I took a voice note walking out of OFTW v3 in London. This is what it said.
Companies don’t hire on technical knowledge#
This was the most repeated theme across the panel. The people hiring you — especially at the senior level — care more about whether you’re genuinely curious and driven than whether you can rattle off CVE numbers or pass a technical quiz.
If you can show real passion for a specific area of security, they will teach you the rest. The technical content is learnable. The drive and curiosity either exists or it doesn’t, and experienced people can tell within a conversation.
This was said by practitioners who work in Apple security, threat intelligence, and incident response — people doing the actual hiring at the companies you’d want to work at.
Soft skills are underrated#
Articulation. Communication. Being able to explain a technical concept to someone who isn’t technical. Showing up to things and being present in a community.
These carry more weight than most students expect. A candidate who can explain what they’re working on clearly and who visibly cares about the field is more valuable than someone who scores higher on a technical test but gives nothing in conversation.
Proof of interest beats proof of knowledge#
Two things that came up repeatedly:
Attending events and conferences consistently. Not just once. Showing up regularly signals sustained interest in a way that a CV line can’t replicate. Anyone can list “attended conference X” — but people who keep showing up are easy to distinguish from people who went once for the LinkedIn post.
Writing publicly about things you actually care about. A blog, even a short one, where you’re clearly working through something real. The key word is actually — panellists were clear that writing about things you’re not interested in leads to burnout fast. Write about the stuff that genuinely interests you, even if it feels niche.
Reading deeply matters more than a degree#
One of the panellists said something that stuck with me: two books deeply read and properly understood — where you’ve worked through the examples, understood the internals, maybe built something from it — carry more weight in their eyes than a university degree in the subject.
For Apple security specifically, The Art of Mac Malware by Patrick Wardle came up. It’s free online. It’s the closest thing to a proper curriculum for this space that exists.
Don’t self-reject#
Apply to things even when you feel underqualified. The worst outcome is a no — which is where you’d be anyway if you didn’t apply. Several people in that room, including the panellists, got into the field by applying to things they weren’t sure they deserved.
I came out of that panel and immediately started this blog.