Interns
Recently, there has been a powerful trend in Habré, the beginning of which was given by the post “uneducated youth” - we are discussing young specialists both from the perspective of the employer, that is, business, and from the perspective of the specialists themselves, yesterday or the real students. You can see here and here .
We would like to share analytics on recruitment for internship positions, projects for the development of information security products and services. We tried to approach the description of the process as unceasingly as possible, without going into complex moral dilemmas of the “fathers and children” format. We all were once trainees, young / inexperienced, and all sooner or later we are confronted with the fact that, as they say in ballet, “experience comes — leaps go.”
At the beginning of September, 2 vacancies were opened: intern-researcher and intern-developer.
')
The duties of the trainee-researcher included analyzing vulnerabilities and writing signatures, as well as participating in the investigation of incidents, required experience: knowledge of information security tools, TCP / IP stack, knowledge of regular expressions, it was desirable to have the skills to work with traffic analysis tools.
For the trainee developer, respectively, in the first place were such skills as proficiency in programming languages (Python and C ++), plus was experience in the field of research, data analysis and traffic.
Working conditions: registration under the contract of civil character, employment of 20 hours a week under the flexible schedule and payment of food.
Initially, we planned to give preference to candidates with a specialized education in the field of information security. Later, preferences gradually shifted to the side of the summary, the authors of which could logically and coherently describe what they were doing and what they would like to do. And the point here is not at all in the technique of mastering the epistolary genre and the beauty of the exposition.
An example of a good, good resume intern (with the permission of the author).
This is a resume of a 3rd year student who has no work experience. Nevertheless, the summary can draw conclusions about his skills, background, interests and general purposefulness. From the summary it is clear that the person wants to program, he has his own projects, he does not regret the time for training.
The candidate successfully completed the test task and was interviewed, but, unfortunately, he refused our offer because he could not combine his studies and work.
To anyone who says that an IT candidate is not obliged to write a beautiful resume, I can say:
Beginning researchers were asked this simple enough question:
Later, we replaced the task with a more complex one - we had to write a regular expression that receives all the URLs of pictures from the main page of a certain site. A week after the complication of the test, there was not a single response at all, and we already thought that we didn’t demand much how the tasks started to arrive.
We sent the following test task to future developers:
Of the 64 interns who were sent a test assignment, 15 people sent (in whole or in part).
The first interview was conducted by me, the personnel manager. My task was:
Since the majority of interns of professional and life experience are not enough (they are just a few years old), questions from the field of cross-functional work and teamwork were asked more in a theoretical way.
Then the head of the department and the future trainee head were invited for an interview.
A small remark: almost every future intern began a story about his experience in information security with a description of trying to find a password from a neighbor's Wi-Fi using one of the kali linux utilities :)
This picture is never superfluous.
And now I want to give the floor to senior developer Alexey tugric .
In fact, I didn’t have much experience in conducting a technical interview with students, and the most difficult was to lower the bar of technical requirements for the candidate. Therefore, the questions were completely different, and not always they were of a technical nature. In the end, however banal it might sound, it was important for me not so much to check a huge store of technical knowledge and skills (which the intern students indicate in their resumes), but to understand how a person thinks, reasons and understands his motivation.
Abstract conversation consisted of the following stages:
1) Acquaintance with the candidate and assessment of his psycho-emotional state.
If you can see that a person is very worried, I tried to talk with him on topics that are as comfortable as possible for him: to ask about a hobby, about past projects (according to information from the gita).
2) This was followed by a detailed conversation on the summary.
When it came to skills, if the list was too large, I suggested choosing and talking about those in which the candidate is best oriented.
3) Tricky questions or an attempt to assess the depth of real knowledge and the ability to solve problems. The most interesting part) I asked the candidate about the experience of solving complex, in his opinion, problems and how he solved them. Sometimes I asked a question like, “Do you develop any product in your favorite language and encounter Error 342345. What are your further actions?” And I see how a person thinks.
4) Analysis of the test task. Asked the following questions: What difficulties arose during the execution? What have you learned? How do you rate the quality of your code and what could be improved? and similar ... Sometimes I asked to run, compile, and explain some points in the test task. Requested to compare 2 examples of TK and describe the strengths and weaknesses of each.
Konstantin directs the direction of the study of computer attacks. He conducted interviews with interns for the post of researcher.
Konstantin believes that:
Looking for a middle ground between the level of technical knowledge and motivation, I would say that the 60/40 ratio of motivation to technical knowledge will be perfect. Motivation will be responsible for the aspiration of the applicant to develop and improve in the company, and technical knowledge will determine what level of tasks he will begin to solve immediately after he starts to work. As a good plus, I regard the ability to solve a complex problem: a complex task will show both a person’s acumen and his thinking. Of course, it is desirable for the applicant to tell how he comes to his conclusions while solving test problems; a quick response without explanation to a complex task suggests that a person already knows it.
How to evaluate an intern who has almost no practical experience? For example, invite him to solve a recent practical case from your practice. Find out how often he had to work in a team. Ask to tell the most stressful situations in school / work and how he approached their decision.
The question on which our leaders disagreed: who is better, a theorist or a practitioner? Konstantin gives preference to theorists, since the lack of practice will affect the trainee only in increasing the required time to complete the task, moreover, with adequate workload, the practice will work out pretty quickly on a good theoretical base. While practicing without good knowledge in theory risks losing the quality of their work. Alexei’s opinion: if it were an experienced specialist, it’s certainly more important to practice, because people with practical experience are most often familiar with theory. The converse is not always true.
Both of them are unanimous on this issue: in order to find an interesting internship in a promising company by the 4th - 5th course, you must start programming and try to go on interviews as soon as possible. This is what Konstantin says:
Choose a specific specialty as early as possible and constantly improve it. Look for communities in a given specialty, often they are a huge source of useful practical information. Read more outside university tasks. Constantly practice in English, for any IT specialty is a necessity.
As a result, we recruited 2 interns. Newcomers fully meet our expectations, showed a good level of professional training, were involved. We are sure that they will contribute and will be of great benefit to the company.
And now we give the floor to the interns themselves, Alexander and Mikhail mikeademchenko . After 2 weeks of work in the company, we asked them the following questions:
1. How did you prepare for the interview?
2. Was it scary?
3. Expectations from work?
4. What influenced the decision to choose our company?
5. Which question was the most difficult?
6. Did the expectations come true?
7. What tasks / works were interesting.
Alexander:
1. I do not guarantee that this answer will be correct for those who have not studied or are studying at the university in areas related to security. First of all, it was necessary to recall those related discipline vacancies that do not rebound from the language. For all questions and groups of questions run through Wikipedia. If Wikipedia is written incomprehensibly - digging serious literature, it means that the topic is completely forgotten and it will be painful to plunge into it. Standards, regulations, recommendations, both Russian and global - at least open and run diagonally to remember what they are and what they are about.
2. Not really. It was rather nervous. Maybe this is due to the fact that I am personally not very shy by nature. It's not scary that they can not take it (nevertheless I highly appreciated and understood this), but I really do not want to get help on questions, especially on banal ones.
3. It seems to me that it is easier not to build up expectations so much, so that later I do not re-adjust to something else. I just knew that it should be interesting. Well, hoping. It turned out.
4. There are many factors. Probably, in addition to the subjective (sometimes you look at the sites of companies and do not want to submit resumes there, it's buggy and illogical) the most important thing is the fame of the company. If, relatively speaking, you know that cool is Cisco, Microsoft, Group-IB, InfoTeCS, Positive Technologies and Kaspersky, when your name is there, “FINAL!” Is almost an automatic response, reflex. How do I know them? I hear about them, stumble upon information about them by chance, I see them at conferences, I know about their programs for students, I read them Habr, etc. Well, and the obvious type of having an interesting job, I don’t like a particular direction, and only a cool company needs it. Well, what to do, then no. Specifically, the PM is exceptionally well suited for what I really like. This is the subjective part, of course.
5. I would not say that this can be distinguished. When a question is asked, I usually or I don’t know the answer to it at all and I say so, or I know well enough to try to give a complete and accurate answer. Accordingly, in the first case it is impossible to determine its complexity, and in the second it is always simple for me.
6. Well ... not sure yet that I can already talk about it, because joined not even relatively recently, but VERY recently, but so far rather yes. It will be more correct so - my fears have not come true. It seems that all that I was afraid of is not here. Everything that could go wrong went right.
7. As a newly joined I do not do a lot of tasks so far, so there is no fully correct answer. At the moment I do not miss at all, and the tasks already performed are no less interesting for me than what I would have done on my own initiative at home out of pure interest.
Mikhail mikeademchenko :
1. I repeated the material on the topics indicated in the description of the vacancy, and on the lines of activity I assumed.
2. Yes, a little, if we talk about the level of stress, then I would describe it as a little higher than expected.
3. The expectations were met during the first week, I did what I expected to do.
4. For young specialists in my field of activity there are not many vacancies available, so losing a chance was not excusable. Also interest spurred the presence of a preliminary task. It allowed us to take preparation very seriously and greatly increased involvement. The task well reflected the nature of the work ahead, so to speak the “trial” version of the future activities in the workplace.
5. The overall level of stress during the interview did not allow to quickly assess the complexity of the issue.
6. Yes, absolutely.
7. Interesting all work activities.
In conclusion, I would like to wish our newcomers good luck and finish the post with a description of the interview from the immortal "Interns" of the Strugatsky brothers:
Ilinsky Igor Alexandrovich
He put Yura in front of him, stepped back and asked in a terrible voice: - Do you drink vodka? “No,” answered Yura in a frightened way. - In God you believe? - Not. - Truly interplanetary soul! - Zhilin said with satisfaction. “When we arrive at Tahmasib, I'll let you kiss the key from the starter.”
We would like to share analytics on recruitment for internship positions, projects for the development of information security products and services. We tried to approach the description of the process as unceasingly as possible, without going into complex moral dilemmas of the “fathers and children” format. We all were once trainees, young / inexperienced, and all sooner or later we are confronted with the fact that, as they say in ballet, “experience comes — leaps go.”
At the beginning of September, 2 vacancies were opened: intern-researcher and intern-developer.
')
Who we needed
The duties of the trainee-researcher included analyzing vulnerabilities and writing signatures, as well as participating in the investigation of incidents, required experience: knowledge of information security tools, TCP / IP stack, knowledge of regular expressions, it was desirable to have the skills to work with traffic analysis tools.
For the trainee developer, respectively, in the first place were such skills as proficiency in programming languages (Python and C ++), plus was experience in the field of research, data analysis and traffic.
Working conditions: registration under the contract of civil character, employment of 20 hours a week under the flexible schedule and payment of food.
Initially, we planned to give preference to candidates with a specialized education in the field of information security. Later, preferences gradually shifted to the side of the summary, the authors of which could logically and coherently describe what they were doing and what they would like to do. And the point here is not at all in the technique of mastering the epistolary genre and the beauty of the exposition.
An example of a good, good resume intern (with the permission of the author).
This is a resume of a 3rd year student who has no work experience. Nevertheless, the summary can draw conclusions about his skills, background, interests and general purposefulness. From the summary it is clear that the person wants to program, he has his own projects, he does not regret the time for training.
The candidate successfully completed the test task and was interviewed, but, unfortunately, he refused our offer because he could not combine his studies and work.
To anyone who says that an IT candidate is not obliged to write a beautiful resume, I can say:
- His projects are talking about an experienced developer, the trainee doesn’t have them (yet).
- Resume helps to save time manager. You need to calculate the cost per hour of the lead developer, who will interview everyone.
- Initially, I sent out the test task to almost everyone, regardless of the degree of brevity of the resume, but it was the authors of the “beautiful” who responded.
Test items
Beginning researchers were asked this simple enough question:
Later, we replaced the task with a more complex one - we had to write a regular expression that receives all the URLs of pictures from the main page of a certain site. A week after the complication of the test, there was not a single response at all, and we already thought that we didn’t demand much how the tasks started to arrive.
We sent the following test task to future developers:
Test
Estimated lead time is 1.5 - 2 hours.
You need to create a docker image for a CTF type competition (https://en.wikipedia.org/wiki/Capture_the_flag) on IPC on UNIX systems. The image must contain the application (s) that implement the following tasks:
1) Server application, listens to UDP port 7777 and at any request issues FLAG No. 1 and text information where to look for the second flag (shmkey).
2) The application uses IPC Shared memory and writes FLAG No. 2 at the shmkey address and instructions for searching for the No. 3 flag.
3) The application uses IPC Signals, when a SIGUSR2 signal arrives it issues FLAG3.
The result of the test is the Docker / docker-compose file and the image with the port 7777 forwarded + source codes of tasks.
You can use any programming language.
You need to create a docker image for a CTF type competition (https://en.wikipedia.org/wiki/Capture_the_flag) on IPC on UNIX systems. The image must contain the application (s) that implement the following tasks:
1) Server application, listens to UDP port 7777 and at any request issues FLAG No. 1 and text information where to look for the second flag (shmkey).
2) The application uses IPC Shared memory and writes FLAG No. 2 at the shmkey address and instructions for searching for the No. 3 flag.
3) The application uses IPC Signals, when a SIGUSR2 signal arrives it issues FLAG3.
The result of the test is the Docker / docker-compose file and the image with the port 7777 forwarded + source codes of tasks.
You can use any programming language.
Of the 64 interns who were sent a test assignment, 15 people sent (in whole or in part).
Meet the candidates
The first interview was conducted by me, the personnel manager. My task was:
- tell about the company, about our projects, about working conditions, briefly about the position;
- initially assess motivation, behaviors and skills;
- convey their competent and informed opinion to the head.
Since the majority of interns of professional and life experience are not enough (they are just a few years old), questions from the field of cross-functional work and teamwork were asked more in a theoretical way.
Then the head of the department and the future trainee head were invited for an interview.
A small remark: almost every future intern began a story about his experience in information security with a description of trying to find a password from a neighbor's Wi-Fi using one of the kali linux utilities :)
This picture is never superfluous.
And now I want to give the floor to senior developer Alexey tugric .
In fact, I didn’t have much experience in conducting a technical interview with students, and the most difficult was to lower the bar of technical requirements for the candidate. Therefore, the questions were completely different, and not always they were of a technical nature. In the end, however banal it might sound, it was important for me not so much to check a huge store of technical knowledge and skills (which the intern students indicate in their resumes), but to understand how a person thinks, reasons and understands his motivation.
Abstract conversation consisted of the following stages:
1) Acquaintance with the candidate and assessment of his psycho-emotional state.
If you can see that a person is very worried, I tried to talk with him on topics that are as comfortable as possible for him: to ask about a hobby, about past projects (according to information from the gita).
2) This was followed by a detailed conversation on the summary.
When it came to skills, if the list was too large, I suggested choosing and talking about those in which the candidate is best oriented.
3) Tricky questions or an attempt to assess the depth of real knowledge and the ability to solve problems. The most interesting part) I asked the candidate about the experience of solving complex, in his opinion, problems and how he solved them. Sometimes I asked a question like, “Do you develop any product in your favorite language and encounter Error 342345. What are your further actions?” And I see how a person thinks.
4) Analysis of the test task. Asked the following questions: What difficulties arose during the execution? What have you learned? How do you rate the quality of your code and what could be improved? and similar ... Sometimes I asked to run, compile, and explain some points in the test task. Requested to compare 2 examples of TK and describe the strengths and weaknesses of each.
Konstantin directs the direction of the study of computer attacks. He conducted interviews with interns for the post of researcher.
Konstantin believes that:
Looking for a middle ground between the level of technical knowledge and motivation, I would say that the 60/40 ratio of motivation to technical knowledge will be perfect. Motivation will be responsible for the aspiration of the applicant to develop and improve in the company, and technical knowledge will determine what level of tasks he will begin to solve immediately after he starts to work. As a good plus, I regard the ability to solve a complex problem: a complex task will show both a person’s acumen and his thinking. Of course, it is desirable for the applicant to tell how he comes to his conclusions while solving test problems; a quick response without explanation to a complex task suggests that a person already knows it.
How to evaluate an intern who has almost no practical experience? For example, invite him to solve a recent practical case from your practice. Find out how often he had to work in a team. Ask to tell the most stressful situations in school / work and how he approached their decision.
The question on which our leaders disagreed: who is better, a theorist or a practitioner? Konstantin gives preference to theorists, since the lack of practice will affect the trainee only in increasing the required time to complete the task, moreover, with adequate workload, the practice will work out pretty quickly on a good theoretical base. While practicing without good knowledge in theory risks losing the quality of their work. Alexei’s opinion: if it were an experienced specialist, it’s certainly more important to practice, because people with practical experience are most often familiar with theory. The converse is not always true.
Both of them are unanimous on this issue: in order to find an interesting internship in a promising company by the 4th - 5th course, you must start programming and try to go on interviews as soon as possible. This is what Konstantin says:
Choose a specific specialty as early as possible and constantly improve it. Look for communities in a given specialty, often they are a huge source of useful practical information. Read more outside university tasks. Constantly practice in English, for any IT specialty is a necessity.
As a result, we recruited 2 interns. Newcomers fully meet our expectations, showed a good level of professional training, were involved. We are sure that they will contribute and will be of great benefit to the company.
And now we give the floor to the interns themselves, Alexander and Mikhail mikeademchenko . After 2 weeks of work in the company, we asked them the following questions:
1. How did you prepare for the interview?
2. Was it scary?
3. Expectations from work?
4. What influenced the decision to choose our company?
5. Which question was the most difficult?
6. Did the expectations come true?
7. What tasks / works were interesting.
Alexander:
1. I do not guarantee that this answer will be correct for those who have not studied or are studying at the university in areas related to security. First of all, it was necessary to recall those related discipline vacancies that do not rebound from the language. For all questions and groups of questions run through Wikipedia. If Wikipedia is written incomprehensibly - digging serious literature, it means that the topic is completely forgotten and it will be painful to plunge into it. Standards, regulations, recommendations, both Russian and global - at least open and run diagonally to remember what they are and what they are about.
2. Not really. It was rather nervous. Maybe this is due to the fact that I am personally not very shy by nature. It's not scary that they can not take it (nevertheless I highly appreciated and understood this), but I really do not want to get help on questions, especially on banal ones.
3. It seems to me that it is easier not to build up expectations so much, so that later I do not re-adjust to something else. I just knew that it should be interesting. Well, hoping. It turned out.
4. There are many factors. Probably, in addition to the subjective (sometimes you look at the sites of companies and do not want to submit resumes there, it's buggy and illogical) the most important thing is the fame of the company. If, relatively speaking, you know that cool is Cisco, Microsoft, Group-IB, InfoTeCS, Positive Technologies and Kaspersky, when your name is there, “FINAL!” Is almost an automatic response, reflex. How do I know them? I hear about them, stumble upon information about them by chance, I see them at conferences, I know about their programs for students, I read them Habr, etc. Well, and the obvious type of having an interesting job, I don’t like a particular direction, and only a cool company needs it. Well, what to do, then no. Specifically, the PM is exceptionally well suited for what I really like. This is the subjective part, of course.
5. I would not say that this can be distinguished. When a question is asked, I usually or I don’t know the answer to it at all and I say so, or I know well enough to try to give a complete and accurate answer. Accordingly, in the first case it is impossible to determine its complexity, and in the second it is always simple for me.
6. Well ... not sure yet that I can already talk about it, because joined not even relatively recently, but VERY recently, but so far rather yes. It will be more correct so - my fears have not come true. It seems that all that I was afraid of is not here. Everything that could go wrong went right.
7. As a newly joined I do not do a lot of tasks so far, so there is no fully correct answer. At the moment I do not miss at all, and the tasks already performed are no less interesting for me than what I would have done on my own initiative at home out of pure interest.
Mikhail mikeademchenko :
1. I repeated the material on the topics indicated in the description of the vacancy, and on the lines of activity I assumed.
2. Yes, a little, if we talk about the level of stress, then I would describe it as a little higher than expected.
3. The expectations were met during the first week, I did what I expected to do.
4. For young specialists in my field of activity there are not many vacancies available, so losing a chance was not excusable. Also interest spurred the presence of a preliminary task. It allowed us to take preparation very seriously and greatly increased involvement. The task well reflected the nature of the work ahead, so to speak the “trial” version of the future activities in the workplace.
5. The overall level of stress during the interview did not allow to quickly assess the complexity of the issue.
6. Yes, absolutely.
7. Interesting all work activities.
In conclusion, I would like to wish our newcomers good luck and finish the post with a description of the interview from the immortal "Interns" of the Strugatsky brothers:
Ilinsky Igor Alexandrovich
He put Yura in front of him, stepped back and asked in a terrible voice: - Do you drink vodka? “No,” answered Yura in a frightened way. - In God you believe? - Not. - Truly interplanetary soul! - Zhilin said with satisfaction. “When we arrive at Tahmasib, I'll let you kiss the key from the starter.”
Source: https://habr.com/ru/post/342430/
All Articles