Viss@da_667@infosec.exchange i tried to do the mentor thing. i gave up after fourteen tries.
da_667@Viss@mastodon.social this is a paid internship. I'm not even really mentoring him per se, he just keeps asking for assignments from everyone like this is supposed to be homework or something. I'm just doing my best to be nice, and try to guid him along.
Viss@da_667@infosec.exchange its plausible this guy is gonna pad his resume with this shit, call himself an expert, then bail out to another shop and try to get a mid-level job and gpt-up his resume
da_667@Viss@mastodon.social reminder that everyone we gave our take-home test to, all from prestigious universities -- UCLA, Mitre, I think we even had a NYU candidate who claimed he made a CTF challenge for CSAW. They all used AI to answer the questions.
Viss@da_667@infosec.exchange that should have been a canary to shitcan applicants
da_667@Viss@mastodon.social So I do wanna address this, because yes, you're absolutely right. The first three candidates, me another one of my co-workers, whom I respect very much both began comparing their answers to chatgpt and copilot AI output.
We both noticed that , aside from changing a few things around, and changing the order or some output, it was very close to the AI's output. And for the first two rounds of resumes (that is, three resumes were considered a single round), we flat-out rejected candidates who we knew from analysis were just using AI.
da_667@Viss@mastodon.social But then the hiring process was dragging on and the choice was "Warm body in the intern's seat, or nobody at all." and we choose to settle with someone being in the chair.
da_667@Viss@mastodon.social in retrospect, if I had any notion that he was padding his resume so heavily, I would've settled for nothing, and yet, here we are.
John Timaeus@da_667@infosec.exchange @Viss@mastodon.social
Trying not to sound like the grumpy curmudgeon that I am, but the best informed, most trainable segment is 40-something.
I just had a class of 20-30ish year olds that knocked it out of the park. But they were heavily pre-selected for smart and experienced. They were the exception.
It seems most under 35ish can't find a file without search, or read and parse an error message. And 45+ can't learn unless they're already well into the discipline.
Viss@johntimaeus@infosec.exchange @da_667@infosec.exchange i have literally said for like fifteen years that security is not a starter career. and its nice that folks are finally realizing that to be effective in security you have to take existing knowledge of stuff and "then abuse what you already know"