Computerworld - It's been almost a month since I lost two security staffers, and I still haven't found replacements. Although we've found plenty of candidates, few have been truly qualified.
What's worse, the unqualified candidates have been getting through our screening process. I assumed that the recruiters we hired were filtering out candidates so that those who came in for an interview would at least be somewhat qualified for the job. They're not. I've interviewed about a dozen people, and only one was even remotely qualified.
The other candidates were either fresh out of school and had no experience or were what I call articulate incompetents. These "security professionals" could talk the talk but couldn't add a user to a Unix system if their lives depended on it.
If you're going to use recruiters to screen candidates, you need to provide them with a list of technical questions that anyone applying for the position should be able to answer. For example, a security engineer with Solaris experience should be able to describe the proper command to configure a network interface.
I'm now giving my recruiters a set of such questions with the correct answers. Armed with this resource, the recruiters should be able to filter out those who have good-looking resumes but lack practical experience. This should reduce the time wasted interviewing bad candidates. But it won't solve the basic problem: Good candidates are difficult to find.
Meanwhile, my arrangement with the network operations center (NOC) staff to pick up some of the day-to-day administration tasks is going smoothly. They're handling our Tripwire and SecurID infrastructure, and so far, only a couple of Tripwire incidents needed my attention. Fortunately, those alerts were false positives.
The Art of IDS Maintenance
I've been spending a considerable amount of time during the past few days tuning the three Snort intrusion-detection system (IDS) sensors. We deployed these sensors in northern California, the Southeast and the Midwest, and all are configured to watch our internal corporate LAN traffic. We've placed them on the network so they watch only the traffic in and out of the internal corporate firewalls. We also have Cisco IDS sensors that watch the external firewalls, but those have been tuned and are working properly. I manage them separately, but they all report to a central console.
Tuning an IDS is a very time-consuming and draining process. But it's also educational, because you become intimately familiar with how the network is configured and managed. By tuning the IDS engines, I've also gotten to know
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
