You know them all too well: They’re the curious kids who take apart their family radios just to see how they work. They’re the entrepreneurial teenagers who write code in their spare time. They’re the enterprising IT professionals who learn assembly language just for fun.
They’re true techies — and they’re the ones Beyond Security is looking for.
“It’s an attitude towards IT. We [want] people that were born with it,” said CEO Aviram Jenik. “You’ll hear a lot from our developers that it’s a hobby: They’re doing it because they like it, and the fact that they can actually get paid for it [is] a plus. They have a passion for technology.”
Finding people with this personality is important to Beyond Security — which has a staff of 30 in cities around the world, including Washington and Sydney, Australia — for a couple reasons. First, it signifies that an individual likely is an early adopter of new technology, which is helpful to a company that provides vulnerability assessment and management services because the employee naturally is inclined to tool around with new programs to find flaws and potential breaches.
“They’ll be developing technologies to test security systems, so they definitely need this hacker mindset,” Jenik said. “[Good security professionals] look at something and say, ‘How can we break it?’ And that’s basically what we need them to do.”
Second, a true passion for technology also implies a base level of interest and understanding that the company values above all else.
“The way we see it, it’s not difficult to teach IT. You can teach a good IT person just about anything you want — any program language, any environment,” Jenik said. “What’s more important for us is not necessarily how good are you at a certain program language, but how well can you learn it and what will be your attitude towards it?”
For this reason, Beyond Security does not pay much attention to a candidate’s specific area of expertise.
“If we’re looking for Java programmers, we don’t care that much how good that person is at Java,” Jenik said. “We’re really not worried about what they know. We’re more worried about, ‘Do they have the attitude, and will they be able to fit in?’”
In fact, team fit is a big priority on Beyond Security’s hiring list. For this reason, the company looks to hire professionals with good soft skills, but mainly for internal reasons: It’s important for employees to collaborate well.
“We’re a small company, so you want nice people to work with you,” Jenik said. “It’s always very important that they be social, that they work as part of the team.”
He added that soft skills play an important role in deciding whether a more senior candidate will make a good manager.
“A good IT person is not necessarily a good IT manager, and vice versa. You can have a team leader who is a mediocre programmer but a great team leader,” Jenik said. “[Ultimately], we’ve got to make sure we can hire someone that our team can approve of.”
That said, the company does look favorably on experience in Linux or other open source technologies because the company is heavily Linux-based, while knowledge of programming languages C and C++ is valuable, Jenik said.
“There are also some bad indicators,” he added. “Technology tends to go in trend waves. A couple years ago, .Net was an extremely trendy technology. So someone that knows .Net, for example, that’s not a bad thing, but if that’s the only thing they know or if everything they know is around that, what we [think] is, ‘Here’s a guy who heard that .Net is cool. He thought he’d have a higher chance getting a job doing .Net programming.’ That’s not a good sign for us.”
In fact, it’s well-rounded experience that trumps all when it comes to hiring at Beyond Security.
“You can’t beat experience. Someone who’s done it, who knows how it works — that’s priceless,” Jenik said.
For this reason, the company doesn’t give much weight to academic background.
“For us, it means absolutely nothing. I’m telling you this as someone who has a BSE in computer science and an MBA,” Jenik said. “Let’s face it: Education doesn’t really teach you IT. You come out and you’ve got to learn it all by yourself.”
The company doesn’t put much stock in certifications, either.
“The way we see it, if you’re certified, you’re pretty good at passing that specific test. That doesn’t necessarily mean that you do what we need to you to do,” Jenik said.
That isn’t to say the company doesn’t value certs — especially the more well-known, vendor-specific ones — that are backed up by quality experience.
“Anything that’s vendor-specific is probably going to help us,” Jenik said.
However, if a candidate has several credentials on his or her resume but hasn’t served in any job roles associated with those subject areas, the certs mean little. This is especially true of recent graduates, Jenik said.
“[That shows us this] is someone who spent their years getting certifications, which is not what we need,” he said. “That’s not a good sign. For us, certification is definitely not a replacement for anything else.”
However, Beyond Security gladly will consider candidates who are recent college graduates, Jenik said.
“The advantage of taking someone fresh [out of school] and molding them is the fact that they don’t usually have bad manners — you can teach them the way that we like to work, our things. And they’re not going to be spoiled by past behavior,” he said. “Whereas with more experienced guys, it’s sometimes easier to just train them on the specific things that we need and make them a little more specialized. They’ll produce a lot faster. There are advantages to both.”
Besides, regardless of skill level, once someone has been hired on at BeyondSecurity, he or she can expect a fair amount of training. That’s because the company assumes the individual has little to no knowledge of what Beyond Security does and how it does it.
“We’ll have to train them from scratch: That’s our basic assumption,” Jenik said. “That’s partly because what we do is specialized.”
Further, the company fully acknowledges there will be an adjustment period during which the new hire won’t be up to speed.
“We’d like not to assume that the person comes in and can fit in immediately and start being productive. We assume that there’s a certain period of training where they’ll not be productive at all,” Jenik said.
Once they settle in, IT professionals have a fairly clear-cut career path at Beyond Security. Professionals are hired on at the entry level as developers. If they’re competent and want to progress, they can be promoted to the team leader position, which means they’ll manage two to three people while still engaging in hands-on development.
“The next stop after that would be to be a product manager, to manage all the technical aspects of a certain product,” Jenik said. “That’s still a very technical job. Those are people that look at code but will not do direct development.”
Supervising it all is the company’s CTO, although Jenik said as Beyond Security grows, he’d like to put more people in charge of overseeing development.
Because of its small size, the company also is flexible in terms of career plans. If a professional wants to remain within development and doesn’t want to move into management, it could be a possibility, Jenik said.
“I know some people that are 40, 45, 50 years old, and they’re still [in] what we’ll call an entry-level position,” he said. “They like to do development. They don’t want to manage anybody. [And] they usually get compensated for it because they have a lot of experience. I know that happens, as well.”
However, for those who want to move up, Beyond Security is more than happy to help.
“Let’s take someone who got into a very entry-level position. I would like to see that person 10 or 15 years from now managing the development, being the VP of R&D for BeyondSecurity,” Jenik said. “For someone who wants it, I’d like to see them moving forward.”
– Agatha Gilmore, firstname.lastname@example.org