lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: keydet89 at (Harlan Carvey)
Subject: Training & Certifications


First, let me say that I completely understand your
need and concern, from a sales perspective.  

> What we're doing is porting customers from
> consultancy by one person to a 
> new, larger business owned by that person as a
> growth move. We're 
> "inheriting" three small (~150 seat) corporations
> and a handful of small 
> (~5-25 seat) office businesses. Almost every
> customer has had some issue 
> with either trojans, hacking attempts, or DoS. As we
> go through the sales 
> process, we're being asked often about all of these.

Sure, makes sense.  I'm sure you're asked about it,
but if these customers don't have any of their own
network or security admins, then one has to wonder how
they arrived at the "trojans, hacking attempts, or
DoS" issues.  I know you're not going to ask this
during the sales process, as it's not a good sales
technique...but still...
> As a salesman, I'd like to be able to point out a
> credible authority whose 
> training informs our work. As a technician, I'm
> interested in making sure 
> our team can get actually useful training. I agree
> that the right people and 
> skillset is much more important than simply having
> the right certs on the lobby wall. 

Well, like I said, certs for the products you're
supporting always help.  MCSEs for Windows systems,
maybe even CISSPs for your upper level folks.  The
thing about the certs is that some vendors
(Checkpoint, MS, etc) have a process set up where,
with a certain number of certified folks, you can be a
"certified reseller", or something similar.

> Side question: Is there a reliable test
> you favor when 
> interviewing new techs about network administration?

When conducting interviews, I take two things into
account:  what is the candidate going to have to do in
the position he/she is interviewing for, and what does
the candidate claim they can do on their resume.  Ask
questions where the candidate has to explain or
describe what they did. If someone claims to be able
to program, give them a small example, and have them
write out the code...on a white board or piece of
paper.  That way, you can see things like how clear
the candidate can write (and explain what they've
done), see how they programmatically cover error
checking, etc.  You can even input it later and see
how close it is to working. 

Another test...get the people you're interviewing to
provide some proof that they have certifications. 
CISSPs have cert numbers (mine is 3608).  I've never
been asked to provide proof of my certification, but
I've found during interviews that some folks who claim
to have the CISSP haven't even take the exam yet.

Hope that helps,


Powered by blists - more mailing lists