I had a quick look at your hiring process[1] (thank you for sharing this, btw).
I have a few questions:
* Are junior hires expected to be able to complete / pass all three challenges (pentesting, fuzzer, custom protocol analysis)?
* If not - how does the hiring / challenge process differ for junior hires?
* Assume good problem solving skills, effective (written and verbal) communication skills and an ability to program. What else do you like to see in a junior hire?
Ultimately, I'm trying to suss out the breadth / depth of self-instruction I need to undertake to pass interviews and perform successfully on the job as a new junior staff member at Matasano, or another selective / reputable company like it. Any other advice you could offer a developer making a transition to appsec would be much appreciated! :)
Best answer is to apply! We do some coaching at the start of the process and work with you to figure out how to get where you need to be. Some folks get through the process in a couple weeks, some take a couple years.
Less good (but easier) answers:
* Yes, everyone does all the challenges (though we've retired the fuzzer challenge, it wasn't a good predictor of consulting success).
* Our most successful candidates are motivated, curious, and clever.
I have a few questions:
* Are junior hires expected to be able to complete / pass all three challenges (pentesting, fuzzer, custom protocol analysis)?
* If not - how does the hiring / challenge process differ for junior hires?
* Assume good problem solving skills, effective (written and verbal) communication skills and an ability to program. What else do you like to see in a junior hire?
Ultimately, I'm trying to suss out the breadth / depth of self-instruction I need to undertake to pass interviews and perform successfully on the job as a new junior staff member at Matasano, or another selective / reputable company like it. Any other advice you could offer a developer making a transition to appsec would be much appreciated! :)
Cheers!
[1] - http://matasano.com/careers/
Edit - Found this: http://krebsonsecurity.com/2012/06/how-to-break-into-securit... - pretty comprehensive advice. Still curious about the interviews and what you guys look for though!