Career Village - tales from a hiring manager

all right wonderful thank you for coming out for another Village's talk we have Sasha today a director of engineering at grammarly so I'll let him take it away that way we can Jump Right In quick Round of Applause thank you all right this is working uh thanks for uh the code red folks and B-side also to starting this event um when I was approached to do this presentation I I honestly didn't quite know what to present on uh am I going to go super technical or or not and as I started reflecting and especially grammarly uh is in a hiring boom I'm doing a lot of interviews I was like why don't I share like common mistakes people are doing in my opinion uh some of the people do very well and suddenly hit a wall so this presentation is really about it's not about like the technical skills it's it's really around how do you prepare how do you actually prepare for the interview how do you structure your answer um passing an interview is a skill I have met I have said no to people I legitimately think are very talented but they could not deliver on the interview it didn't surface on the interview either they were too humble or they were in a country or that a little bit kind of a dick or not the nicest people uh so it's like really about how to how to improve that um this presentation and I just as a quick thing it's not for people just looking for a job this is for people looking at their career I think most of you are looking at a career you're not just looking for a quick job uh it applies for people looking for a quick job but it's mostly apply for a career and Landing those roles that that are so important as I mentioned the main thing is about planning you have to organize you have to understand who the company is you have to understand what the role is as well so planning is everything there's some couple of Tricks out there I think the Storm at the uh in terms of answering questions and structure in question uh works very well I see people use it uh what is the situation uh what are the tasks that you've done what are the actions and don't forget the results right so I see a lot of people say oh yeah we did this and that how did how was that measured what was the impact and so on they come in empty-handed or they didn't structure enough where they run out of time to actually go highlight that so the star method works out pretty well and come up with some you know there are certain things that you cannot predict in terms of which coding questions are you're going to be asked and so on but there's certain things that you can control or anticipate for example start writing quesadies around what project you're you've been the most proud of in your career that is actually a case study you can really sit down and think through about that uh what project you delivered that had the high end highest impact that may not be the project you're the most proud of one of the projects I'm the most proud of has been a con a consistent failure I'm still trying to hit it right but I keep trying it the project I've had the most impacts are completely different what is the project you bombed what project did you make critical mistakes what project that was a complete failure or delayed and so on work on those case studies all the interviews at larger company more established company and even the smaller ones are going to ask questions around that right high impact most proud of the one you failed right let's talk about that knowing the employer as well is extremely important right a lot of the employees out there are actually sharing their core values that is an indicator to you and to everyone who they are what they focus on right so I'll give you a few examples of a past employment for me lift right lift is be yourself uplift others and make it happen when you walk through your case studies connect the dots there when did I actually be yourself it's one of my favorite one we hired you for a reason we want you to speak up don't hide in a corner right you're there for a reason uplift others how do you bring on and help somebody failing one of my interview questions at Lyft is what do you do when you see a team about to fail what do you do when you think a team is failing and they don't realize it right there's a depth to God's question by the way these were questions on on the individual contributor uh interview not even a manager interview right um make it happen get it done what did you do to make it happen keep pushing it I see two season lifters out here uh I we went through this right um another one a company which is notorious for their many leadership principles Amazon right they break down for you ahead of time exactly how to structure your interviews by the way a good question to ask your Amazon recruiter what are the top two or three leadership principle the team you interview with are focusing on I cannot and actually I told the recruiter at the time listen you got 14 leadership principle I'm a busy guy I want to prepare but I like which one should I focus on right so the organization I was I was interviewing for they mentioned to me bias for action right invent and simplify this is like heavy engineering where we're rebuilding the payment infrastructure from scratch right from on premise to actually filed invent and simplify was the one of the the key one and ownership nothing is beneath you when did you actually show up and and show through ownership of helping others moving things along um if something needs to be picked up on the floor like you go do it that's really ownership right so you can ask these questions and then and then uh grammarly um we are coming up with leadership principle right now we only share our core value is the eager value right when was like in your case study about project the most proud of or failure or what is the coolest bug you've ever found this is a common question I keep asking how do you connect the dots around being ethical right being honorable earned trust adaptable how are you learning through failures uh greedy show perseverance and long-term goals uh empathetic uh very similar to uplift others that live how do you actually help other people when you when you see them fail or when you think they need help they don't need to ask you actually proactively go do that and be remarkable when nobody is looking you actually do the right thing or you're learning or you're humble so the companies that are sharing those core values gives you sort of a here's how we think build your case study take notes uh when I did my interview I remember at Amazon which was my last interview in person right before covid uh I came with a stack of notes there's not cheat sheet I just showed up prepared so for each of the interviews when I started getting inset when I started getting hint that um they were probing in certain leadership principle I had it all mapped out ownership bias for Action invent and simplify and I had my notes and nobody said anything about it I'm not cheating I just came prepared I came ready to go right that was a hard interview um grammarly very similar is like oh okay where was I empathetic where was I not empathetic and what did I learn from it right so prepare for that now how does that all make sense in terms of security when you build your case study you can actually use and I personally use this uh the CSF framework right so when you build your case study you're showing the core values you're showing your project most productive and so on now connect the dots right security is for example a common thing I see is uh what was the the coolest bug event or what bug where you're the most proud of and then people are describing oh I found this bug it was really cool I filed a ticket and moved on did you actually cover that whole chain right are you actually connecting the dots you may actually get away with that in a pure vulnerability researcher but that's early in your career right even the most senior vulnerability searches I've met actually connected dots across across all of them right so go deeper there actually uh really think through about identify protect the tech and response and recover where did you start in that model where did you carry over where did you learn for example I learned a tremendous amount around detection I developed a tremendous amount of empathy on response and recover right I spent some time with those folks start learning so when I build my case study now I really kind of structure that that way it's like I started here here's where I passed the torch or here's where I carry over forward and don't forget impact what was the impact what did you do I kid you not I meet many many people I always ask the same question so if you ever interview with me I'm giving you some freebies right what bug you're the most proud of why and I stay back and I stay silent and I let the candidate dive into it right um how much time did you spend right so I've seen candidates for example oh yeah I spent several months blah blah blah blah and then what happened oh I filed the ticket okay let me step back depending on how senior they are I may ask a following question was that good use of time you spend a tremendous amount of time finding this vulnerability why did you spend time there did somebody ask you was that your own gut feeling curiosity and you found this thing and then you just walked away was it fixed right is there mitigating factors in it I threw that question back to someone who's like was that town do you think that was time well spent not really right so kind of structure it and impact around the star method which I highly recommend is it's very easy to use what was the situation situation is we had this new hardware or we had a new partner coming in or we're trying to do a new integration that's your situation right your task what are the tasks well the task is we need to go evaluate blah blah blah look at the vulnerabilities for this and so on basically do thread models what are the action that'd be taking the action is I met with the engineering team I've discussed with them I looked at the Timeline I looked at what are the rest the risk rating for that oh there was no risk rating what was the mental motto I came up to help clarify and guide right so you can use a star approach in security interview plus uh I'm so used to surface wise just click and then you connect it back there start showing impact momentum and so on so that's extremely important and I'm so frustrated I meet candidate who I know for some of them I know four or five because I've worked with them before and they fail to go deliver that impact right they fail to really kind of document that it is just a preparation I know they've done it I I had a really solid candidate who I've worked for years recently completely bombing an interview that he should have passed his eyes closed I I know he can deliver and he failed and I was so upset because I was like did you plan oh we planned I got nervous I forgot the plan right so sure question questions well I think in this case I know him hopefully here question was uh oh wow it's loud uh if you knew this guy could execute you knew he could do the job well but he did poorly on the interview isn't it partially the interviewees or the interviewer's fault like of not asking the right questions or showcasing his abilities because you already knew the guy could do it right why would you fail him on this interview if you already knew he could do it why did you make him jump through these hoops you already knew that he could do the job okay uh good it's a good question I could overrule everyone and say screw this I know better I know this person I hire them right but you're not you're not focusing on bringing the person in the culture in there also in this particular case I exclude myself in the interview process I know too much they need to come in and fit in with the culture right it's not because you know someone exceed in certain areas it's about actually gelling with the culture right any company and I won't name names but I'm I know some companies do that right where they they make offer with no interviews more at the highest senior level that is the biggest red flag for me you have no idea who's in there you got one toxic person two toxic person four toxic person ten a hundred right it's a company that's somewhere over there right so I got I got five minutes uh five minutes it's in this Bay Area a long tenure living on government contract for a long time but anyways um so it's not because I I know but they again the skill of the interview is important right am I frustrating that they didn't deliver because I would like to work with him again absolutely but the company has core values and and that's what we're focusing on uh going back to I'll take question at the end okay uh going back to impact so don't forget that also security is measurable so around impact extra point if you bring metrics I there was a metrics I brought it from X to Y there was no metrics I created the metrics awareness is the beginning of change immediately after the metric was created boom we started making process so really think through about metrics vulnerability management metrics when it's time to discover what is time to fix very easy generally easy metrics there's a depth to that uh detection coverage is one of my favorite one with more senior people how do you actually measure detection coverage it's a rat hole there's no perfect answer there's no perfect answer at least I haven't seen one but I sure tried it there's a few metrics there detection tends to gravitate around velocity of execution uh and also quality of the SOP when you write the SOP first your detection tends to be a lot better right um how do you so we've talked about that um understanding also who the customer is speaking the voice of customer this is an Amazon trick but it works at every company every company will work is engineers in you is your customer if you're working on Prozac your customers engineer focus on that if you work on Enterprise security everyone is a customer show the empathy towards the customer and understand what they're actually facing versus always saying they're stupid I've had so many people it's like oh they're so they like they don't get security don't say that I interview you're just failing to communicate that's basically what it is right uh do not forget also the me versus we one of the one thing I've realized uh where I'm failing personally in coaching is I've had several people I've supported before that reported to me in that past interview and the feedback is they're way too humble we don't quite know what they've delivered versus what the team has delivered right so I have to emphasize like this is the time for you I want to know what you you do connected back with the team later alone I move fast together we move further so don't forget actually the interview is about you what have you done I hear so many candidates saying we did this we did that and we come in at the end it's like there's some good scenarios there but we have no clue what that person actually did in a very consistent basis so focus on you we're interviewing you then roll back and how you contributed back to the team and how you supported the team a very quick thing I know I have a few minutes let's dive very briefly on on more I would say skills it is an absolute must in this day and age learn to code right how are you going to scale yourself the environments are more and more complex if emeriel's uh scale so you have to code now I'm not asking around building distributed networks and building distributed systems and so on as simple as I'll have an example print write a function that prints zero to one and every time the number is divisible by two add an asterisk to it they could not do that right some of it were too nervous there's practice round don't make the interview the interview is game day don't make it your practice round right so you can go out there there's interviewing.io and plenty of other companies where you can go do these things I personally use it I remember I did a few interviews I think Meadow was probably the hardest interview technically I've done on coding I would have completely bombed if I didn't practice like facing a blinking cursor and like please solve this algorithm like you have to go you have to do those right I just it wasn't in me I practiced quite a bit I was very nervous but then it wasn't the it wasn't the first time I did it in front of them right so coding learn to communicate oops learn to communicate as well as part of your case study most of the challenge you're going to face are not going to be technical it's about actually driving change within organization and people and and speaking if all you're saying is Doom days scenario they don't get it they don't that I don't know what you don't get is your failing to communicate so work on that skills one of the most important skill as well is self-reflection I emphasize on that self-reflection what are your strengths what are your superpowers what are your weakness at grammarly we have a very peculiar interview called top rating where we walk through your entire career ask the same question what was the role what was the strengthened weakness of your manager what would you think your manager uh say about your strength and weakness and why did you leave for each job we want to see self-reflection thoughtful self-reflection whatever you learned if you're saying your weakness is the same over and over I had a case like that recently it's very clear to me he's stagnating right he's that person is stagnating so very quickly I know I'm about to get booted off um learn how to how uh ask questions during interview come prepare with some meaningful question it starts out with the recruiters initially what was the role what was the style and so on so very important don't ask about money talk to the recruiter first I had a worst case scenario recently someone asked me um do you guys have food for lunch like maybe I'm full of myself but you're talking to the hiring manager and that's the only question you're coming up even strong technically or that person was strong technically but not really prepared not the Right audience and learn to fail gracefully I have candidate asking me hey where did I fail but I know right away is they're going to challenge they're going to argue it's not with good intent you can generally ask people officially they won't give you an answer HR is there and so on but you can reach out to the hiring manager and say like where did I do wrong I'll make a call if I feel it's genuine learning to know I learned to say I don't know during an interview I've had interviews I'm sorry I have no clue there and it was like how would you approach it let's talk to that let's talk about it that way so very important um and thank you we're hiring uh a very quick role a security engineer I am desperately looking for a senior staff engineer on product security I think generative AI uh responsible AI is super hard this is what I've been focusing on all week I have a headache I so security engineer threat Hunters we're looking red teamers were looking uh we're also hiring heavily in Europe uh Germany Portugal and Poland as well so look at the QR code we have planner role and more is more is coming in Q3 uh so anyway I'm sorry I know I went way overtime quick Round of Applause [Applause] all right we have time for a question or two yeah going back to what this fellow said in terms of you had a candidate in front of you he meets the criteria but there's maybe one thing that he's lacking and yes he could have overwritten everyone and gone ahead and hire him you pretty much answered it if he were to reach out to you gracefully and say hey look where did I fail where did I Stumble would you respond to them absolutely yeah abso