[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001c01c41980$6873bbe0$bc00a8c0@LUFKIN.DPSOL.COM>
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Re: Training & Certifications
Robert Repp wrote:
> I'd like to be able to point out a credible
> authority whose
> training informs our work.
<snip>
> I agree that the
> right people and
> skillset is much more important than simply having the right
> certs on the
> lobby wall. Side question: Is there a reliable test you favor when
> interviewing new techs about network administration?
I'm not an authority on training as the only training I've had is SANS, but
I can vouch for the quality it. My hat size was two sizes bigger when I got
out of there ;)
But I can talk about hiring qualified people for both sysadmin and security
work. Although a bunch of letters behind the name don't mean everything
(even if they are PHD), when I see certain letters, I do pay closer
attention. But when it comes to a decision, I usually make it from a 15
minute interview where I ask a series of 5-10 increasingly difficult
questions.
I'll break the ice by starting with something facetious like "What is the
first thing you do with a Windows box and the last thing you do with a *NIX
box when you have trouble?" Answer: reboot. Then I'll go with something like
"How do you see what ports are open and to whom on a Windows box?" Progress
to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
access on a *NIX box?", and culminate with something like "What is a regular
expression?"
For sysadmins, I ask easier, more system specific questions, but for
security I ask broad, tough questions because of the requirements of the
field. I have only had one person so far, answer all correctly.
Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
----------------------------------------
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
Powered by blists - more mailing lists