does experience, talent and a 2 year degree get any respect? <BR/>As someone looking for employees, and taking the opportunity to "advertise" it to readers of his blog, I am curious. Your wording of this blog post and the wording of the recruiting site are very different.<BR/>Signed,<BR/><BR/>Trying to "hack" his way into the security industry.<BR/><BR/>*Hack as in make it work the way you want or with what you have ;)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-42994195107900883122008-07-10T14:06:00.000-07:002008-07-10T14:06:00.000-07:00I see what you are saying. OK, well, I can only te...I see what you are saying. OK, well, I can only tell you how we do it. Everyone comes into the office and works in coordinated teams. Clients are all remote to us. Yah, I know a lot of people are looking for similar roles, but our requirements are quite stringent and particular.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-45873998296330130392008-07-10T11:50:00.000-07:002008-07-10T11:50:00.000-07:00When I say "on-site" I'm talking about being away ...When I say "on-site" I'm talking about being away from my home office and at your office. Not that of clients in a consultant scenario. Anytime I'm not in my office (which is located approximately 10 feet from my bedroom) I'm "on-site". :)<BR/><BR/>Oddly enough, we had this identical conversation with another well known app testing shop. Adding to the oddity of being able to test with music thumping at any time of day or night (client testing window not withstanding) and wearing dayglo-boxers 4 days in a row while the family is out of town, the "bunny slippers crew" now refers to any work not in our humble home offices as "on-site". :)<BR/><BR/>Or perhaps I've misunderstood you completely? Suffice it to say that if there was an opportunity to work without the requirement of traveling to an office on a daily basis, I know of a number of people looking.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-67098632431758110442008-07-10T11:04:00.000-07:002008-07-10T11:04:00.000-07:00None of our operations team travels, as we're not ...None of our operations team travels, as we're not consultants. At some point we plan open up more geographically distributed offices for our ops team to extend the clock. However, since our customer-base is U.S. centric, we really haven't needed to thus far. Right now we focus on making sure our technology, people, and process are perfect, then replicate elsewhere.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-86176815701418389112008-07-10T10:58:00.000-07:002008-07-10T10:58:00.000-07:00I've been doing web application assessments for a ...I've been doing web application assessments for a long time. What I find difficult to grasp, as I seek employment elsewhere, is that so many companies still require on-site-only staff. Being a "virtual employee" or "telecommuter" for 5 years makes a jump from this lifestyle back into "The Office" lifestyle a bit of a challenge. Although there has been a lot of talk, recently, about a renewed push for remote employee programs.<BR/><BR/>Too bad you don't have options for remote employees. I know a good chunk of a whole team that's ready to leave.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71951644549471942582008-07-10T08:24:00.000-07:002008-07-10T08:24:00.000-07:00Sure, just email me directly.Sure, just email me directly.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-82046122083790705052008-07-10T06:33:00.000-07:002008-07-10T06:33:00.000-07:00Jeremiah, is there a better way to contact you abo...Jeremiah, is there a better way to contact you about these positions? I would be willing to relocate for an opportunity like this, and have realized for quite some time that in order to actually obtain a career in penetration testing and software security architecture I would most likely have to move out to California anyhow being as there are slightly limited I.T./I.S. jobs available on the Eastern half of the U.S. (as far as auditing goes). I'm interested to know all of the details about it.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-71394036993874375752008-07-09T12:34:00.000-07:002008-07-09T12:34:00.000-07:00That would sure beat my current job with a stick. ...That would sure beat my current job with a stick. I wish I was closer.... :(Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-86549594398978521052008-07-09T06:46:00.000-07:002008-07-09T06:46:00.000-07:00from where?It is a good opportunity. A rather larg...from where?<BR/><BR/>It is a good opportunity. A rather large group that does nothing but hack websites and figure out cool new ways to do so.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-72026908219833333612008-07-09T06:36:00.000-07:002008-07-09T06:36:00.000-07:00I would need to relocate there, but finally a dece...I would need to relocate there, but finally a decent opportunity for work.Anonymousnoreply@blogger.com