Comments on: 25 Questions to Ask During an Information Security Interview

By: Daniel Miessler

Daniel Miessler — Mon, 29 Aug 2011 21:07:00 +0000

Wow, that’s scary.

By: Security Monkey

Security Monkey — Mon, 29 Aug 2011 17:58:00 +0000

I am witness to many interviews of infosec professionals. I’ve seen these exact questions (literally printed from your website) and asked VERY BADLY. It’s an important point that the interviewer fully understand and be able to answer these questions. Otherwise, using them is a waste. I witnessed a developer using these questions to interview an INFOSEC management candidate. He asked the candidate the ping/port questions and the candidate answered correctly immediately – ICMP. The interviewer said “no, you have to give me a tcp or udp port number”. The interviewee was clearly frustrated and rolling his eyes and trying to be polite. I eventually stepped in and told the interviewer to take a break and I’d finish the interview. Unreal!!!

By: Security Monkey

Security Monkey — Mon, 29 Aug 2011 17:58:00 +0000

By: IT Secure Site » Monday Catchup – 23/05/2011

IT Secure Site » Monday Catchup – 23/05/2011 — Sat, 18 Jun 2011 10:42:30 +0000

[...] Miessler posted “25 Questions to ask during an info-sec interview” here. we enjoyed this post. And no, we didn’t have all a [...]

By: Anonymous

Anonymous — Thu, 16 Jun 2011 11:28:00 +0000

I test them in the SANS 504 class" (or at a hackers conventiuon, or I set up a disposable network at home

Car Auctions

By: Undead Security » Blog Archive » Monday Catchup – 23/05/2011

Undead Security » Blog Archive » Monday Catchup – 23/05/2011 — Thu, 26 May 2011 15:29:27 +0000

[...] Miessler posted “25 Questions to ask during an info-sec interview” here. I enjoyed this post. And no, I didn’t have all the [...]

By: I. Ionescu

I. Ionescu — Wed, 18 May 2011 11:36:24 +0000

Good list.

Some of them I guess should be asked at every technical interview (like the ICMP one), some of them quite security specific. Thanks for putting this out for the community.

I guess the thing we'd all expect from a candidate is "security judgement" skills.

Regards

Ionut

PS: can you guys believe somebody actually thought it's a good idea to spam us about Timerland boots .. on a security topic/ site? ....

By: » * Rekrutacja bezpiecznika -- Niebezpiecznik.pl --

» * Rekrutacja bezpiecznika -- Niebezpiecznik.pl -- — Fri, 13 May 2011 11:16:25 +0000

[...] ciekawych pytań, które warto (?) zadać podczas rekrutowania ludzi na stanowiska związane z bezpieczeństwem [...]

By: Random Nerd...

Random Nerd... — Thu, 05 May 2011 03:35:00 +0000

Create a sandbox environment.. :D

By: Upholstery Cleaning Kendall

Upholstery Cleaning Kendall — Wed, 16 Mar 2011 05:04:00 +0000

This really is the very best post I understand as of these days.

By: Anonymous

Anonymous — Tue, 15 Mar 2011 06:33:00 +0000

Timberland is known globally for providing world class and distinct style shoes. Such shoes can be explored by people of any age, but they are more popular among teenagers. Available in an assortment of designs, colors and sizes, they can surprise any wearer. Timberland Shoes The company introduces boots for working professionals to offer relaxation, dependability and comfort on the job. Timberland shoes are not only trendy and fashionable, but are also lightweight. With a number of shoe manufacturers, Timberland obviously faces stiff competition; therefore it provides high quality products at economical rates. It is seen that Timberland shoes protect feet of individuals irrespective of their age and sex.Reasons behind popularity of Timberland shoesSuch shoes not only protect feet of individuals, but also provide maximum comfort when they go for outdoor activities such as shopping, visiting friends, camping, playing, tripping and so on. They are made by employing suede material; thus they are durable and reliant in all kinds of weather conditions. In fact, such shoes comprise of inbuilt suede materials. Timberland Boots Their feature of being durable and look stylish make them sought after by wearers located anywhere in the world. Their feature of being water resistant makes them one stop solution in the rainy season. Such shoes are durable and reliant; therefore they have been considered as perfect for a number of outdoor activities like hiking, climbing and so on. Timberland shoes are not only perfect for protecting the feet from the dust or cold, but also has become a fashion statement.Knowing about the history of Timberland shoesSince its inception in 1973, the company has been serving its a wide range of clients located anywhere in the world with casual shoes and boots. Later, it has started to manufacture designer shoes. High quality leather, soft suede and unique details are employed to prepare such Cheap Timberland boots shoes; therefore they are demanded by people from all walks of life. In addition, the great fitness and the superior quality features of such shoes attract people.Buying Timberland shoesOnline market has been considered as perfect place to buy different types of Timberland shoes at economical rates. Apart from products, their shipment facility is also economical and reliable.

By: 25 Questions to Ask During an Information Security Interview | danielmiessler.com : Popular Links : eConsultant

Sun, 21 Nov 2010 06:47:35 +0000

By: 25 Questions to Ask During an Information Security Interview | danielmiessler.com « Netcrema – creme de la social news via digg + delicious + stumpleupon + reddit

Sat, 20 Nov 2010 20:12:51 +0000

[...] 25 Questions to Ask During an Information Security Interview | danielmiessler.comdanielmiessler.com [...]

By: Jim

Jim — Sat, 20 Nov 2010 16:45:00 +0000

Umm, I’m not a security expert (just a random unix admin), but I could answer all of those questions.

By: Ilango Al

Ilango Al — Sun, 03 Oct 2010 14:12:00 +0000

amazing list of questions!!!

By: dryanhawley

dryanhawley — Fri, 14 May 2010 01:02:55 +0000

Here is another question. "How do you keep up on hacker tools, and how do you test them?".

The lower skill level answer would be, "I don't! I swore I wouldn't associate with Hackers or use their tools when I got my CISSP!" The "better" IMO
answer would be, "I use a sacrificial lamb computer to get them off The Net"
(because a lot of hacker sites will, in fact, hack you while you get the tool).
As for testing them, the best answer(s) might be "I test them in the SANS 504 class" (or at a hackers conventiuon, or I set up a disposable network at home (or in a detached lab) so as to not be the cause of bringing down production or personal computers. Bonus points for things like, "afterwards I do a 6 pass destructive format on my HD, including boot sectors, and reflash my BIOS from a LINUX booted OS disk, stuff like that.

Reading about them on a security site shows less enthusiasm.

"Know thy enemy"

By: dryanhawley

dryanhawley — Thu, 13 May 2010 20:02:55 +0000

By: 10 Questions To Ask During An Information Security Interview | danielmiessler.com

Thu, 13 May 2010 08:49:59 +0000

[...] InterviewBy Daniel Miessler on January 7th, 2007: Tagged as Career | Jobs | SecurityPost updated here.Related PostsUpdated PGP InformationInternet Security LoveInformation Security: The End of the Wild [...]

By: Hasib

Hasib — Sat, 24 Apr 2010 19:34:12 +0000

Diffie-Hellman is a Key-agreement scheme, it is not a Key-exchange scheme.

By: rathinapandi

rathinapandi — Fri, 27 Feb 2009 11:38:27 +0000

good stuff