In IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job, the authors cover core information security topics, and then pose various questions that may come up in the course of an interview. Some of the areas covered are network and security fundamentals, firewalls, regulations, wireless, security tools, and more.
The book is a standard interview preparation guide, with a focus on information security.
Last week, Gal Shpantzer, in a moment of levity, wrote a blog post We Didn't Start the Fire(wall), set to the tune of We Didn't Start the Fire by Billy Joel.
The highlights of Gal’s prose are as follows:
Hacktivism, PGP, Red China, Entropy
BlackBerry, Neuromancer, PageRank SEO.
Dan Kaminsky, Richard Nixon, Studebaker, Max Vision
Red Pill, Blue Pill, CISSP.
RADIUS, Logic Bomb, Pain Ray, Johnny Long
Gene Schultz, The King And I, when do we stop SQLi?
Robert Morris, Vaccine, England's got the same queen
DVD Jon, Liberace, Operation Bot Roast.
Chorus: We didn't start the firewall
It was always burning
Since the URL’s been turning
We didn't start the fire
No we didn't light it
But we tried to fight it.
Pirate Party, Rybolov, Nimda and CSRF
Blaster LoveBug, John The Ripper, Communist Bloc
SRI, BBN, PDF bugs round the bend,
D-N-S Fails, Synchronize the Clocks.
Stuxnet, LASER Beam, BSides’ got a winning team
Hoffacino, Xerox PARC, Kristin Paget, Bletchley Park.
Lycos, LulzSec, Altavista, Cuckoo’s Egg
Freedom Frisk, Howard Schmidt, Paris Hilton’s Sidekick.
Cyber Storm, AirCrack, Mickey Mantle, ENIAC
Mitnick, System High, It’s the year of PKI
Keyloggers, Stacheldracht, Operation ShadyRAT
BitLocker, SecuTwits, Sony-BMG Rootkit
SE Linux, @Beaker, EFF, Mafia
SIPRNET, Lamo, Ripco is a no-go.
U2, WikiLeaks, IANA and IRC
Securosis, RAND Corp, Hacker’s Manifesto
Zimmerman, LANMan, Stranger in a Strange LAN
Webcam, KLM, APT invasion
(David) Bell-Lapadula, Foursquare check-in mania
Vint Cerf, Trojans, GPUs make BitCoins
RSA: Blown away! What else do I have to say?!?
451, brute forcing, Kerberos is back again
Pick locks, teraflops, Captain Crunch, DevOps
Begin, Reagan, Cross Domain, hackers bringing Titan Rain
Ayatollas in Iran, US in Afghanistan
9/11, Sally Ride, Biba Model, suicide
Foreign debts, homeless vets, AIDE, Crack, iOS
Got collisions in the SHA, China's under martial law
BYOD, browser wars, I can't take it anymore!
Most of the people I shared this with got a kick out of it. While Shpantzer won’t be quitting his day job anytime soon in pursuit of a Grammy, I think his lyrics make a great hiring tool to be used in the interview process.
While Shpantzer meant this as a comic relief vehicle, I think he might be onto something much bigger. Here is my idea, next time you are going to interview someone for an information security spot, don’t obsess on their resume; rather show them We Didn't Start the Fire(wall) and ask them to explain them.
The (ISC)² CBK (common body of knowledge) is a taxonomy used as a basis for the CISSP exam. It is a collection of topics relevant to information security professionals around the world. It establishes a common framework of information security terms and principles which allows information security professionals worldwide to discuss, debate, and resolve matters pertaining to the profession with a common understanding.
Shpantzer created his own CBK and if the job candidate can adequately explain We Didn't Start the Fire(wall), then they likely have a good handle on information security. It covers everything from encryption, malware, certifications, industry personalities, to industry conferences, hacking tools, protocols, hardware, operating systems, vulnerabilities and much more.
Of course, if too many people take my advice, then we would see the beginning of We Didn't Start the Fire(wall) boot camps, prep guides, books, cheat sheets, seminars and more; which would obviate the efficacy of it as a testing tool.
But if that would happen, Shpantzer would likely have by then written We Didn't Start the Next Generation Fire(wall).