nanog mailing list archives
Re: How to get better security people
From: "Kelly J. Cooper" <kcooper () genuity net>
Date: Tue, 26 Mar 2002 19:54:11 +0000
On Mar 26, 2:15pm, Sean Donelan wrote:
Subject: Re: How to get better security people
* *On Tue, 26 Mar 2002, Tony Wasson wrote: *> >> If I was looking for top security talent, what would I ask for whether *> >> I was hiring directly or outsourcing? *> *> I agree with Steve Wilcox, incidents are important. I would ask for a *> description of the 3 most interesting incidents they've ever worked on, and *> what they contributed. * *I'm sorry, but that's confidential information and I can't disclose it. * *Would you hire a "security" person, who will likely be involved in the *most embarrassing slip ups your company makes, if he tells people about *"interesting" incidents at previous employers. * *Maybe, it depends on what he says. Long ago and downstairs, when I used to interview people for Operations Security, I asked each candidate whether s/he had ever handled a Denial of Service attack or an intrusion, and if so, could they describe in general terms how they handled it? I would specifically ask them to NOT provide any identifying info, just the process (and an explication of the attack) so I could gauge their understanding of the situation. I also had a short list of other questions that I used to try and get a feel for the person's "security minded-ness" (my term, I invented it a'ight?). Because when it comes to ISP security, there's a very limited pool of talent so candidates are unlikely to come in with the right skillset native. But if the person comes in and s/he is someone who thinks about scenarios and contingency plans and has a working knowledge of networking/computing, then I can teach him/her everything else. Kelly J. -- Kelly J. Cooper - Security Engineer, CISSP GENUITY - Main # - 800-632-7638 3 Van de Graaff Drive - Fax - 781-262-2744 Burlington, MA 01803 - http://www.genuity.net
Current thread:
- RE: How to get better security people LeBlanc, Jason (Mar 26)
- RE: How to get better security people Avleen Vig (Mar 26)
- RE: How to get better security people Sean Donelan (Mar 26)
- RE: How to get better security people Stephen J. Wilcox (Mar 26)
- RE: How to get better security people Avleen Vig (Mar 26)
- RE: How to get better security people batz (Mar 26)
- RE: How to get better security people Sean Donelan (Mar 26)
- RE: How to get better security people Avleen Vig (Mar 26)
- RE: How to get better security people Jim Popovitch (Mar 26)
- <Possible follow-ups>
- RE: How to get better security people Jay Fielding (Mar 26)
- Re: How to get better security people matthew zeier (Mar 26)
- Re: How to get better security people Sean Donelan (Mar 26)
- Message not available
- Re: How to get better security people Kelly J. Cooper (Mar 26)
- Re: How to get better security people Sean Donelan (Mar 29)
- RE: How to get better security people Tim Irwin (Mar 29)
- Message not available
- Re: How to get better security people Kelly J. Cooper (Mar 29)
- Re: How to get better security people Sean Donelan (Mar 29)
- Message not available
- RE: How to get better security people Jim Popovitch (Mar 26)