Hacker News new | past | comments | ask | show | jobs | submit login

Zero prior cryptography experience. Zero work history in software security. Hired through a resume-blind work-sample process. Goes on to successfully implement a crypto attack that fewer than 10 people in the world have probably ever implemented before, one that requires debugging a lattice reduction step that takes 6 hours to run before you get to the part where you use a Fourier transform to postprocess the result.

Or: Zero prior software security experience. Zero prior Rails experience. Zero prior Ruby experience. Hired through a resume-blind work-sample process. Looks at Rails for the first time, 30 minutes later reports a vulnerability that results in a CVE and a Rails patch. Repeats. Now runs Rails internal review board.

I have other examples. Worth knowing: we aren't Rails neophytes (for instance, we're one of the firms that reported the YAML code execution bug) or for that matter crypto neophytes.

It's not about what technologies you use; I don't so much care whether someone writes .NET code. It's the "absolutely no prior work experience doing this and no flashy resume to get them in the door" that stick out to me.




Some of the best software engineers are .NET and Java software developers. These are the guys running massive systems, but no one ever hears about because its boring government/corporate work. But that work is infact the most challenging. Imagine the amount of transactions a bank has to handle every day, without fail!

It's just that Hacker News biased to a certain section of society.


And they tend to be complex systems with a lot of edge cases and you start getting a feel where all the edge cases actually lurk.


Did this guy have a math background? Was he coming up with the solution to the problems on his own from scratch?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: