Security interview upcoming, what do you think I should be ready for?

MasterBullfrog

The focus is going to be Network security and Web application based security.

Can anyone give me any tips on types of things that I should be well versed on? This position revolves around vulnerability/security assessments/ethical hacking and some incident response. I'm sure I should also remain up to date with current trends in the security field too for talking points.

For the most part I feel that I am ready, however, there are things that I'm sure I could do more reading about.

Thank you

ChooseLife

If you have a detailed job description, read it thoroughly and brush up on the parts that you are least comfortable about.

Good luck!

the_Grinch

Off the top of my head without seeing the job description:

OSI Model and the attacks that pertain to each layer
Port numbers and the services that run on them
Various security acronym
Know how common attacks work and how to mitigate them
Study the job requirements (as others have said)

MasterBullfrog

the_Grinch wrote: »

Off the top of my head without seeing the job description:

OSI Model and the attacks that pertain to each layer
Port numbers and the services that run on them
Various security acronym
Know how common attacks work and how to mitigate them
Study the job requirements (as others have said)

Thanks!

Yeah that was my problem by the way, no job description. I was recruited.

jasong318

There was a blog posting a while back about 'Questions for an Intrusion Analyst' that was pretty good, let me find it...

20 Questions for an Intrusion Analyst » ActiveResponse.org

docrice

I felt IT Security Interviews Exposed did a good job of covering what's expected in infosec professionals:

http://www.amazon.com/IT-Security-Interviews-Exposed-Information/dp/0471779873

For me it's about a lot of the core basics, a decent amount of domain-specific knowledge (applicable to the type of position you're applying for), attitude, and mindset. Technical chops are just part of the overall picture.

MasterBullfrog

jasong318 wrote: »

There was a blog posting a while back about 'Questions for an Intrusion Analyst' that was pretty good, let me find it...

20 Questions for an Intrusion Analyst » ActiveResponse.org

docrice wrote: »

I felt IT Security Interviews Exposed did a good job of covering what's expected in infosec professionals:

http://www.amazon.com/IT-Security-Interviews-Exposed-Information/dp/0471779873

For me it's about a lot of the core basics, a decent amount of domain-specific knowledge (applicable to the type of position you're applying for), attitude, and mindset. Technical chops are just part of the overall picture.

Awesome!

Much appreciated guys - I'll get to reading asap.

psenior

I had an interview for a SOC job a few months ago. It was the toughest interview I ever had, technically. Technical phone interview, written quiz and lots of questions during the in-person interview. I was studying a lot around this time for my CCNA exam, so I thought I did pretty well on the networking questions. However, I didn't (and still don't) have any experience with firewalls, so I couldn't answer any of the questions having to do with iptables commands. Wish I had known about the above mentioned resources back then; will have to check them out myself as time and funds permit.

docrice

The great thing about firewalls is that anyone can set one or more up and learn for free. For host-based firewalls, Windows has one built-in, and especially when you start using Windows Firewall with Advanced Security you get even greater flexibility. For a network-based firewall, iptables on a Linux host with IP forwarding enabled is a good one, as well as pf on OpenBSD. You also have GUI-managed firewall packages (many with free community editions) that are built on top of these open source solutions. However, as a start I recommend getting dirty with the command-line.

Once you understand what a firewall looks and feels like, you then move into differentiating between static packet filters, stateful filtering, stateful inspection, and the latest incarnation which many vendors refer to as "next-generation" which is really mostly about application awareness / control (Fortinet, Sourcefire, Cisco, Check Point, Palo Alto Networks, Juniper...). Even Untangle supports application control these days on the free version.

But yes, there are lots to learn and lots of traffic to understand. For free. The only thing it really costs you is time and effort.

dover

MasterBullfrog,

I had a similar interview not long ago for an infosec engineer position with an organization with a ton of public web apps. The interviewer focused quite a bit on:

XSS
Cross site request forgery
Newer web application firewall technologies and products
SQL Injection
Remote code execution
Format string vulnerabilities

But everyone else is dead on. Be up to date on your acronyms and current trends and also be aware of what web sites you use to stay current on security information - packetstorm, MSISAC, SANS, CERT, etc.

Good luck!