RE: University Degree or CISSP

[Mark Teicher <mht3 () earthlink net>]

Relocate to where is always the first question that should be asked, some places are ok to relocate too, others are 
not, or if the potential candidate has to much of a lifestyle of where they maybe.  There are some who work VO and have 
no idea if they shower, or even bathe when they start IM'ing for the day.

The issue is not about certificates or degrees, does the potential candidate actually know what they are doing.  A 
couple of good questions to ask is:

Examples:

1. Please describe the various configurations one can do with /etc/inittab
2. Describe in detail how a DHCP exhaustion attack works
3. What is the difference between a passive and active network scan, and why would passive be preferred ?
4. How does one take over a root name server ?
5. If the email symbol was developed in 1969, and you were born in 1964, can you possibly state you have been working 
in information security for 25 years ?  (This is always a good question to ask potential CSO's of product vars or 
integrators).. 


-----Original Message-----
From: "Hodges, Bob" <Bob_Hodges () bshsi com>
Sent: Sep 6, 2005 10:16 AM
To: security-basics () securityfocus com
Subject: RE: University Degree or CISSP


 There are 9 layers - 8 is politics and 9 is religion.  They both trump the
lower 7.

Also, I see no preference with experience, a degree, certification or any
combination thereof, so I went for both and I find that the biggest hurdle
is whether one is willing to relocate.

Bob Hodges, ISO, BBA, CHS, CISSP,GSEC Gold, GSLC

-----Original Message-----
From: Simon Borduas [mailto:sborduas () hypertec ca] 
Sent: Thursday, September 01, 2005 9:19 AM
To: Mark Teicher
Cc: security-basics () securityfocus com
Subject: RE: University Degree or CISSP

This is off topic, but I couldn't resist.

On 30 Aug 2005 at 21:14, Mark Teicher wrote:

> The math should go without saying, that should eliminate the potential 
> candidate with HR.  Hmm, candidate can't add, but yet claims all this 
> experience, possibly this potential candidate believes there is 8 
> layers to the TCP/OSI stack..

At the company I work for, there is a 8th layer to the OSI model.
It's the CEO layer. Forget about datagrams, if this guy doesn't like the
packet (read package) my solutions are doomed.

Regards,

Simon Borduas, CSO and CISSP


________________________________________________________________________________________________________________________________
________________________________________________________________________________________________________________________________

The information in this communication is intended to be confidential to the Individual(s) and/or Entity to whom it is 
addressed.
It may contain information of a Privileged and/or Confidential nature, which is subject to Federal and/or State privacy 
regulations.
In the event that you are not the intended recipient or the agent of the intended recipient, do not copy or use the 
information
contained within this communication, or allow it to be read, copied or utilized in any manner, by any other person(s).  
Should
this communication be received in error, please notify the sender immediately either by response e-mail or by phone,
and permanently delete the original e-mail, attachment(s), and any copies.