lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: keydet89 at (Harlan Carvey)
Subject: Training & Certifications

> I'm not an authority on training as the only
> training I've had is SANS, but
> I can vouch for the quality it.  

Any particular instructors?  I find it hard to believe
that someone who is an instructor at SANS would
endorse tools like inzider.  But I do know other
instructors that are pretty darned good...Jennifer
Kolde, for example.

> ...when I see certain letters, I do pay closer
> attention.  

Which ones?

> I'll break the ice by starting with something
> facetious like "What is the
> first thing you do with a Windows box and the last
> thing you do with a *NIX
> box when you have trouble?" Answer: reboot. 

I agree that would be a good way to break the ice, but
from a professional standpoint, I don't think it's a
great idea.  In the real world, rebooting a Windows
box isn't the first thing you should be doing.  I
might be concerned that with such a question, that
might give the candidate an improper impression of how
the company conducts itself.

The rest of your questions are good ones to ask, but
again, for Robert, I really think it depends on what
sorts of services the company plans to offer.  

> For sysadmins, I ask easier, more system specific
> questions, but for
> security I ask broad, tough questions because of the
> requirements of the
> field. I have only had one person so far, answer all
> correctly.

Keep in mind, though, that depending upon the
questions, what's 'right' may be subjective.

Powered by blists - more mailing lists