April 29, 2013
This is Joseph from X, we met earlier today. The team and I are very eager to find a candidate that fits our openings here and were wondering if you’d be able to send over a resume so we can better evaluate your candidacy.
If we decide to go ahead, you’ll receive another email from us in the next day describing how we’ll move forward with the process.
Additionally if you could expand on in your reply the details of any significant work you have done or are doing in the security field. We are interested in class projects and or external research you have undertaken. Code samples are of particular interest as they allow us to gain an insight into your skills. Thus, if you have a github or equivalent with a code base we can look at, feel free to send it through with your resume.
Junior Recruiter at X Technology
Please find attached herewith my resume for your kind perusal.
I have fair bit of knowledge in Networks and Network Security. I am looking for a profile with Networking and Data Analytics work. I am not really into coding although I know programming in C and C++.
We have plenty of openings in Data Analytics however the focus of the programs I’m responsible for are more security, including network security. My team operates mainly on a Java codebase. Do you have any experience in the area?
We’ll also get you to submit a few simple coding exercises and perhaps the code from a previous project to see if you’re a good fit.
If you could answer the following questions it would also be great:
a) Why do you want to work at X?
b) Rate yourself 1-5 on the following technologies:
1. Firewalls Configuration/Snort
2. Network Programming
3. Signals Analysis
5. Scripting (Python/Bash/Ruby)
6. Network Analytics
c) Please list two coding projects you have worked on recently in the security field
d) Please submit a file reverse.c which takes a string as input from stdin and reverses it. We are looking for runtime and clean code.
Thanks for your prompt replies. Our timeframe is short before summer so we are trying to keep things moving quickly.
As I mentioned, I am not really into coding and programming. I have experience of working more on the networks/infrastructure side.
Please find below the answers to your question below –
a) Internet has become such an important commodity in our lives that literally everything can now be done online. But just as everything else, there is flip side to it as well. No doubt internet does make our lives simple and convenient but it can turn our lives upside down in a matter of minutes if our privacy and security get compromised.
I have a strong background in networking and have developed interest in Network Security. Although given the nature of this field, it is really hard to actually share and practice it in real world scenarios. This is where I believe that my knowledge and X’s 9 years of expertise in network security, put together, can really help both of us advance and excel more in the field of network security.
b) 1. Firewalls Configuration/Snort = 2
2. Network Programming = 1
3. Signals Analysis = 4
4. Java = 0
5. Scripting (Python/Bash/Ruby) = 0
6. Network Analytics = 5
c) INTRUSION DETECTION SYSTEM : Designed algorithm for an IDS on C which parses network packets and performs analysis on them. It was also able to extract data from each TCP connection and record it into a file.
d) Attached here.
This all looks great!
If we were to go ahead, you’d likely be in a networks infrastructure role, however all our engineers are required to code from time to time. I’ll go ahead and forward your code on to our engineers.
Just to let you know one other area we are currently looking into is cryptography over the network, including custom engineered versions of SSL/TLS. Our design currently looks at hiding the protocols through clever infrastructure design. In looking into specifically which project you would be working on, it would also be good to know if you had any experience in crypto protocols and defensive infrastructure. In regards to this I have two questions. Firstly, is there a professor I could contact in regards to the syllabus and, secondly is there anything that matches this description that you have engaged in as far as you know.
Finally, if we move on with the interviewing process, what times in the next week are you available to chat with one of our engineers. The interview would be a mixture of coding and network systems analysis.
I am currently pursuing a course – COMPUTER AND NETWORK SECURITY. ( http://www.cis.upenn.edu/~cis551/ )
This course teaches almost all the cryptography algorithms in detail.
So, I have extensive theoretical knowledge about Cryptography and various Network Attacks and their Defenses.
Also, I am well versed with technologies like Kerberos, SSL/TLS, IPSec in theory.
But I do not have any practical experience of working on any of these technologies.
That’s ok, we don’t expect our interns to come in necessarily knowing everything in advance.
Thanks very much for the course page, I will send a follow up to Dr Smith to inquire further in depth into the syllabus.
Could you possibly let me know feasible times in the next week for an interview?
Also, are there any current projects in Java you are working for which a codebase is available for our engineers to review? Even a work in progress is fine. We’re really interested in seeing material and your personal projects from this course given the nature of the internship.
I presume they had you code a standard buffer overflow in C alongside your IDS. No work in any other languages?
Please find attached herewith 2 java source code files. (server.java and client.java)
These are for a basic chat system application. Further, me and my group would be adding some encryption techniques in it (I ll send you those once we start working on it and progress to some level)
I ll be available at different times on different days. So could you give me some days preference which suits you so I could tell my available timing for those particular days.
Also, a request not to mention my name when you email the professor since I am not sure how he would take it. You can just email him and ask your queries in a general way.
<SOURCE CODE ATTACHED>
Thanks very much,
I’ll be sure to forward the code on to our engineers. In terms of dates, Thursday and Friday next week are currently looking best for us. As were are located on the west coast, we are available to interview between 9AM-5PM PDT.
I’ll leave your name out of my request for syllabus information and I may contact him regarding further interaction with the class. The program seems excellent.
All my best,
I would be fine with any time between 2- 5 pm (PDT) on Thursday and Friday.
Please let me know whichever time suits you so I can keep myself available at that time.
Would Friday at 5PM EST work?
Our engineers also took a look at your Java code and asked if you could update them as soon as it’s done. We’re on a short timetable so by Monday morning would be appreciated, if you’re planning on finishing it by then.
I also suggest you do some interview preparation. Review your basic algorithms, data structures, and network theory!
All the best and good luck,
——– Original Message ——–
Subject: Re: X Internship Followup
Date: Thu, April 18, 2013 9:30 pm
We took a look at TARGET’s code. It seems a bit incomplete in terms of the security features at the moment. We were wondering if you could get the candidate to update us as he goes. You know our timeline, we’re looking to get someone in asap, so if you stress that timeliness is important that would be great. Additionally, in regards to interview times, we’d have someone free at 2PM our time.
——– Original Message ——–
Subject: Re: X Internship Followup
Date: Thu, April 18, 2013 8:30 pm
Please find attached some material in java from the candidate, it’s meant to be a secure chat client I believe. Additionally, what times are you free to interview in the next week?
Yes Friday 5 pm EST works for me.
I ll try and send the code by Monday with the security feature. The one which I had sent was just a basic chat system.
Also, I would like to bring into focus that I am not really into coding. Even as regards to the Chat system, I did most of the logic design and the coding was done by my group mates. As you mentioned I would be more suited for Network Infrastructure role rather than software profile.
So, I would really appreciate if you could let you engineer who would be interviewing me know this.
And thanks for the heads up regarding the interview topics.
Please find attached herewith 2 java code files for a chat system with AES encryption.
<SOURCE CODE ATTACHED>
Seems like some good work there. If you update it and want us to see your new code feel free to send it along whenever you can.
Additionally, I have some exciting news and a question for you. I have been informed by Professor Smith that the class has upcoming demos on attack/defense and focusing on network vulnerabilities. I have his permission and now I need yours, to come and watch you demo live. I am happy to bring an engineer and if things work out, this may accelerate the process. We plan on also visiting other teams, but you don’t have to worry about that affecting your chances.
——– Original Message ——–
Subject: Re: CIS551 Security Recruitment
From: X <X@cis.upenn.edu>
Date: Sun, April 21, 2013 11:41 am
To: “joseph@Xrecruiting.com” <joseph@Xrecruiting.com>
I’d be happy to let you and your team come visit my students on Monday during Network Security demos they are undertaking using chat systems they have coded.
Perhaps you could even teach them a thing or two?
On Fri, Apr 19, 2013 at 9:47 AM, joseph@Xrecruitng.com <joseph@Xrecruiting.com> wrote:
Dear Professor Smith,
I work for X Technology (X.com) and recent visited UPenn on a recruiting drive for security engineers. I met with some of your students and they passed on your details.
I’m reaching out to you because I would appreciate further interaction with your class and would be willing to sponsor internships for the best of them if things work out. Is there any good time in the next week for me to come in with a member of my team?
If you have further questions, you can contact our office at 650-494-1574 ext 15. or email me back here. My manager is X (eX@X.com and http://www.linkedin.com/pub/XXXXX). If you require further verification of my credentials, I’d be happy to talk with you. X at Penn is also familiar with me and X’s work, having given us authorization last week to come in.
All the best,
Yes absolutely. You are most welcome. Its this Monday at 4pm in Engineering Building.
Hope to see you there.
My contact no. is REDACTED if you need any help with location or anything.
See you tomorrow.