There are certain requirements that you must meet in order to be an effective penetration tester in a infosec job role. The requirements deal with your level of security skills, your systems and network knowledge, the depth and breadth of tools at your disposal, and the OS and hardware on which you use them. Also critical is your attention to record keeping and maintaining the ethics of security.
What we’re talking about is hacking as a healthy recreation, and as a free education that can qualify you to get a high paying job. In fact, many network systems administrators, computer scientists and computer security experts first learned their professions, not in some college program, but from the hacker culture.
1. What are the most common types of attack that threaten enterprise data security?
2. How would you secure an office environment? What about a data center?
3. What are some common security vulnerabilities at the transport level?
4. What is SQL injection? How is it prevented?
5. In your opinion, what are the top five information security threats facing an organization such as ours?
6. If our organization experienced a major security incident, what steps should we take to manage the incident?
7. What is the role of digital certificates in encryption?
8. How do you stay up-to-date with technology? For example, how do you keep up with new information security threats?
9. Have you been involved in supporting incident investigations? What was your role? What was the outcome?
10. How do you ensure that security management is transparent and measurable?
11. What training do solution architects need to have in regards to IT security? What about developers?
12. What is the role of network boundaries in information security?
13. Can you give me a few examples of security architecture requirements?
14. What is a security policy and why do we need one?
15. Are you familiar with any security management frameworks such as ISO/IEC 27002?