Re: Need Tips for Security Job Interview

[Dave Dearinger <daved () mdon-line com>]

I would ask some of the following questions.
Do you have a home network/computer? Describe how your home 
network/computer is organized and what steps have you taken to secure your 
setup.
Describe the procedure you would use to restrict access to a developer 
subnet from a customer service subnet and how would you know if the access 
restrictions have bee bypassed?
What would you do if you discovered an employee that you had developed a 
friendship with had exceeded their network access permissions? What if that 
person was your manager?
What would you do if a superior asks' you to perform a task that you know 
could be a network security risk?
Have you ever been disciplined by an employer or university administration 
for network security violations?
How much time, on average, would you say that you spend reading on computer 
security in a week?
Tell me about the latest computer security issue that you are aware of 
given a computer running {$company_OS_of_choice} that has been patched to a 
fully up to date state three weeks ago?
What is SYN/ACK?

Some people may be less of a BOFH, but I really do think that a good 
indicator of how security conscious a potential employee is by how well 
they protect their own stuff. I believe in George Carlin's perspective of 
"My stuff, your cr@p". Don't be surprised if you get a quite a few ethics 
questions.


-Dave Dearinger
-Network Administrator
-MD-Online Inc.
-daved () mdon-line com
-1-888-397-3434
=============================
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.


At 07:02 AM 7/8/2004 -0700, nuerostar-basics () yahoo com wrote:
> Hi,
>
> I will be going to be interviewed for a Security
> related position - entry/mid level.  I do have
> experience in the field, but I am about to finish
> college very very soon.
>
> So I was wondering could I get some questions from the
> members on here - on what you ask me if I were being
> hired about your company for a security consultant -
> entry level job.  Lets say I have 3 years of IT
> experience...so I would say I am intemediate level.
> Any advice on what to prepare ? or what to expect on
> the interview is highly appreciated.
>
> Advice/guidance all appreciated.
>
> Thanks,
>
> Nuero


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------