How to prove the utility of an infosec interviewee in four questions
I like to hire infosec geeks that I can get along with. What this means in practical terms is that I need a way to see through your resume (which never seems to contain people’s alternate identity information) to who you really are as a practitioner, what sort of philosophy you have towards information security, and how easily I’ll be able to manage you.
To that end, I’ve got a list of only 4 questions that I use to determine “fit”. These questions are the only ones I really need to ask since there are HR people (who I get along with well – cough cough) who can take care of making sure that if you say you’re a CISSP, you’re actually a CISSP.
In no particular order here’s the questions I ask and the sorts of answers I expect. If I’ve interviewed you, you’ll probably now figure out who I am 🙂
1/ What is the hostname of your computer / essid of your wifi
This tells me if you love computers / get the hacker culture (know thine enemy), or if you see computers as a collection of parts which does not deserve a unique name.
Examples of good answers: hephaestus, neo, glitch, pieceofcrap, please_steal_my_signal, plausible_deniability
Examples of bad answers: consumerpc_67242, Bob’s Computer, livingroom, linksys
2/ Which infosec event/conference do you think is the *one* you need to attend each year
This tells me which school of thought in infosec you adhere to – even more than your resume can.
Examples of good answers: Blackhat, DEFCON, CanSecWest, Shmoocon
Examples of bad answers: RSA, SANS, Learning Tree
3/ You’re doing a walk around and notice an iPod plugged into a laptop – what do you do
This is peripherally related to #2, but tells me whether you will be manageable or not – can you do things “our way” or are you fanatical.
Examples of good answers: What does the Infosec Policy have to say? Does the employee seem to have any other risky behaviours (browser open to F*ckedcompany.com)?
Examples of bad answers: Take away the iPod and cable and then report the user to their manager.
(What is the point of worrying about it – *they take the laptop home every night and it’s got a 120gb HD*)
4/ You’ve been asked by HR to take a copy of an outgoing employees computer – what do you do
If you don’t start out your answer by asking about evidence requirements you’re not getting hired.
Examples of good answers: Do we have EnCase? I’d like to have you also with me to ensure that we’ve got a good chain of custody.
Examples of bad answers: I read somewhere that you can use a Linux thing to copy disks. I could get one of the windows admins to ghost the box.
What is interesting is that these 4 questions work for almost all situations – both when you’re looking for a progressive lateral thinker (like I am right now) and when you’re looking for someone who is best described as a “policy wonk” (apologies to the 3 policy wonks I know who are not also members of the AIPWWNGI (Association of Infosec People Who Will Never Get It). Try it – you might find your next good infosec person based on these questions.
And if you now recognize that I interviewed you – I’d like to apologize for being such a dick. I don’t actually have much to do with the hiring process.
[tags]interviewing, resume, getting the job, hiring techniques, information security professionals, ranting[/tags]