[funsec] How Not to Get a Homeland Security Job
fergdawg at netzero.net
Thu Jun 8 14:27:59 CDT 2006
I'm kinda, sorta on vacation this week (more like hanging around
the house doing "honey-do's" before I start my new job next week),
and Blogger is having troubles yet again, so you might see a few
of these from me while I have some time on my hands. :-)
Via 27B Stroke 6.
An experienced computer security professional I know recently interviewed for a position at the Department of Homeland Security:
"I just got off the phone with the DHS, in an interview for the Security Architect position. "
"Here are a few of the questions he asked me, with my answers (Okay, not verbatim). I should point out that he made it clear he was seriously strapped for time."
Q: How do you feel about port 80?
A: It's better than port 23, but not as good as port 666....
Q: What would you do to secure TN 3270 emulators?
A: Disconnect them and upgrade to the 21st century.
Q: What is your experience with FISMA, FIPS, and FSH?
A: Limited. I'm allergic to acronyms beginning with "F."
Q: What do you know about firewalls?
A: People think they stop malicious activity. They're wrong.
Q: What would you do if you were asked to testify before Congress?
A: Wear an ill-fitting suit and lie through my teeth so I wouldn't stand out.
"Humor (or pallid attempts thereto) notwithstanding, how do you answer broad questions like this, especially when the interviewer interrupts you after three or four words to move on to the next question? For example, after he asked me the 3270 question, he interrupted my answer with, 'you obviously don't have any experience with mainframes; let's move on.'"
"I very nearly replied, 'I've been working with mainframes since O/S 360, fucker. How about you?' But of course, I didn't.
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg at netzero.net or fergdawg at sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec