Re: Mentioning Defcon or other security conferences in resume

I have not, but that's because I'm still on my first IT job, paying my dues.

As a related story (there IS a reason I replied!), one of my parent's neighbors works for a gov contractor in security, and when they mentioned to him that I was going to DC this year for the third year in a row on my own dime, he told them that he thought that was impressive, asked what else I was doing to break in, and asked them to get a copy of my resume to turn in.

I would probably list it on my resume, given that I'm junior junior IT and need anything i can get on there that's not filled ><

Melesse

Re: Mentioning Defcon or other security conferences in resume

I personally would only list DefCon had I been a speaker or if I felt I had contributed in some way. I have learned to negotiate it in during the offer process for the company to pay for it however.

Re: Mentioning Defcon or other security conferences in resume


I put my participation in my local dcg under my extracurricular section, but that's about it.

Re: Mentioning Defcon or other security conferences in resume

I quite proudly list my Defcon speaking appearances in my resume along with many other 'hacker' speaking gigs.

I am in an unusual position however since I have no major formal education on my resume so I need all the 'street cred' I can get.

I think alot depends on who is receiving the resume and if they know what Defcon is and if they will respect it for what it is, further education. Frankly I wouldn't want to work anywhere that considered Defcon attendance as something bad.

Re: Mentioning Defcon or other security conferences in resume

Agreed. I do the same.
Very much true!

Re: Mentioning Defcon or other security conferences in resume

I have my experience with the Wardriving competitions in years past, and also mention other items when I get in the interview. It's a fine line though, depending on who you are applying to and what their perception is.

Re: Mentioning Defcon or other security conferences in resume

I don't put it on the resume but the topic usually comes up during the interview, quite often the person interviewing knows what defcon is and has either attended or is really curious about what happens during it.

Re: Mentioning Defcon or other security conferences in resume

I list it on my resume because its the 'job' I've held for 17 years.

Waaaaaay back in the day I didnt list it on my resume because a lot of tech companies, even some of the same ones that brag about sending people now, had the general idea that hackers were bad. In the case of one employer, they made a big deal about how they don't hire hackers, and thus asked all the hackers they employed to not make a big deal about attending Defcon..you know, because they dont hire us and stuff..

These days its a point of pride on my resume and its played a significant role in getting me in the door for the last few jobs I've had. I just let my sunny personality carry me the rest of the way through the interview.

Re: Mentioning Defcon or other security conferences in resume

Same boat as hex here. I tend to feel out the interviewer and kind of wing it as to how much I do or don't say about cons or any extracurricular activities. Some companies still equate hackers to criminals. Depending on the company, I may use a secondary resume that lists specific cons I attend, but the catch all resume says something to the effect of "attends various industry conferences and trade expos."

Re: Mentioning Defcon or other security conferences in resume

Really anything that shows me you are a programmer (that's what my job is mostly involved in) isn't nearly as important as showing me you've active in the community, and looking to expand your boundaries on your own.

I don't want the kid out of school that took software, I want the kid that has a good handle on software and knows about things like how SVN works, they've worked with some new frameworks and/or contributed to something, they've at least heard of Y-Combinator, rails, they know that there's a new C++ version released recently, the skill set varies depending on the job, but one of the biggest problems I see in programmers are the complete inability to understand security in their applications and think about vectors of attack while creating the code, and a lack of vision/imagination/creativity (which of course is required for the first one).

DC it's self? I'd be impressed, but it wouldn't put you ahead of someone else who is involved in IT circles to the same level. Granted, I'd like you more if I was working on a security layer, or needed that element on the project. Again, my work is more in software design and programming than it is in system/network administration... However, with everything being "pushed to the cloud." someone who understands the OSI model and encryption will get a push above.

<slight rant>
The number of websites out there with disgusting security frameworks/logins... WHAT were these people thinking?! Clearly they didn't stop to think about hackers, and as a hacker it's one of the first things I think about. Filter everything through a common functional point, lock it down, deny outside point access, encrypt, hash, make sure you know what's getting sent over TCP/IP, come on guys... Don't validate based on HTTP-Headers that I'm sending you. Ugh!

</rant>

Re: Mentioning Defcon or other security conferences in resume

I have defcon in my resume but did not add any other information about it. So far no employers have mentioned anything about it or even asked about it - probably because I'm mostly being contacted by recruiters who don't know much about anything. I have a few interviews lined up. If any of the managers mention it, I'll let you know how it goes over.

Re: Mentioning Defcon or other security conferences in resume

For me, it's a CV, but same difference.

I don't list any conferences I attend simply because I attend them. I only list those that I significantly contribute to. If I had a paper accepted, it gets listed along with any speaking appearances.

I hope one day to speak at Defcon, at which point it will definitely be on my CV. But my research is not Defcon worthy as of yet.

Re: Mentioning Defcon or other security conferences in resume

I assume you don't list your handle on the resume... that way when companies hire you to protect them from "the infamous Renderman" you can charge the hell out of them to for a *guarantee* he will never be a threat to their network!

Re: Mentioning Defcon or other security conferences in resume

Showing interest in a conference like Defcon shows dedication and passion, especially when you take your own vacation and money to get there.

I don't list my attendance on my resume, but I've brought it up during interviews before. It all depends on the position you're shooting for, obviously. I lucked out, just saying the name Defcon got me hired on for a stretch assignment and a free trip to BlackHat.

It's all about the audience, and their expectations.