http://danielrm26.disqus.com/dmiessler.com/about/enFri, 27 Feb 2009 01:38:27 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-6680917<p>good stuff </p>rathinapandiFri, 27 Feb 2009 01:38:27 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-5762696<p>VERY NICE LIST EXCELENT:</p>MR AKBARSun, 01 Feb 2009 19:37:20 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360228<p>@Curtis Thank you for that.</p>Daniel MiesslerSun, 23 Nov 2008 17:05:59 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360222<p>A network analysis D&amp;D? Ouch.</p><p><br></p><p>Nice list, Daniel. I think you should float all the easy questions to the top, so that you can vet the incompetent early in the process.</p><p><br></p><p>What I like to ask a candidate is "what are you best at? what do people come to you about when they need help?" and then drill down into the bits and bytes on that topic. That shows me if they take what they do seriously enough to have an in-depth understanding of it. Also, at some point in time my questions inevitably exceed their knowledge (I might ask about things I don't know about...) and then I expect them to tell me they don't know and will find out. If they try to BS me... NEXT!</p><p><br></p><p>Also as mentioned I like to ask about the bigger picture, what does it all mean from an organizational point of view.</p><p><br></p><p>-- Arik</p>arikbSun, 23 Nov 2008 16:30:15 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360225<p>Nice list, lol</p>The Real Steve CFri, 21 Nov 2008 23:50:59 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360226<p>This is great stuff! I've had to argue with seasoned security professionals about DH being subject to MITM. A great follow up on that, they they miss it, is have them whiteboard for you how it works and then watch to see how they react when you white board the key switch. If you see the light bulb go on, they may still be OK. Even professionals take the pre-established trust of a local keystore for granted.</p>Mark GamacheFri, 21 Nov 2008 12:10:03 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360223<p>My favorite question is "Prove to me you can protect my network". Poor candidates begin speaking about technology and solutions, good candidates talk about their previous experience, and great candidates take a high level view of the issue and speak about how they will help promote change, get management on board and begin to address the true scope of this open ended question.</p>ScottFri, 21 Nov 2008 09:02:36 -0000http://dmiessler.com/blog/25-questions-to-ask-during-an-information-security-interview#comment-4360227<p>Nice list. I've weeded people out before with the ping, tracert, and http vs html questions before. Good stuff!</p>randyFri, 21 Nov 2008 08:39:25 -0000