RE: [inbox] Re: [Full-Disclosure] Training & Certifications

From: Curt Purdy (purdy_at_tecman.com)
Date: 04/03/04

  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"
    To: "'Robert Repp'" <robertrepp@hotmail.com>, <keydet89@yahoo.com>, <exibar@thelair.com>
    Date: Sat, 3 Apr 2004 07:34:35 -0600
    
    

    Robert Repp wrote:
    > I'd like to be able to point out a credible
    > authority whose
    > training informs our work.
    <snip>
    > I agree that the
    > right people and
    > skillset is much more important than simply having the right
    > certs on the
    > lobby wall. Side question: Is there a reliable test you favor when
    > interviewing new techs about network administration?

    I'm not an authority on training as the only training I've had is SANS, but
    I can vouch for the quality it. My hat size was two sizes bigger when I got
    out of there ;)

    But I can talk about hiring qualified people for both sysadmin and security
    work. Although a bunch of letters behind the name don't mean everything
    (even if they are PHD), when I see certain letters, I do pay closer
    attention. But when it comes to a decision, I usually make it from a 15
    minute interview where I ask a series of 5-10 increasingly difficult
    questions.

    I'll break the ice by starting with something facetious like "What is the
    first thing you do with a Windows box and the last thing you do with a *NIX
    box when you have trouble?" Answer: reboot. Then I'll go with something like
    "How do you see what ports are open and to whom on a Windows box?" Progress
    to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
    access on a *NIX box?", and culminate with something like "What is a regular
    expression?"

    For sysadmins, I ask easier, more system specific questions, but for
    security I ask broad, tough questions because of the requirements of the
    field. I have only had one person so far, answer all correctly.

    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"