[Gllug] how reliable is netcraft?
David L Neil
GLLUG at GetAroundToIt.co.uk
Mon Dec 5 18:50:14 UTC 2011
On 12/06/2011 01:39 AM, Jason Clifford wrote:
> On Mon, 2011-12-05 at 12:02 +0000, Simon Wilcox wrote:
>> I'd also second what Shannon said, as a hiring manager I don't want to
>> be told what we're doing wrong, unless I specifically ask. We probably
>> have a pretty good idea ourselves and you don't know the reasons why
>> it's an old version.
>
> A useful caveat to this is that as a candidate you should always
> remember that you are interviewing the company as much as they you and
> if you can see that something they are doing is giving rise to a
> significant risk - ie if the version of the CMS they are running is
> known to be vulnerable to security bugs - how they react to you
> mentioning it may be a good indicator.
>
> Of course you need to determine first whether it would be appropriate to
> do so. An interview with someone who is not part of the team
> specifically managing the website would not be the right place to do so.
May I also warn against setting-up an adversarial attitude? However also
agree strongly with the concept of mutual-interviewing - again with the
advice of choosing one's time, eg when they say "is there anything you'd
like to ask us?" (a deadly silence at this point is never a good-look!).
When the opportunity presents perhaps you could approach it by ASKING a
question (cf making a statement) and in a fairly round-about way, eg
enquiring about how they balance security drivers such as rapid patching
versus the time-sink and cost involved? Should they ask for specifics or
otherwise respond there may be an opportunity to quote this as an example.
By-and-large I'd be a bit concerned about it though. Rather than
"latest" might you be better comparing their state to that of 'the
industry'?
I'd prefer it not to be a one-trick pony show though. If you can figure
out other public-facing stuff, then that shows your approach to be
across a broader face.
Another word of warning: they may not host their own web site. In which
case it is a matter for contract administration (which relationships
might (not) form part of the rôle) or for the hosting/outsource company.
If the company itself does 'contract-out' then I'd not hire someone who
was (or sounds like he is) 'do it all yourself' because every 'new'
thing becomes a tussle with established policy (a "bad fit") - yet
another thing to approach constructively rather than by full-frontal
'attack'!
(or to use as a reason to 'escape' - you don't want a job where you feel
that you're always banging your head against a brick wall!)
A great question - and some excellent advice in the thread!
--
Regards,
=dn
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list