another recruiter to avoid

I'm sure that I'm not unique among Infosec professionals in that I receive a LOT of unsolicited email from recruiters. If I'm not actively looking for a job, I delete much of this email, often without reading it. Sometimes, if I think of it as something I'd be interested in if I were looking, I file it. Almost never do I respond to it, unless the position looks so good that I'd actually consider changing jobs to pursue it. I think my response, or lack of it, is pretty typical, and in general, I've found that recruiters assume that if you don't respond, that means you're not interested. After all, if we answered every unsolicited recruiter email, we wouldn't have any time to actually do our jobs.

But every once in a while I get email from some real gem who just refuses to take lack of response for their answer. They'll send several emails, a week or so apart, ending in something I'd expect after ghosting a one-time date from match.com (not that I've done that). That's just...inappropriate. And a little sad. I don't want to work with a company whose recruiters do this, because gawd only knows what other sorts of crap they'll pull (and with an Infosec career that's old enough to drink, I can afford to be picky).

In August I was treated to the following email from a woman named Laura Garcia Hacek who works for a company called XCelerate Solutions. If you click on the link and scroll down halfway, you'll be able to see Laura herself with a quote about how wonderful the company is.  

Hi Mary,

I found your information on LinkedIn and it looks like you have some of the skills we are looking for an Information Assurance/Security Specialist role in Chantilly, VA.

This opportunity requires an active TS SCI clearance. 

Here's a sneak look at the requirements.  

(SNIPPED)

Does this pique your interest? I would love to talk to you more about it. Please let me know when we can talk. 

Not the right time or opportunity? Please share with your network and I will be happy to send you $1,500 referral bonus if we hire someone you send my way and we hire. I look forward to hearing from you!

 The email's subject line, by the way, was Are You the Wonder Woman or Iron Man of Information Assurance?, which was eye catching enough that I did actually read the email. However, I am not in the market for government (i.e. cleared) jobs at this time for what I hope are obvious reasons, so when I saw the "TS SCI" I closed the email, filed it, and did not respond. The fact that she addressed me as "Mary" when my LinkedIn profile says "Mimi" really puzzled me also.

And then I received three more emails, each spaced five days or less apart. The last one read:

Hi again Mary,

So, I've been trying to reach you for a couple weeks now, and getting no love in return. :(

I wouldn't have been reaching out if I didn't think that this would be something very relevant to you based on all the stuff I've seen you're working on.

Maybe this isn't the right time, but I'd love to at least connect to gauge if this could be something interesting to you in the future.

My phone is xxx-xxx-xxxx, and of course you can just reply to this email to let me know!

What. The. Fuck. How desperate is she, right?

I finally did respond to this last email, to tell her that based on her behavior, I did not want to work with her company, and not to email me again. I haven't felt this creeped out since I was actively dating.

Recruiters, take note: if they don't respond after Email #2, MOVE ON.

way uncool

As someone with a lot of experience in a high-demand field, I get a large number of cold emails from recruiters. Depending on how interesting the email looks, I either delete them or file them, but I rarely reply. On June 23, I received an email from Emily at a firm called Vettery. From her email, it looked as if she'd emailed me before, which is entirely possible. Her email read:

Hi Mimi, 

Hope you’re doing well. I’m following up to see if you have any questions. 

At Vettery, we run weekly showcases where we feature some of the best tech candidates in the area who are interested in exploring opportunities (both passively and actively). As a candidate you have the ability to accept or decline each interview request you receive from our clients, so it is super low commitment, and a great way to just see what's on the market. 

Are you available for a quick call sometime over the next couple of days? 

Best, Emily

As I'm not in the market for a job at this point, I just filed the email. However, on June 27, she emailed me again:

Hi Mimi, Just wanted to follow up and see if you were available. We'd love to tell you more about Vettery and learn about your background. Would you have a few minutes for a quick call sometime this week?

OKAY FINE. I responded, none too enthusiastically:

Hello Emily, I haven't responded because I'm really not in the market right now. That said, I'm always willing to talk. The best time to call me is any Monday between 1 and 5 pm. My phone # is xxx-xxx-xxxx.

Emily apparently felt that Monday would not do; this wasn't entirely unreasonable of her, given that July 4, which is Tuesday, is a holiday, and most people (including me) have Monday off as well. So finally I agreed to take her call this morning at 10 and just try to slip into a meeting room for privacy. 10am came with no call. Sighing, I checked my mail to see what was up, only to read the following:

Hey Mimi -- Thanks for getting back, I really appreciate it! After looking further into your profile, I spoke with my team and think it would be best for us to reconnect in the future as it seems that we don't have any open positions that fit your background right now. We'd still love to stay in touch with you for future opportunities. You can check out our website and create a profile there to stay connected. We'll be sure to reach back out to you when something opens up. 

Thanks, and hope to stay in touch! 

Best, Emily

So, Emily, let me get this straight. Your company - which I've never heard of before this exchange, but which is apparently fairly well known to jobseekers in the finance world (in its previous incarnation as Street of Walls) - is apparently trying to entice high level tech candidates to join the site in order to market them to clients looking to employ them. You stumbled across me somewhere, maybe on LinkedIn, and somehow got the idea that I'd be a fit for one or more of your clients, and pushed me hard to commit to talking to you outside of my stated comfort zone. Aaaand then something (either that you didn't actually read my background, which is very well documented on LinkedIn, or some other issue about me that you suddenly had) made you drop me on my ass less than an hour before our scheduled conversation. And don't think I don't know you dropped me. Regardless of having any current positions that fit me, you could have spared the ten minutes out of your day to talk to me, especially since you'd pushed me when I'd stated my preferences. You made it very clear that it's not about helping your candidates, it's just about whether or not you can make any money off them.

 (And okay, sure, I wasn't born yesterday. I know it's about the money. But most recruiters try not to make it quite so obvious.)

 So, uh, no, while Vettery seems like an interesting hiring model, I will not be creating a profile there. And I wouldn't advise anyone else to, either. That was just way uncool.

interview with Paul's Security Weekly

On 4/27/2017 I was interviewed by Paul Asadoorian and his co-hosts for his show, Paul's Security Weekly. Although​ he didn't remember it at the time, I worked with Paul briefly when I was with Tenable, and it was great talking with him again. I think I sound kind of derpy, but I always think that. 

Doing the show was great and I really have only one issue with the process. A lot of the people Paul has on his show are principals at their companies. I am not, and his show runners, who are great people but fairly inexperienced, didn't know how to handle that situation. Without telling me, they teased the show with my present company's name and logo plastered all over the place, which is a definite no-no for anyone who isn't an official company spokesperson. I was in class all week, so I wasn't checking my usual Internet spots; if I had been, I would have not only told them to change it BEFORE the show but I would have refused to mention my company at all (as it was, I believe I said nothing that wasn't okay to say). Unfortunately, the teaser material was up overnight, and by the time I could get it removed the next morning I was dealing with a minor shitstorm. 

The somewhat hilarious result of this is that the show runners, apparently feeling I couldn't just represent myself, picked the next company down in my LinkedIn profile to associate with me: Taylor and Francis. I do indeed have a continuing association with them, in that they publish the official CISSP journal, which I've written and peer-reviewed for, but I am not exactly "of" them as the show notes imply, nor did they come up in the conversation at all.

One of the things I'm inspired to do as a result of the show is to start blogging here again. I'd stopped when I moved back to the DC area for various reasons, but I think that it's really time I got back to it. So expect to see more in this space. 

Here's the show: