Monday, November 17, 2008

infosec interview questions part III

I've had two other posts relating to questions to ask a candidate during an interview (here and here). It's a tough economy out there, lets reverse roles and ask questions to the interviewer. I'll still sort by Bloom's Taxonomy, however most questions are focused on understanding your potential environment and it's priorities.


  • What tools do you or your team rely on?
  • How big is the team, what are the hours expected?
  • What is the goal of infosec within a company such as this?
  • What kind of constraints does your department have?
  • What regulations or mandates are you with-held to?
  • What's the largest threat to your business? What countermeasures did you apply to mitigate?
  • Do you put more emphasis on protecting, responding, or staying in compliance?
  • What is the biggest concern, security or otherwise, you would see me as addressing within your organization?
  • Where do you think security will be in 5 years as a [practice|industry|concept]?
I'll add more to this as I come up with ideas.

grassroots response to organized crime

The nation-states are lame when trying to prevent threats such as RBN. The air force attempted to create a cyberspace division but that crashed and burned.
Volunteer organizations like SANS, hostexploit, honeynet, and backbone providers are having a substantial affect on disrupting the threat's infrastructure.
atrivo, estdomains and now mccolo are either defunct or crippled.
I hope DHS or US-CERT had coordination going on in the background. I love this chart.

Monday, November 3, 2008

Code of Conduct

A team must develop respect and confidence through how they communicate. Section 4.2.1 of theCSIRT handbook from CERT/CC and CMU SEI outlines one such approach. It's nice but the gif they include in there is all but unreadable and I can't find other sources. Focusing on these areas on a continual basis will assist in doing so during a stressful time (such as handling incidents). Below is what it says:
  1. Focus on the [teams] strengths
  2. Adapt to the audience
  3. Speak for yourself
  4. Do not speak for others
  5. Make complete statements
  6. Make concise statements
  7. Avoid the use of jargon
  8. Be sensitive and diplomatic
  9. Avoid arrogance
  10. Avoid being familiar
  11. State the facts
  12. Be truthful
  13. Retain control
  14. Avoid shock tactics
  15. Maintain confidences
  16. Make no promises
  17. Teach
  18. Stress the positive
  19. Apply quality control
  20. Use constructive criticism