How do you avoid wasting time on candidates that are a poor fit? When we advertise for an open position we get a ton of unqualified candidates.
In your post you say, "At my last firm, we had the “first-call” system. Every serious applicant got, on average, 30-45 minutes of director-level time on the phone before any screening began." You seem to continue on from that point. What happens before first-call?
To me, recruiting is two problems: outreach and qualification. You're asking about outreach. How we did outreach is a whole 'nother blog post, and one I'm bound to write soon.
What surprised me about recruiting was how much more important qualification is than outreach. Without good qualification, it almost doesn't matter how good your outreach is, because you're filtering for the same highly visible easily accessible candidates every other firm is looking for. The best-priced talent is buried. What you need is ground-penetrating radar. Clever outreach schemes helped us, but what really let us make our best hires was a qualification process that allowed us to confidently ignore resumes.
We didn't just maintain our team's level of quality by ignoring resumes. We transcended it. We never could have run a resume-based process that would hire people who could use lattice math to break crypto. To hire those people, we needed to select for aptitude, not experience.
I haven't said it anywhere yet, but in case the subtext isn't clear: the person who can implement an attack for which edit/compile/debug takes 4-6 hours also does a pretty great job on every other facet of the software security job. There are aptitudes that are very good proxies for other aptitudes!
Maybe I wasn't clear with my question. Say the company indicates it is hiring and gets 100 interested people. How do you filter them down to serious applicants without looking at resumes? I would argue that isn't so much outreach as it is qualification, as the people are already interested.
Maybe my premise of 100 candidates is incorrect based on how you did outreach?
At Matasano (slash NCC), we get a lot of candidates. We look at resumes so that we have something to break the ice with when we talk to the candidates. We do triage interns using resumes, because we get hundreds over the course of a few weeks, but never for full-time candidates.
How do we figure out which ones are serious? We talk to them, usually give them homework, and then give them work-sample tests. This is not particularly expensive for us, and gives us repeatable, relevant, apples-to-apples metrics on how qualified they are to do the work. This is, as Tom insists, surprisingly easy for us. (Not to say it's easy, but nothing about hiring is easy.)
tptacek mentioned in some other comments that Matasano runs ongoing "Capture-the-flag" contests/games (such as [1]) that basically self-selects interested and interesting candidates for them.
Serious is "testable", in the sense that you can ask them a specific question about the job to see if you get a response. We warm people up on the phone when they're putting special attention into our positions, and give everyone the opportunity to answer work samples (whether they seem serious or not). The point of warming them up is to balance out the effort — we're asking people to spend a few hours on this stuff, it's fair to give them time.
Do you really need to "filter down" your candidate list, though? Given the apparent importance of hiring processes, it seems to be like it may well be worth it to simply go through the process with all 100 of them.
One possibility is to make a very simple but non-standard request in the posting - for example, to submit the answer to an extremely straightforward coding question or some such in their cover letter. That would filter out a lot of the 'shotgun approach' applicants immediately.
In your post you say, "At my last firm, we had the “first-call” system. Every serious applicant got, on average, 30-45 minutes of director-level time on the phone before any screening began." You seem to continue on from that point. What happens before first-call?