Hello everyone, last week or so I saw a local advertisement for a job opening as an Information Security Specialist. The job description included knowledge of TCP/IP, Security Monitoring/Analysis, Pentesting, Computer Forensic, configuring and administering Firewall/NIDS and etc. The company that posted the ad is a well known financial corporation where I live and well... I decided to submit my resume and see what it has to offer.

That same week I quickly received a call from the company and a date was schedule for the interview. In my day of the interview I met with the CISO (Chief Information Security Officer) and the following technical were asked:

- Explain TCP/IP and mention its layers.
- Explain layer 2 of the OSI model.
- Explain layer 3 of the OSI model.
- Difference between TCP and UDP.
- Difference between Telnet and SSH.
- How does SSH encrypts the data?
- Explain how fragmentation occurs within a network.
- Define Malware?
- What is a sniffer and what is it used for?
- What is Netcat and what is it used for?
- What is a Buffer Overflow and what is it used for?
- The interviewer drew a diagram on a piece of paper consisting of two machines in a LAN, a Gateway and a Web Server in the Internet hosting a financial site via HTTPS. Explain how an attacker (Machine A) could sniff traffic from victim (Machine B) and is the attacker able to see the encrypted data and how was this accomplished. How can the victim know that he was being attacked by the attacker?

I did pretty good and answered all the questions. He was somewhat impressed. He told me that I was the first to answer all the questions and that I'm the person he was looking for. He went on saying that these questions were easy, however, the candidates he interviewed that day were having difficulty answering them.

Well, now I just have to wait and see if I get the job offer and if the salary and compensation package is better than my current job.

Wow, yeah that's really interesting.

Out of curiosity, were you asked about your certifications at all? I've seen either in other posts here, or elsewhere, that sometimes people don't understand the CEH and may question it. Just wondering if the CISO had asked about that or the OSCP at all and what that conversation included.

Good luck with the job and all, hope it works out! Keep us informed

Sounds like you have something promising going, congrats! let us know how it turns out.

I recently interviewed for a security opening and for the first time ever I was given a written Perl exam. Some of it was really basic, but there were large sections of code and sytax that I had to analyze and write out what it was doing and also I had to write out code myself. I think I got about an 80% on it, however what was odd, what that nowhere in the Job req did it mention perl.
Kinda of strange, and the panel interviews were just a nonstop technical barrage of really specific questions, not just explain what a firewall is or something lame like that. I was so impressed with their interview, it would be really hard to turn down an offer from them if I got it. Oh well, will wait and see.

Awesome, congrats!

Thanks!! 

Thanks again, I'm currently at the negotiating table. Let see what happens.

Finally after some negotiating I got the job!! I'm excited and looking forward to work for this company. Their security department is new and a lot of work needs to be done. Let see how it goes.

Well done.

Sounds like there's an article in there somewhere... 

Don