RE: Interview Questions

["Mark Brunner" <mark_brunner () hotmail com>]

Keith,

You sound like a tough interviewer.  This is to your credit, and I find that
this is the only way to go, myself.  It is imperative to perform due
diligence in the hiring process.  A little "Hi, how are you?" then a bit of
"What do you bring to the table?"  You are trying to assess skills and fit,
afterall.  If the subject is insulted because you don't just take their word
for it, they are probably not the right candidate.  If they simply admit
that they are unsure, they at least get partial credit in my books.  They
might not understand clearly what is being asked, or simply be nervous.
This is where I look for a follow-up email, outlining what was discussed,
and what the candidate discovered.  I don't prompt or mention it.  I expect
the candidate to research it on their own initiative, showing genuine
interest.

Are you usually drilling to measure the candidate's ability to think on
their feet, or would you react positively to the production of sample work
relevant to the question posed?  Would you see this as showing preparedness
and understanding of potential issues, or just smoke and mirrors?

I ask, as I cart around a portfolio of work, employer reviews, example docs,
and the like for occassions such as those where there are many possible
answers or ambiguity.  It is often very difficult to formulate a realistic
strategy when confronted with minimal information and/or a complex technical
issue.  I was wondering what others think of such strategies.  (I get mixed
reactions, but not enough interviews lately to really analyze.  I am
working, though...)

When interviewing, I will sometimes take a break from the interview room
with the person, and go for a coffee.  This tactic usually disarms them, and
allows me to crack the facade before asking subtle but probing questions.

> I hit 'em with a tech quiz, then follow it up with the
> "we're planning on deploying ....... and security is a huge concern with
> this project, as such what suggestions would you have for ...... and how
> would you approach ......"

Cheers!
Mark

-----Original Message-----
From: Keith T. Morgan [mailto:keith.morgan () terradon com]
Sent: Wednesday, August 23, 2006 2:01 PM
To: security-basics () securityfocus com
Subject: RE: Interview Questions

....  What I've found works, is a compromise between very specific technical
questions, and then more general questions such as the one mentioned by
another poster.

But that comes after I determine if their resume is full of lies and
exaggerations.

We've had great hiring success with this mixed approach.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------