One of the problems in the question is that Security is a very big
area and overlaps in many other areas.
Secure Coding skills are different from Pen testing skills/Network-OS
Admin skills/Encryption/Identity Management/Hardware etc... Though
many of them do overlap; you can never expect someone to be an expert
or even passionate about all of them.
Testing whether people are skilled/passionate regarding any of their
particular areas of experties will require specific targeted questions
that one would expect them to know.
I might ask what security related interests do the persue outside of
work? I.e. Do they subscribe to any Journals/magazines, go to (or
would like to go to) any conferences; read/contribute to these lists;
read Schneier's blog (or any security books); listen to pod-casts
etc... Are they learning anything new? Different people will have
differrent levels of passion and interest.
However, I'd still be more interested in their practical skills than
any passion. Passion is nice, but to know how to do the job is the
priority.
--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb
---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher
Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.
http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
