Friday, February 18, 2011

Job Recruiters -falling industry?

It's a good time to express my disgust with today's job recruiters.

The Google rules the world of search but when it goes to the keywords in your becomes a nightmare. First of all, many job recruiter firms are hiring foreigners or just simply outsource the service in order to save money and have more profit. The result of it is a huge number of e-mails to the potential job candidates that are based on found keywords in the resume posted online.

 In 95% of cases (based on my own statistics), the job recruiters are clueless about:
 1. Your actual technical skills
 2. Where your home is located relative to the company that has a job position opened
3. About your actual technical level (beginner, advanced, expert; entry-level or senior)

 With over 20 years of experience in IT world and the combination of Information Security, Web Design, and LAN/WAN Administration and Management, several industry certifications including CISSP, I have been offered the following jobs as:

 a) A Desktop Support Technician
b) A C++ programmer (I have never programmed in my life)
c) A Java programmer (just last week)
d) An Oracle programmer (because I used Oracle Hyperion Reporting software)
e) A Senior PHP programmer (I used some ready-to-use PHP scripts in old projects)
f) A Help Desk Technician
g) A SAP programmer (I don’t have anything in my resume that would point to SAP!)
h) LAN Administrator for $30/h

… not to mention a number of jobs with about 1.5-2 hrs commute or, in most of the cases, out of my city for temporary to permanent assignment.

Well, I would understand those folks who lost the job and are willing to go anywhere just to get back on track but as I clearly indicated in my resume, thanks G-d, I have the job and it is 8 miles away from my home. What kind of money the employer can offer to compensate my hours in the traffic, the part of my life that would never be repeated?

 Today’s job recruiters are not willing to even read your resume through to understand who you are and what you are capable of – they are just working with the keywords in your resume – not with you. I don’t want to say that ALL of the job recruiters are the same. There is some exclusion. Those recruiters who are willing to make an extra step and research the information on social networking sites (particularly, are more successful what results in better job placement and satisfaction.

 However, the most of the e-mails I have received are telling me one thing: the job recruiter is a low-qualification person who did not read your resume and probably has no clue about IT world at all, not to mention that he/she is not familiar with the geography and traffic in your area.

As with any industry, the quality of product or service should grow as time goes but in this case I believe the job recruitment industry is degrading slowly but surely. Many online readers and writers complained too, so, I am not along. Is there any expectation that the thing will improve in the future? Maybe it’s just a temporary “illness” of this industry? Who knows? Let’s hope. Until then, think about your resume as an SEO by optimizing it for Google keywords.

April 2014 update.
My hope for improvement is lost. The things became even worse. The flaw of unqualified foreigners who were subcontracted (and maybe located oversees) by the HR departments or growing like mushrooms job recruiting companies is overwhelming.
Considering my experience with hundreds of useless e-mails with job opportunities, I have inserted the request in my resume NOT TO CONTACT ME if the company location is further than 15-20 miles from my home address (in red ink!). Guess what?
No reaction! I am still getting useless job descriptions from hundreds (!) of so-called "job recruiters" who you can barely understand when they decided to call you if you just delete their e-mails.

If some of the happen to read this blog, please (!!) use the following rules:
1) Get the IT training in the filed you are hiring;
2) Read the resume first to understand the actual qualification;
3) Don't rely only on keywords - the search results can be confusing and misleading!
4) PLEASE don't bother people if you did not follow the 3 rules above.

Good luck everyone!

Thursday, January 13, 2011


There is no reason to explain again that today’s computing is not possible without adequate protection against viruses, malware, botnets, and all other cyber “weapons”. You probably are overwhelmed with a number of articles, experts’ advices, webinars, and various tutorials about user awareness the same way as I am.
What I want to add to this is to describe the face of real danger, the danger that the majority of computer users are not aware about. The new hacking technique and tools will make your security protection tools like a toy for kids. In my March 2010 article I have suggested a set of software tools to protect your computers (perhaps from all known malware).
What I have learned that after Stuxnet cyberattack became known and was described in more-less details, many security professionals have revised the entire approach to the security protection. The common denominator for all opinions is the fact that our commonly accepted approach to IT security is not working anymore due to the new and highly sophisticated penetration tools that were developed recently. No, I am not going to discuss Stuxnet and similar, highly sophisticated software that was discussed on the Internet widely but rater down-to-earth penetration tools that is available today.
The goal of this article is to make more people aware that our poor antivirus programs may protect you from only 20 to 30% of today’s penetration software.  Disagree?
Just today, I got an e-mail from “Hakin9 Mewsletter” with the following content. As is (no spell correction):
“Russia Hackers are pleased to announce RH2.5 KIT ver 2011
that people can use to hack & secure computer systems by
knowing exactly how a hacker would break into it.

Collection of Advanced Hacking Guides & Tools.
PDF Guide:

1. Advanced Hacking Guide with MEtasploit
2. Malware Development (RATS, botnets, Rootkits)
3. Convert exe into PDF, XLS, DOC, JPG
4. Exploit development guide
5. Tech Tricks (Spoofing-Sms,email,call)
6. Download any Apple Apps Free of cost
7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard
9. Spreading guide to Infect 100K/Victims per day
10. Advanced Email Hacking Tricks
11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites
Hacking Marketplace


{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable- bypass all AV Scantime,runtime)
2. Java Driveby FUD (deploy your exe by URL on target)
3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)
5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target)
7. Ice pack Enterprise (execute exe using php script)
8. Bleeding_Life_V2_pack /Other Packs
1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)
2. VPN Double + Triple Encrypted (Hide your real Ip Address)
3. Fake Emailer with attachment
4. Email Bomber (Send 1 million emails into Inbox)
5. DDOS Attacks Shells
Hire a Hacker
for Offensive and Defensive services, Internal on-site penetration testing gives
the business the assurance it needs to conduct safely in the Internet and with business partners.

Email at: or
Visit Site
First of all, I am a subscriber of Hackin9 IT Security Magazine, and I am getting the news about new development in the world of IT Security. Normally, the e-mail address field “FROM” looks like this:
Hakin9 Magazine
This time, it was slightly different:
Hakin9 Mewsletter
As you see above (and I have no doubts considering miss-spells and ignorance of normal technical English) , the content of e-mail was pure advertisement with a link to the live web site that offers the both sets of tools correspondingly for $100 and $250USD.
My guess is that my e-mail account was hacked along with many others, and the Russian hackers e-mailed the information about their “products”.
Let me be honest, I am not so worrying about hacking of my e-mail account but about the “products” offered on the web site.
Let’s review some.
Convert exe into PDF, XLS, DOC, JPG
This one is the most troubling “products”. Just imagine that you are getting the file attached to your e-mail with one of the named above extensions and are trying to open it. The file immediately executes the built-in code, and voila! Your PC is infected. Does anti-virus or firewall can prevent it? I honestly doubt…
Polymorphic Crypters (to make Files undetectable- bypass all AV Scantime, runtime)
No need to give an explanation – this code will bypass all Antimalware programs.
Spreading guide to Infect 100K/Victims per day
Tutorial on how to infect hundreds of thousands of PC users per day!
SET(Social Engineering Toolkit) module 
Welcome to infected Facebook and Twitter!
Netbanking Hacking-bypass Virtual Keyboard
Do you use online banking? I do, and most of my friends do, and most of their friends do, too! Now, imagine you have opened one of the infected e-mails (or e-mails with infected attachment), and you will be faced with a nasty surprise: your account has zero balance! It also could happen on-the-fly, while you are logging into your banking account.
Immunity Canvas (Hack remote PC with IP address)
If the hacker knows the IP address of your PC, it can be hacked with this tool. You are no longer a single Administrator of your computer. You will share it with “nasty boys” who can speak not only English but also Russian or Chinese! A simple IP scanner (like free LanSpy) will help to identify your computer’s hardware, operating system, many installed programs, computer domain and NetBios names, MAC address, remote control, time, discs, transports, users, global and local users groups, policy settings, shared resources, sessions, open files, services, registry and event log information. Nothing on the remote computer is hidden from them now…
Welcome to the hacking world!
Should I continue?
You may want to ask “what should I do?” I’d be very much glad and happy if I could give you a definite answer but I don’t have one. The minimum of what you can do is to EDUCATE – yourself, your family and friends, friends of your friends, and, of course, corporate users if you are responsible for secure computing at your organization. So, instead of reading stupid chain e-mails that try to scare you if you don’t resend them immediately to another 10 people (nice way to spread the malware!) your fellow citizens will read and forward the information about how to conduct the secure computing and not to become the victims of cyber-gangsters.
As for the tools that I have suggested in my previous article, they are still vital. It’s better to have some basic protection + knowledge of secure computing than to ignore it completely because those tools do not provide 100% security.
Happy and secure computing in 2011!