lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: purdy at (Curt Purdy)
Subject: [inbox] Re: Training & Certifications

Robert Repp wrote:
> I'd like to be able to point out a credible
> authority whose
> training informs our work.
> I agree that the
> right people and
> skillset is much more important than simply having the right
> certs on the
> lobby wall. Side question: Is there a reliable test you favor when
> interviewing new techs about network administration?

I'm not an authority on training as the only training I've had is SANS, but
I can vouch for the quality it.  My hat size was two sizes bigger when I got
out of there ;)

But I can talk about hiring qualified people for both sysadmin and security
work.  Although a bunch of letters behind the name don't mean everything
(even if they are PHD), when I see certain letters, I do pay closer
attention.  But when it comes to a decision, I usually make it from a 15
minute interview where I ask a series of 5-10 increasingly difficult

I'll break the ice by starting with something facetious like "What is the
first thing you do with a Windows box and the last thing you do with a *NIX
box when you have trouble?" Answer: reboot. Then I'll go with something like
"How do you see what ports are open and to whom on a Windows box?"  Progress
to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
access on a *NIX box?", and culminate with something like "What is a regular

For sysadmins, I ask easier, more system specific questions, but for
security I ask broad, tough questions because of the requirements of the
field. I have only had one person so far, answer all correctly.

Information Security Engineer
DP Solutions


If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

Powered by blists - more mailing lists