[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [inbox] Re: [Full-Disclosure] Training & Certifications

To: "'Robert Repp'" <robertrepp@xxxxxxxxxxx>, <keydet89@xxxxxxxxx>, <exibar@xxxxxxxxxxx>
Subject: RE: [inbox] Re: [Full-Disclosure] Training & Certifications
From: "Curt Purdy" <purdy@xxxxxxxxxx>
Date: Sat, 3 Apr 2004 07:34:35 -0600

Robert Repp wrote:
> I'd like to be able to point out a credible
> authority whose
> training informs our work.
<snip>
> I agree that the
> right people and
> skillset is much more important than simply having the right
> certs on the
> lobby wall. Side question: Is there a reliable test you favor when
> interviewing new techs about network administration?

I'm not an authority on training as the only training I've had is SANS, but
I can vouch for the quality it.  My hat size was two sizes bigger when I got
out of there ;)

But I can talk about hiring qualified people for both sysadmin and security
work.  Although a bunch of letters behind the name don't mean everything
(even if they are PHD), when I see certain letters, I do pay closer
attention.  But when it comes to a decision, I usually make it from a 15
minute interview where I ask a series of 5-10 increasingly difficult
questions.

I'll break the ice by starting with something facetious like "What is the
first thing you do with a Windows box and the last thing you do with a *NIX
box when you have trouble?" Answer: reboot. Then I'll go with something like
"How do you see what ports are open and to whom on a Windows box?"  Progress
to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root
access on a *NIX box?", and culminate with something like "What is a regular
expression?"

For sysadmins, I ask easier, more system specific questions, but for
security I ask broad, tough questions because of the requirements of the
field. I have only had one person so far, answer all correctly.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Training & Certifications
  - From: Robert Repp

Prev by Date: Re: [Full-Disclosure] Training & Certifications
Next by Date: Re: [Full-Disclosure] FD should block attachments
Previous by thread: RE: [inbox] Re: [Full-Disclosure] Training & Certifications
Next by thread: Re: [Full-Disclosure] Training & Certifications
Index(es):
- Date
- Thread