I agree with daffyduc. Certifications gets you in the good books of an HR. But, if you haven't learnt anything from your certifications, the IT interviewer will not select you.
Very true ! i have just interviewed 20 people, all were selected by HROriginally Posted by Metahuman
i ask them 2 questions
First walk me through NTLM v1 authentication and what's passed between the client and server.
Second what are chains in relationship to rainbow tables.
No ones got the first question even close ! a few have even asked what NTLM is
Also the info they get on the degrees looks to be a few years out of date.
Re:
o0hex0o:
Was this for a security professional position or for a network administrator?
The role is for a mobile device admin, design and test of builds of mobile devices, remote deployment of software and updates etc.
The last thing i want is someone deploying software or updates and not knowing what the implication to security is.
The questions are more about an inquiring mind, if someone has taken the time to actual understand how things work it shows a real interest and understanding of the subject.
To many 'admins' today are just happy to click next,next next or Google it not many are able to work it out for themselves.
Re:
I understand now! Nicely put "inquiring mind"..hmm.
I had a feeling it was pentesting related. I could almost see a reason for the question, in that case.
Not sure how many admin out there know the correct and full answer to that question, 'cause after managing servers, firewalls, dealing with users on a daily basis, making sure people you manage do their jobs, researching future technologies, dealing with corporate policies, managing your budget properly and other stuff like that, the last thing you want to know is what happens in the background when the user authenticates on his computer and how does the server respond to the request.
I think everyone forgets, that doesn't make them incompetent or unable to do their jobs. In the end I think knowing your stuff in important, but I think also knowing where to find the information when you need it, it just as important!
Do you have a list of questions that you asked? I'd like to see a few of them, since I am just an inquiring mind.
Holy irrelevant questions Batman!i ask them 2 questions
First walk me through NTLM v1 authentication and what's passed between the client and server.
Second what are chains in relationship to rainbow tables.
No ones got the first question even close ! a few have even asked what NTLM is
You asked those questions to someone who you were thinking of hiring as a mobile device administrator?
Those are highly domain specific and only seem relevant for someone whose job would be to attack authentication systems. While I have studied both subjects myself I would only be able to give you a general high level answer to those questions without doing a little research first - and I work in IT Security. Its just not something I (or most people for that matter) work with every day, so its not going to be something you remember without a little refresher.
Even for someone who worked in IT Security those questions would be difficult, and the ability to answer them in detail would be largely irrelevant to the majority of jobs in the field. Someone who worked in another area of IT wouldn't have a hope of answering.
If you want to check whether the person has an inquiring mind (which is a good goal), then you should ask questions relevant to their chosen field or job.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Re:
Lupin, you are funny!
BTW, you are right too!Holy irrelevant questions Batman!
I have a question for these interviewers.
Before you put those questions on paper, do you also google around for the right answer, just in case you might have forgotten some things, while dealing with life and other IT bull that does not require you to know the correct and full definition of the term?
I also think that since he ended up with 20 some people to interview, he was trying to separate the really good ones from the bad ones.
I actually ripped off streaker69 with that Batman line. He posted a similar thing recently. Don't tell him OK?Lupin, you are funny!
Yeah that's a better question. Its more focused on how the person thinks rather than if they know some specific and very random technical detail.
The goal is fine but going about it by asking a question that no one with a particular chosen skill set is going to be able to answer wouldn't be my chosen approach.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Long long ago (about 5-6 years ago) when I was forced to help judge applicants the main question that I asked was: "Tell me what you are working on right now. And then ask questions to see how advanced understanding of that subject is (the victim.... i mean applicant, did choose the subject).
Sin-cerely,
Trol
Not to mention dated and insecure.
Chains are irrelevant unless you're writing the software to build the tables.
Posting Permissions
