[Gllug] how reliable is netcraft?

[David L Neil]

On 12/06/2011 01:39 AM, Jason Clifford wrote:
> On Mon, 2011-12-05 at 12:02 +0000, Simon Wilcox wrote:
>> I'd also second what Shannon said, as a hiring manager I don't want to
>> be told what we're doing wrong, unless I specifically ask. We probably
>> have a pretty good idea ourselves and you don't know the reasons why
>> it's an old version.
>
> A useful caveat to this is that as a candidate you should always
> remember that you are interviewing the company as much as they you and
> if you can see that something they are doing is giving rise to a
> significant risk - ie if the version of the CMS they are running is
> known to be vulnerable to security bugs - how they react to you
> mentioning it may be a good indicator.
>
> Of course you need to determine first whether it would be appropriate to
> do so. An interview with someone who is not part of the team
> specifically managing the website would not be the right place to do so.

May I also warn against setting-up an adversarial attitude? However also 
agree strongly with the concept of mutual-interviewing - again with the 
advice of choosing one's time, eg when they say "is there anything you'd 
like to ask us?" (a deadly silence at this point is never a good-look!).

When the opportunity presents perhaps you could approach it by ASKING a 
question (cf making a statement) and in a fairly round-about way, eg 
enquiring about how they balance security drivers such as rapid patching 
versus the time-sink and cost involved? Should they ask for specifics or 
otherwise respond there may be an opportunity to quote this as an example.

By-and-large I'd be a bit concerned about it though. Rather than 
"latest" might you be better comparing their state to that of 'the 
industry'?

I'd prefer it not to be a one-trick pony show though. If you can figure 
out other public-facing stuff, then that shows your approach to be 
across a broader face.

Another word of warning: they may not host their own web site. In which 
case it is a matter for contract administration (which relationships 
might (not) form part of the rôle) or for the hosting/outsource company. 
If the company itself does 'contract-out' then I'd not hire someone who 
was (or sounds like he is) 'do it all yourself' because every 'new' 
thing becomes a tussle with established policy (a "bad fit") - yet 
another thing to approach constructively rather than by full-frontal 
'attack'!
(or to use as a reason to 'escape' - you don't want a job where you feel 
that you're always banging your head against a brick wall!)

A great question - and some excellent advice in the thread!

-- 
Regards,
=dn
--
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug