Posted by: John Bradshaw, VP WW Sales Engineering –
I have hired a lot of Sales Engineers over my career, and expect to hire a lot more before I retire. Like Liam Neeson in Taken, I look for a particular set of skills when searching for that one SE that fits the bill. Over time, I have developed a series of questions I ask candidates that span across multiple security disciplines. I have found my questions have required very little modification as new technologies have rolled out because they focus on whether candidates truly understand the basics of information security.
What are some of the fundamental basics I feel any security practitioner should understand? Here are some key areas – if you find yourself scratching your head trying to think of possible answers, it may be time to refresh your core security skill-set.
The Trusted Advisor Scenario
Yes, every vendor claims they want to be your Trusted Security Advisor. How many can actually have a substantial discussion beyond their own company’s technologies? If I had information I absolutely did not want to get into the hands of nation-state threat actors or organized crime syndicates, what would you recommend I do? Do I get an answer that only focuses on one attack vector? Is the candidate only focused on technology? Do they just brain-dump a list of products with no rhyme or reason?
I look for people that understand security is more than a technology issue, look for staff and vendors that truly understand this and you will build a very solid team around you.
The Persistence Scenario
Your endpoint is still compromised after you rebooted the system or logged out. Can your team members explain in detail all the various ways this can be accomplished? No, “installing a backdoor” is not the answer. If you don’t know how breaches can be persisted in your infrastructure, how do you know where to hunt for compromises?
The Hidden Shell Game Scenario
I’m a bad guy. I’m going to hide files on your system. How many ways can you think of to do this?
The Friction Scenario
No single security solution solves every security problem. Enterprise security design involves creating as much friction as possible, narrowing the gap so that when an attacker does breach you, there are only a few possible ways for it to happen. Can you articulate ways to deploy key technologies in a manner that generates as much friction as possible? Can you outline how they fit into a SOC/IR Operational workflow? Any recommendation to acquire new technology should be able to provide reasoning using the friction scenario approach.
The Vulnerability Scenario
How could two different vulnerability scanners return two different results against the same system? Before you shout out an answer, I will throw some qualifications around the scenario that will really get your head scratching. It’s more than just understanding how vulnerability scanners work, do you truly understand the operational status of the systems in your organization?
I have others that cover the gamut from networking to file hashing and, of course, I ask a bunch of sales related questions. But I especially like the ones that show me the person’s thought process. You have to think like the bad guy to be good in this field – your Cyber Kung Fu must be strong.