RE: Interview Questions


You sound like a tough interviewer. This is to your credit, and I find that
this is the only way to go, myself. It is imperative to perform due
diligence in the hiring process. A little "Hi, how are you?" then a bit of
"What do you bring to the table?" You are trying to assess skills and fit,
afterall. If the subject is insulted because you don't just take their word
for it, they are probably not the right candidate. If they simply admit
that they are unsure, they at least get partial credit in my books. They
might not understand clearly what is being asked, or simply be nervous.
This is where I look for a follow-up email, outlining what was discussed,
and what the candidate discovered. I don't prompt or mention it. I expect
the candidate to research it on their own initiative, showing genuine

Are you usually drilling to measure the candidate's ability to think on
their feet, or would you react positively to the production of sample work
relevant to the question posed? Would you see this as showing preparedness
and understanding of potential issues, or just smoke and mirrors?

I ask, as I cart around a portfolio of work, employer reviews, example docs,
and the like for occassions such as those where there are many possible
answers or ambiguity. It is often very difficult to formulate a realistic
strategy when confronted with minimal information and/or a complex technical
issue. I was wondering what others think of such strategies. (I get mixed
reactions, but not enough interviews lately to really analyze. I am
working, though...)

When interviewing, I will sometimes take a break from the interview room
with the person, and go for a coffee. This tactic usually disarms them, and
allows me to crack the facade before asking subtle but probing questions.

I hit 'em with a tech quiz, then follow it up with the
"we're planning on deploying ....... and security is a huge concern with
this project, as such what suggestions would you have for ...... and how
would you approach ......"


-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan@xxxxxxxxxxxx]
Sent: Wednesday, August 23, 2006 2:01 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Interview Questions

.... What I've found works, is a compromise between very specific technical
questions, and then more general questions such as the one mentioned by
another poster.

But that comes after I determine if their resume is full of lies and

We've had great hiring success with this mixed approach.

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.