After reading all the posts I have a few comments to make.

1) "How do I get InfoSec experience without the cert?" - start lower down on the experience ladder. How about network admin and work your way up. No you won't make the big bucks but it will provide you with lots of experience, and not just in InfoSec.

2) Different Certs try to do different things, but overall they would all be valuable IFF (if and only if) it was not possible for someone with no experience, no aptitude and good memorization(SP?) skills to pass.

3) HR should only weed out the obviously inappropriate resumes. The rest should be evaluated by the person doing the hiring. My HR person once recommended that I give a 3 question 3-5 minute interview to anyone who might be suitable, then from that create a short list. Results? Found a great person who didn't have a great resume, saved ourselves hours of frustration with people whose resumes looked good but shouldn't have been there and we have never had more than 4-6 people on our short list.

4) "the let them talk till they hang themselves" comment really struck home with me. It is unbelieveable how many people just have to keep talking after they answered a question, and always, and I mean ALWAYS end up shooting themselves in the foot for it. I don't know about others here that have done hiring, but I don't want it to be a long drawn out process. I want the candidates to answer the questions clearly and consisely and move on.

These are my opinions, counterpoints welcome.

Jeff.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/118/17036#17036