lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: purdy at tecman.com (Curt Purdy)
Subject: [inbox] Re: Training & Certifications

Robert Repp wrote:
> I'd like to be able to point out a credible
> authority whose
> training informs our work.
<snip>
> I agree that the
> right people and
> skillset is much more important than simply having the right
> certs on the
> lobby wall. Side question: Is there a reliable test you favor when
> interviewing new techs about network administration?

I'm not an authority on training as the only training I've had is SANS, but
I can vouch for the quality it.  My hat size was two sizes bigger when I got
out of there ;)

But I can talk about hiring qualified people for both sysadmin and security
work.  Although a bunch of letters behind the name don't mean everything
(even if they are PHD), when I see certain letters, I do pay closer
attention.  But when it comes to a decision, I usually make it from a 15
minute interview where I ask a series of 5-10 increasingly difficult
questions.

I'll break the ice by starting with something facetious like "What is the
first thing you do with a Windows box and the last thing you do with a *NIX
box when you have trouble?" Answer: reboot. Then I'll go with something like
"How do you see what ports are open and to whom on a Windows box?"  Progress
to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
access on a *NIX box?", and culminate with something like "What is a regular
expression?"

For sysadmins, I ask easier, more system specific questions, but for
security I ask broad, tough questions because of the requirements of the
field. I have only had one person so far, answer all correctly.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


Powered by blists - more mailing lists