Surely you're looking for someone who can tell you what they are trying to protect from ie hacking, DoS, DDoS and how and why that is a security problem.. Then I guess you want them to have had sufficient experience to know how the different security products address these issues. No other major points really.. Product specialisations must be a distraction - if their knowledge and training comes from Checkpoint training then they may not know the details of the attack method and are more familiar with config'ing a checkpoint than what it is doing and in what areas it lacks.. And qualifications should never outnumber instances of hands on experience, what good is an academic with little knowledge in the field! Steve On Tue, 26 Mar 2002, Sean Donelan wrote:
On Tue, 26 Mar 2002, Avleen Vig wrote:
On Tue, 26 Mar 2002, LeBlanc, Jason wrote:
On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;)
Fewer and fewer companies are paying attention to network security with the right mindset. They all want peopl who have been in the field for 7-10+ years, with 10+ years of general systems admin skills.
I attended my first IETF meeting in 1991. There were 384 attendees. There are very few people who really have 10+ years experience in this industry.
If I was looking for top security talent, what would I ask for whether I was hiring directly or outsourcing? Do I want a bunch of ex-miltary, ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none of which have existed for 10 years, published papers, can answer tricky questions about checkpoint firewalls (why is a confusing firewall configuration a good thing?), a college degree in crypto, big 5 accounting firm (or is that now big 4 accounting firm)?
The problem right now is if you advertise for a job, you will get blasted with literally tens of thousands of resumes. What should I be telling the HR department to look for?
Likewise, if I was going to outsource. What should I be looking for in a security management provider?
The best information security person I've ever met/worked with/etc was at Disney Imagineering. I've yet to find anyone at a security consulting firm or other company that came close to matching him.
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008