PDA

View Full Version : Mock interview request


bigmike82
02-11-2010, 10:15 AM
So I may have an interview coming up for a security analyst position with a company here in SoCal. I'm generally pretty good with interviews, but all my recent interviewers were impressed with the fact that I knew what DNS stood for and what an A-record was. I have a feeling that, given the nature of the company and the position, I'll be grilled a lot more on the technical stuff. I do have experience with everything I listed on my resume, but some of it was from years ago so I'm not that up to date on it.

In preparation for the potential interview, I got to thinking what kind of questions I'd encounter. As everyone thinks differently, my questions are going to be different from the next guy's question.

I'm posting a sanitized copy of my resume below. Please post any and all questions you think could come up in an interview. Be as snarky or mean as you want...I need to prepare for these kind of questions before hand.

Thank you very much in advance for any assistance. I would be happy to do the same for anyone else here. :)

bigmike82
02-11-2010, 10:18 AM
It's completely unformatted, but looks better in word.

-------------------------------------------------------------

MICHAEL HALE

SKILLS

Security: GSEC certification; SSP-MSP (Protocol Analysis) Certificate; Firewall audits, architecture and configuration; Security policy planning, implementation and compliance; Network and security monitoring using commercial and open source tools; Intrusion Detection and Prevention architecture and implementation; Event log analysis; Incident response and remediation; Vulnerability assessment.

Linux: Architecture, administration, and maintenance of Linux-based desktop and server systems; Security audits and implementation on these systems.
Routers and switches: Configuration and maintenance (Cisco, ProCurve, Sonicwall); Routing and switching security on the same

Windows infrastructure: Architecture, installation, configuration and maintenance using Windows Server 2003 and 2008

Virtualization: Experienced in planning and deployment of Hyper-V and VMware-based virtualized server farms, using both SANs and local-storage

Wireless infrastructure: Planning, security, and deployment

Telco: Nortel Meridian Option 11c; Asterisk, Panasonic

Programming: VisualBasic.Net, C, C++, Assembly, Python, PHP, SQL (MSSQL, MySQL)

WORK EXPERIENCE

xxxxxxxxxxxxxxxxxxxxxxxxxxx
August 2009 – Present
IT Manager
• Managed IT department.
• Provided oversight and leadership to subordinates; Planned, designed and implemented complete network overhaul, including both internal infrastructure and customer-facing mission-critical systems.
• Conducted network-wide security review and remediation; Password and server recovery following compromise.
• Maintained, upgraded and consolidated server farm of thirty servers running a variety of Operating Systems, including Fedora, Ubuntu, CentOS, Solaris and FreeBSD.
• Planned and implemented strong security policies and practices in network resulting in secure, highly-available systems.
• Implemented security management system using OSSIM.

XXXXXXXXXXXXXXXXXX Oct 2008 – August 2009
Operations Manager
• Responsible for operation and maintenance of twenty server network.
• Maintained security infrastructure, including local and network firewalls.
• Responsible for maintenance and support of fifty bridge voice infrastructure.
• Implemented new secure virtualization architecture utilizing Hyper-V and an ISCSI SAN in a segregated network.
• Technologies include Microsoft Servers, Exchange 2007, CentOS, Hyper-V.

xxxxxxxxxxxxxxxxxxxxxx
Jan 2008 – Aug 2008
Network Administrator
• Responsible for operation, maintenance and security of 200-user network.
• Administered nine physical servers and two VMWare ESX servers.
• Responsible for router and firewall operation and maintenance.
• Taught SANS Security 401 course to six students over a three month period.
• Implemented new enterprise-wide, centrally managed anti-virus solution using Symantec.

XXXXXXXXXXXX
Jan 2007 - Present
Owner
• Owner and chief consultant of small consulting firm specializing in small business clients, which include residential, corporate and retail entities.
• Reviewed and repaired security infrastructure for small business clients, including firewalls, access-control and disaster recovery.

XXXXXXXXXX
Apr 2006 - Jan 2008
Network Analyst
• Supported and maintained all aspects of both PCs and Macs, ranging from hardware to software troubleshooting and repair for approximately 1000 users.
• Managed and installed basic security controls in infrastructure under my control, including Anti-Virus, IDS (Snort) and monitoring programs (Nmap, Wireshark, Nessus and Metasploit).
• Responsible for company's Help Desk ticketing system.
• In charge of backup system for all facilities in the Santa Monica area.
• Trained new IT employees in areas of server management, PBX Programming and the overall infrastructure.
• Completed the GSEC certification with honors; Topics included Incident Response, Hacking, Defense in Depth, Cryptography and IDS Systems.

XXXXXXXXXXXXXXX
Jun 2005 - Apr 2006
Network Administrator
• Administrated the clients' network infrastructure in a multi-office, high-user environment.
• Maintained high uptime on server; Ensured proper security measures were in place; Servers included Windows 2000 server, Windows 2003 server; Email servers included Merak Mail and Exchange Server 2003.
• Provided technical support as needed by staff and employees.
• Ensured proper DNS configuration.
• Installed and maintained anti-spam solution by Barracuda Networks.

EDUCATION

University of Advancing Technology
2009 - Present
Network Security Tempe, AZ
• Enrolled in full-time, fully-employed Bachelor of Science Program.
• B.S. expected in 2013.

Santa Monica College
2004 - 2009
Computer Science Santa Monica, CA
• Completed programming and internet technology courses in preparation for an Associate of Arts degree in Computer Programming.

AFFILIATIONS AND INTERESTS

Professional Societies: IEEE; ISSA; OWASP; LAMP; SANS; Journal of Digital Forensics Practice – Reviewer;
GIAC Advisory Board
Groups: Defcon 213; LA2600
Martial Arts: Tae Kwon Do (1st Degree Black Belt), Rugby, Kendo
Other Language Fluencies: German

6172crew
02-11-2010, 6:07 PM
Good Luck Mike!

Does the security include knowing Cisco A-Ls? I get cross eyed looking at some of the long ones and it was one of my weak point getting the CCNA cert.

I was thinking about working towards a security+ while carpet bombing my resume. I know the CompTIA stuff is basic but I'm not doing anything anyways.:)

ocabj
02-11-2010, 6:45 PM
Stuff I might ask for a security analyst interview:

- What is the difference between a stateful and stateless firewall?

- Why is important run network accessible services as a non-privileged user?

- What is the difference between a user invoking "su" and "sudo su"?

- Explain why you would not allow a database administrator to have superuser access on the database server.

- The Chief Financial Officer of the company is going to be fired from the company tomorrow. What steps do you recommend in locking down or otherwise removing all access the CFO has to company computing/network services?

I tend to participate on job interview panels where I work (especially when it comes to hiring students). I rarely ask technical questions about a person's claimed skills if they aren't job requirements (as defined in the job description). But sometimes I'll ask a few questions regarding specific skill sets to see if they actually have comprehension of the stuff they listed on their resume.

Looking at yours, I might ask:

1. What's the difference between and a class and object (in the context of object oriented programming)?

2. In assembly, how many bits is the result when multiplying two numbers N-bits in size?

3. What is the difference between RISC and CISC?

4. What is the use of the $_POST array in PHP?

5. What are data implications when upgrading a full revision of MySQL (for instance, from version 4.x to 5.x)?

bigmike82
02-11-2010, 6:54 PM
Thanks. :)

You mean ACLs?

Those are definitely a part of security, but also an important part of basic router configuration. Certain features (such as QoS/rate-limiting) require ACLs to function. More importantly, in my humble opinion, any config should make liberal use of ACLs for a base-level of security, even if you've got firewalls. The principle of defense-in-depth...

The sec+ materials are not bad for an initial cert, but it wont land you a job. Still, it can be useful, and there aren't enough admins out there who design security into their networks. It'll definitely be a plus.

bigmike82
02-11-2010, 6:57 PM
Thanks, Ocabj. The sec questions are easy for me, but the questions you posed on the programming are challenging. Thats something I need to look at more.

Thanks!

thomashoward
02-12-2010, 11:55 AM
Input from my son who is the IT for a large corporation

The top post is someone who is well qualified but with a loose employment history. If I were interviewing, I'd want to know why he bounced around as much. His longest stint of work is 2 yrs. This could be verified by following up on references at those companies. It could be he wasn't hired for salary-based long term employment, but contract-based consultancy... I would also accept moving, school schedule incompatibilities and I don't know what else, but I'd want to know why several of those positions were only for a few months.

He has experience with virtualization, scripting & programming languages and just about everything he needs for a good job. He has experience with Asterisk, which is a voice-over-IP based open source telephone server. Asterisk allows you to turn internet and equipment into a cheap phone system. Definitely a plus.

I'd probably drop off references to Defcon and #2600 :) Defcon is a worldwide meetup of hackers both good and bad. Some places would view this as a benefit, and some would view it as a liability. 2600 is an old zine/magazine of hacking tips and skills and other junk. Maybe you remember I used to have it around the house and the 2600 meetups? That guy that spammed our house with prank calls that one night was the leader of the local 2600 crew. When I hacked that motorola ultra-classic from the garage sale, I think I got the pinouts I needed to open it up on the networks via 2600. This is before the internet, when we used dial-in bulletin board systems.

All the other discussion below that is of his requirements, or anecdotal interview questions.
I'd want to know if he had any experience with Amazon/EC2, Sarbanes-Oxley, HPPA and California's recently enacted Electronic Discovery Act.

fyi only

bigmike82
02-13-2010, 6:48 PM
Thank you! I appreciate you asking your son to take a look. Definitely some good advice there. :)