RE: [inbox] Re: [Full-Disclosure] Training & Certifications

From: Curt Purdy (
Date: 04/03/04

  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"
    To: "'Robert Repp'" <>, <>, <>
    Date: Sat, 3 Apr 2004 07:34:35 -0600

    Robert Repp wrote:
    > I'd like to be able to point out a credible
    > authority whose
    > training informs our work.
    > I agree that the
    > right people and
    > skillset is much more important than simply having the right
    > certs on the
    > lobby wall. Side question: Is there a reliable test you favor when
    > interviewing new techs about network administration?

    I'm not an authority on training as the only training I've had is SANS, but
    I can vouch for the quality it. My hat size was two sizes bigger when I got
    out of there ;)

    But I can talk about hiring qualified people for both sysadmin and security
    work. Although a bunch of letters behind the name don't mean everything
    (even if they are PHD), when I see certain letters, I do pay closer
    attention. But when it comes to a decision, I usually make it from a 15
    minute interview where I ask a series of 5-10 increasingly difficult

    I'll break the ice by starting with something facetious like "What is the
    first thing you do with a Windows box and the last thing you do with a *NIX
    box when you have trouble?" Answer: reboot. Then I'll go with something like
    "How do you see what ports are open and to whom on a Windows box?" Progress
    to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
    access on a *NIX box?", and culminate with something like "What is a regular

    For sysadmins, I ask easier, more system specific questions, but for
    security I ask broad, tough questions because of the requirements of the
    field. I have only had one person so far, answer all correctly.

    Information Security Engineer
    DP Solutions


    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    Full-Disclosure - We believe in it.

  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"