Interviewing for a Sec position. Tips and/or what should I expect in the interview?

brucet3

The interview is for a Junior Sec position, analyzing logs, creating incident reports, grunt work basically but I would really love to get it and get my foot in the door.

I'm currently studying for the SSCP (June 3rd), Backtrack PWB online classes(right after) and the CCNA:Sec in July before I start the MSISA @ WGU in August. I have a CCNA and Security + and have been doing labs, CBT's, reading and tweaking with home hardware for months now and it looks like I have an interview coming up next week sometime.

What should I expect?

Any and all feedback will be appreciated and taken in the spirit in which its given.


Thanks,

Bruce

the_Grinch

Know how SSL works including all the technical details. I'd also suggest reading up on the top ten common attacks and knowing how they work.

lsud00d

I might expect questions on cross-log correlation, basically 'what signs would you look for' in different systems (like a directory traversal attack in apache logs, etc).

As Grinch said be knowledgeable of common attacks (I like OWASP's page @ https://www.owasp.org/index.php/Category:Attack).

brucet3

Great advice guys, keep it coming!

Plan so far is to write one page on each of the top 10 attacks from last year, and then hammer SSL home.

I'm also studying for my SSCP so that knowledge won't hurt either.


Bruce

brucet3

I plan on doing both the CEH and the SSCP, but for the sake of this interview, should I look to study the topics in the CEH instead of the SSCP?


Bruce

dmoore44

Information Security Interview Questions | danielmiessler.com

the_Grinch

I'd also suggest knowing the common ports on both tcp and udp. I'd probably begin reviewing logs on various devices since that appears to be a main duty and you'll want to be able to speak to that.

brucet3

dmoore44 wrote: »

Information Security Interview Questions | danielmiessler.com

Pure gold...

brucet3

the_Grinch wrote: »

I'd also suggest knowing the common ports on both tcp and udp. I'd probably begin reviewing logs on various devices since that appears to be a main duty and you'll want to be able to speak to that.

Thanks Grinch! You're the man!

chaser7783

If you are going to analyzing logs and generating alerts / reports on them get used to log correlation. (I.e something like a Zeroaccess trojan infection can come from a host that was compromised by a blackhole exploit kit).

Like some have said learn well known ports udp and tcp( Known when DNS uses UDP, and when/why DNS will use TCP), also learn how a packet travels through a network and what happens when the packet goes through a proxy or load balancer( X-forwarded-for field, true client IP field etc) Also with that in mind learn http request and response methods(for web based attacks)

olaHalo

I know very little about security but I noticed the author said the CISSP is a weak security certification.
This is the first time Ive seen anyone say that. Could someone fill me in on what the author meant? Was it just an opinion?

thegoodbye

olaHalo wrote: »

I know very little about security but I noticed the author said the CISSP is a weak security certification.This is the first time Ive seen anyone say that. Could someone fill me in on what the author meant? Was it just an opinion?

He writes a bit more in detail about the CISSP in comparison to GSEC, here - CISSP vs. GSEC | Daniel Miessler

docrice

I thought this was a relatively good book (and light reading) to provide guidance when I read it a few years ago:

http://www.amazon.com/IT-Security-Interviews-Exposed-Information/dp/0471779873/ref=sr_sp-atf_title_1_1?ie=UTF8&qid=1369804884&sr=8-1&keywords=information+security+interview