RE: [inbox] Re: [Full-Disclosure] Training & Certifications

From: Curt Purdy (purdy_at_tecman.com)
Date: 04/03/04

  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"
    To: "'Robert Repp'" <robertrepp@hotmail.com>, <keydet89@yahoo.com>, <exibar@thelair.com>
    Date: Sat, 3 Apr 2004 07:34:35 -0600
    
    

    Robert Repp wrote:
    > I'd like to be able to point out a credible
    > authority whose
    > training informs our work.
    <snip>
    > I agree that the
    > right people and
    > skillset is much more important than simply having the right
    > certs on the
    > lobby wall. Side question: Is there a reliable test you favor when
    > interviewing new techs about network administration?

    I'm not an authority on training as the only training I've had is SANS, but
    I can vouch for the quality it. My hat size was two sizes bigger when I got
    out of there ;)

    But I can talk about hiring qualified people for both sysadmin and security
    work. Although a bunch of letters behind the name don't mean everything
    (even if they are PHD), when I see certain letters, I do pay closer
    attention. But when it comes to a decision, I usually make it from a 15
    minute interview where I ask a series of 5-10 increasingly difficult
    questions.

    I'll break the ice by starting with something facetious like "What is the
    first thing you do with a Windows box and the last thing you do with a *NIX
    box when you have trouble?" Answer: reboot. Then I'll go with something like
    "How do you see what ports are open and to whom on a Windows box?" Progress
    to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
    access on a *NIX box?", and culminate with something like "What is a regular
    expression?"

    For sysadmins, I ask easier, more system specific questions, but for
    security I ask broad, tough questions because of the requirements of the
    field. I have only had one person so far, answer all correctly.

    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Harlan Carvey: "Re: [Full-Disclosure] Training & Certifications"

    Relevant Pages

    • [Full-Disclosure] Re: MS-02-052 + blackholing MS
      ... > with an eye towards security, I look at the long-term track record of ... windows server products can be locked down. ... > free *nix equivalent - FreeBSD, ... They reboot their 200 Win servers every night to make ...
      (Full-Disclosure)
    • RE: CEH training
      ... Windows are simply ported over from the *nix world. ... CISO, Security and Infrastructure Services ... Subject: CEH training ...
      (Pen-Test)
    • RE: [Full-Disclosure] M$ Getting Better?
      ... I worked on *nix before I started on anything from MS. ... speak *nix in meetings just like I don't say I can speak Windows API. ... My issue with this list isn't that people are about security, ... Could I secure a *nix system? ...
      (Full-Disclosure)
    • Re: Security rankings
      ... post with many other researchers posting similar findings. ... reasoning is that it's simpler and this simplicity also applies to security. ... It is far easier to diagnose, repair, and find fixes for the Windows ... than to do the same thing from within the *NIX OSes. ...
      (microsoft.public.security)
    • Re: Windows Is More Secure Than Linux (the rubbish *nix)
      ... Windows was originally a standalone desktop product. ... From a security viewpoint, *nix has always had to bolt ... > The total number of vulnerabilities in an operating system (however ...
      (comp.security.misc)