I was ghosted by Tenable after spending about 48 hours completing their CTF challenges, so I just posted the interview questions/challenges and my solutions to my GitHub.
It looks like you made the best of a frustrating situation and, at the very least, have an excellent piece for your portfolio.
With the rise in number of new security engineers all competing for few "security research" jobs (security research/hacking is the "I want to be a game developer" of security), you start getting into these convoluted hiring processes. Unlike standard software engineering, there aren't even remotely enough positions to accommodate everyone, so the bar can get absurdly high.
Honestly, if the team is asking CTF questions, they clearly want hires with previous CTF experience and should just do targeted hiring from the top teams at different conferences.
At least send people a free t-shirt if they complete the challenge.
> With the rise in number of new security engineers every year all competing for few "security research" jobs (security research/hacking is the "I want to be a game developer" of security)
I’ll believe it, curious what other options there are for all those other new “security engineers”. Compliance work?
If you're new, it's the same advice as any other field. Find a way to stand out. Build a portfolio, have great grades, come from a good university program, ping contacts from your alumni network, do bug bounties, find and fix issues in open-source, etc.
Generating virtual credit card numbers is kind of a big sell for me. I double any other credit card companies will have anything comparable to Apple's UI/UX of it either.
you can do this with citi and capital one, but yes the UI is terrible. citi requires flash player or an absolutely terrible java desktop app. capital one requires a browser extension
