Full Disclosure mailing list archives
RE: [inbox] Re: Training & Certifications
From: "Curt Purdy" <purdy () tecman com>
Date: Sat, 3 Apr 2004 07:34:35 -0600
Robert Repp wrote:
I'd like to be able to point out a credible authority whose training informs our work.
<snip>
I agree that the right people and skillset is much more important than simply having the right certs on the lobby wall. Side question: Is there a reliable test you favor when interviewing new techs about network administration?
I'm not an authority on training as the only training I've had is SANS, but I can vouch for the quality it. My hat size was two sizes bigger when I got out of there ;) But I can talk about hiring qualified people for both sysadmin and security work. Although a bunch of letters behind the name don't mean everything (even if they are PHD), when I see certain letters, I do pay closer attention. But when it comes to a decision, I usually make it from a 15 minute interview where I ask a series of 5-10 increasingly difficult questions. I'll break the ice by starting with something facetious like "What is the first thing you do with a Windows box and the last thing you do with a *NIX box when you have trouble?" Answer: reboot. Then I'll go with something like "How do you see what ports are open and to whom on a Windows box?" Progress to "What is a tcp/ip 3-way handshake?", and "How do you disable remote root access on a *NIX box?", and culminate with something like "What is a regular expression?" For sysadmins, I ask easier, more system specific questions, but for security I ask broad, tough questions because of the requirements of the field. I have only had one person so far, answer all correctly. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Training & Certifications, (continued)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- Re: Training & Certifications Dave Howe (Apr 03)
- Re: Training & Certifications Ron DuFresne (Apr 05)
- Re: [FD] Training & Certifications Andrew J Caines (Apr 05)
- Re: Training & Certifications Exibar (Apr 05)
- RE: Training & Certifications Laura Taylor (Apr 06)
- Re: Training & Certifications Exibar (Apr 06)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- RE: Training & Certifications Bojan Zdrnja (Apr 05)
- Re: Training & Certifications Valdis . Kletnieks (Apr 05)
- RE: [inbox] Re: Training & Certifications Exibar (Apr 05)
- Re: Training & Certifications Dave Aitel (Apr 03)
- RE: [inbox] Re: Training & Certifications Curt Purdy (Apr 04)
- Re: Training & Certifications John Sage (Apr 05)