andy cuff wrote:
So how would you identify passion quickly, personally I like
what cons have you
been to? If they are passionate but poor they would reply
none but I'd like
to .... What books have they bought, what tools do they
use what sites
do they visit email them at night and see how long it
takes them to reply
You can identify someone who knows about security I think if they can reply
with something more than "I know about CheckPoint/Cisco PIX/[insert Vendor
name here] firewall" - then you know you're dealing with someone who treats
Security as a buzzword or an afterthought of being a SysAdmin.
In an ideal world a SysAdmin is the Security Administrator, but hey I
remember 20 years ago when knowing how to fix computers meant you pretty
much knew everything there was to know about computers (within reason of
course).
It's such a broad area nowadays that it really depends on what roles you're
talking about, acting as a consultant for Risk Management and doing security
audits is different to being a Penetration Tester.
Tools-wise you can't go past someone who knows their Perl, C, bit of
Assembly thrown in with a good mix of the trusty old nmap, netcat and
tcpdump.
Most people nowadays would be able to learn how to use Nessus, or even
easier the Metasploit Framework to make cracking a breeze.
Maybe I'm getting jaded and showing my age too ;)
--
Shaineel Singh
MakePeace Media LTD
http://mpm.org.au/shsingh
pgp id: 0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
This message was written entirely with recycled electrons.
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
