Case Studies
Dec 12, 2022
Proving Grounds as a Recruitment Tool
Using OffSec to identify and hire top penetration testing talent
4 min read
Overview
The value of Packetlabs’ assessments is derived from their team’s ability to uncover hard-to find vulnerabilities with persistence, passion,
and creativity. But it’s difficult to measure these soft skills in potential candidates with traditional questions.
Read on to learn how OffSec and Packetlabs partnered to solve this hiring challenge by using Proving Grounds in a unique way.
This is a high stakes, active, real-world and hands-on job, so we can’t just hire based on a resume or a series of interview questions. We need to see them do their thing in real time, and prove they are the best of the best by conquering our rigorous 72-hour hacking challenge.
– Richard Rogerson, Managing Partner of Packetlabs
The Challenge
Packetlabs was looking to distinguish themselves in a market with a wide range of skill sets by recruiting a robust team. Building a team of qualified staff is incredibly challenging, and maintaining their skills is consistently the top priority. Finding and hiring the right staff in a market that’s facing a skill shortage was difficult, and their rigorous six-month 1:1 training process created a bottleneck for business growth.
Packetlabs found that the correct fit for the team is someone who has above-average curiosity, passion for ethical hacking, and attention to detail. In an industry where actions say more than words, these skills are incredibly challenging to assess in traditional interviews.
It quickly became apparent that in order to connect with the best pool of applicants and judge their performance in a realworld environment, a capture the flag (CTF) assessment would be necessary.
The Solution
As the industry leader in practical security training, Packetlabs turned to OffSec for help. In discussions, it was clear that using the Proving Grounds Enterprise solution would be the best way to evaluate candidates. OffSec’s motto of “Try Harder” is ingrained in every Packetlabs team member, with several certifications such as OSCP, OSCE, and OSWE being mandatory. Proving Grounds was exactly what Packetlabs was looking for to solve their hiring challenge.
Instead of a traditional approach to recruitment, Packetlabs ran a national campaign to help attract the right applicants. After applying for the role, applicants were reviewed, and the top 20 were entered into the 72-hour OffSec Proving Grounds challenge. Seventy-two hours was not mandatory, but it was important to provide enough time for applicants to navigate through a long list of scenarios including phishing; mobile, infrastructure, and web application vulnerabilities; man-in-the-middle attacks; and custom exploit development.
Importantly, Packetlabs was also able to watch applicants tackle the challenge in real time. This was crucial to see who was trying harder, and how quickly they were able to solve various problems.
The Outcome
The results of the Proving Grounds investment speak for themselves. The challenge successfully helped identify potential weaknesses or shortcomings in candidates, allowing Packetlabs to hire with confidence.
A surprising observation was the differences between those who had earned OffSec certifications, and those who hadn’t. Packetlabs found that OSCP candidates obtained between 120 and 800 points out of 1850 available, from findings that included web application vulnerabilities, missing security patches, Active Directory privilege escalation attacks, and custom exploit development. Conversely, the applicants without OffSec certifications primarily found a single vulnerability from 2015, or gave up entirely.
A real-world solution like Proving Grounds is exactly as the name describes — a place to prove skills and set oneself apart. OffSec has been a massive part of what enables Packetlabs to protect organizations across the globe.
About Us
OFFSEC
OffSec was founded in 2006 by and for information security professionals. Today, we’re best known for the Offensive Security Certified Professional (OSCP) certification, the Kali Linux security distribution platform, and our motto: “Try Harder.” With courses available in penetration testing, wireless security, and web application security, OffSec offers training in key information security areas. Course levels range from foundational to expert. Each course teaches not only the skills needed to succeed in information security, but also the mindset.
PACKETLABS
Packetlabs consists of ethical hackers specializing in real-world simulated cyber-attacks to protect organizations. Our slogan, Ready for more than a VA scan?® proves its commitment to the industry to provide only expert-level penetration testing. The Packetlabs team of consultants think outside the box to find weaknesses others overlook, and continuously learn new ways to evade controls in modern networks. Packetlabs refuses to compromise on the thoroughness of their testing and will never outsource engagements.
Latest from OffSec
Enterprise Security
How to Become the Company Top Cyber Talent Wants to Join
Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.
Dec 4, 2024
5 min read
OffSec News
Evolve APAC 2024: Key Insights
Discover key insights from Evolve APAC 2024 on building skills, career growth, and tackling cybersecurity challenges with expert advice.
Nov 21, 2024
8 min read
Enterprise Security
How to Use Assessments for a Skills Gap Analysis
Discover how OffSec’s Learning Paths help organizations perform skills gap analyses, validate expertise, and strengthen cybersecurity teams.
Nov 19, 2024
4 min read