Comments on: 25 Questions to Ask During an Information Security Interview http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview grep understanding Fri, 19 Mar 2010 22:30:03 -0500 http://wordpress.org/?v=2.9.2 hourly 1 By: rathinapandi http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-241883 rathinapandi Fri, 27 Feb 2009 11:38:27 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-241883 <p>good stuff</p> good stuff

]]> By: rathinapandi http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-240788 rathinapandi Fri, 27 Feb 2009 06:38:27 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-240788 <p>good stuff</p> good stuff

]]> By: MR AKBAR http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-240526 MR AKBAR Mon, 02 Feb 2009 00:37:20 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-240526 <p>VERY NICE LIST EXCELENT:</p> VERY NICE LIST EXCELENT:

]]> By: Daniel Miessler http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-232292 Daniel Miessler Sun, 23 Nov 2008 22:05:59 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-232292 <p>@Curtis Thank you for that.</p> @Curtis Thank you for that.

]]> By: Arik http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-232282 Arik Sun, 23 Nov 2008 21:30:15 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-232282 <p>A network analysis D&D? Ouch.</p> <p>Nice list, Daniel. I think you should float all the easy questions to the top, so that you can vet the incompetent early in the process.</p> <p>What I like to ask a candidate is "what are you best at? what do people come to you about when they need help?" and then drill down into the bits and bytes on that topic. That shows me if they take what they do seriously enough to have an in-depth understanding of it. Also, at some point in time my questions inevitably exceed their knowledge (I might ask about things I don't know about...) and then I expect them to tell me they don't know and will find out. If they try to BS me... NEXT!</p> <p>Also as mentioned I like to ask about the bigger picture, what does it all mean from an organizational point of view.</p> <p>-- Arik</p> A network analysis D&D? Ouch.

Nice list, Daniel. I think you should float all the easy questions to the top, so that you can vet the incompetent early in the process.

What I like to ask a candidate is “what are you best at? what do people come to you about when they need help?” and then drill down into the bits and bytes on that topic. That shows me if they take what they do seriously enough to have an in-depth understanding of it. Also, at some point in time my questions inevitably exceed their knowledge (I might ask about things I don’t know about…) and then I expect them to tell me they don’t know and will find out. If they try to BS me… NEXT!

Also as mentioned I like to ask about the bigger picture, what does it all mean from an organizational point of view.

– Arik

]]> By: Curtis Lassam http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-231604 Curtis Lassam Sat, 22 Nov 2008 05:26:24 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-231604 <blockquote> <p>I sniff the external connection using tcpdump on port 80. Do I see any connections to IP 4.2.2.2?</p> </blockquote> <p>Roll a d20.</p> <p>A one? You don't see any connections to IP 4.2.2.2.</p>

I sniff the external connection using tcpdump on port 80. Do I see any connections to IP 4.2.2.2?

Roll a d20.

A one? You don’t see any connections to IP 4.2.2.2.

]]> By: The Real Steve C http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-231589 The Real Steve C Sat, 22 Nov 2008 04:50:59 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-231589 <p>Nice list, lol</p> Nice list, lol

]]> By: Mark Gamache http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-231314 Mark Gamache Fri, 21 Nov 2008 17:10:03 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-231314 <p>This is great stuff! I've had to argue with seasoned security professionals about DH being subject to MITM. A great follow up on that, they they miss it, is have them whiteboard for you how it works and then watch to see how they react when you white board the key switch. If you see the light bulb go on, they may still be OK. Even professionals take the pre-established trust of a local keystore for granted.</p> This is great stuff! I’ve had to argue with seasoned security professionals about DH being subject to MITM. A great follow up on that, they they miss it, is have them whiteboard for you how it works and then watch to see how they react when you white board the key switch. If you see the light bulb go on, they may still be OK. Even professionals take the pre-established trust of a local keystore for granted.

]]> By: Scott http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-231268 Scott Fri, 21 Nov 2008 14:02:36 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-231268 <p>My favorite question is "Prove to me you can protect my network". Poor candidates begin speaking about technology and solutions, good candidates talk about their previous experience, and great candidates take a high level view of the issue and speak about how they will help promote change, get management on board and begin to address the true scope of this open ended question.</p> My favorite question is “Prove to me you can protect my network”. Poor candidates begin speaking about technology and solutions, good candidates talk about their previous experience, and great candidates take a high level view of the issue and speak about how they will help promote change, get management on board and begin to address the true scope of this open ended question.

]]> By: randy http://danielmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview/comment-page-1#comment-231261 randy Fri, 21 Nov 2008 13:39:25 +0000 http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-231261 <p>Nice list. I've weeded people out before with the ping, tracert, and http vs html questions before. Good stuff!</p> Nice list. I’ve weeded people out before with the ping, tracert, and http vs html questions before. Good stuff!

]]>