[Ma-linux] Looking for a particular Linux skillset with Information Assurance knowledge
ron at wigglit.com
Thu Jan 31 17:38:32 EST 2008
In my world, which is security analytics, the focus is more at the network
level. The percentage of HIDS that we manage vs NIDS and IPSs/IDPs is low.
Although I've some experience with HIDS, in most if not all cases the issue
is mainly that HIDS software is placed on high value targets such as
financial databases. Since the ACLs are usually locked down pretty tight on
such hosts, the analysts usually only see the alert itself and has no
permissions to actually validate the alert (although we typically phone the
customer and give them the alert details so that someone with the proper
credentials can investigate). This means that if you get some type of
kernel-based alert from the HIDS, you won't be able to delve further since
you are purposefully prevented access to a machine. This is the first time
I've ever seen someone looking for security analysts to have knowledge of
kernel level attacks. I'm looking at this from the managed security
perspective, though. I take it this job posting isn't an MSS organization.
The clearance requirement also hints at government contracting work. Will
this person be able to elaborate on what organization they are contracting
for? There are some pretty shoddy places around here that hire non-stop due
to a high turnover rate.
To be honest, I'm curious and am willing to attend a NOVALUG meet but I'm
currently happy where I'm at, so my attendance would probably be a waste of
I could certainly give hints at what the typical seasoned security analyst
looks for when seeking employment and can even refer coworkers looking for a
On Thursday 31 January 2008 09:18:52 Jay Hart wrote:
> To list:
> I posted about a month ago a job posting for Information Assurance
> positions, where the company is also looking for these individuals to be
> "linux gurus" and have a great/good knowledge of the Linux kernel.
> Also, the company (GD-AIS) needs these people to have a top secret
> clearance, but I think they would be willing to hire something with a
> The hiring manager, or a member of his team, is willing to come to a
> NOVALUG meeting and talk about what they are looking for with regards to
> skills, knowledge, etc.
> At a minimum, it would be:
> Must be knowledgeable in Information Assurance
> Must have at least a secret clearance
> Must be a "linux guru" (kernel??)
> Must have knowledge of the linux kernel
> If I get some interest that people on this list would be able to meet these
> criteria, then I would go forward and ask him to show up, otherwise I might
> be wasting his time.
> One final question: Does anyone know of a SIG or other group in the
> national capital region, where this skillset might be more prevalent?
> I am not getting any kind of compensation from this company in regards to
> this. I'm just trying to mate up our members skills, with a company looking
> for linux knowlegdeable people.
> Thanks for your time,
> Jay Hart
> Ma-linux mailing list
> Ma-linux at calypso.tux.org
r.o.n.ATw.i.g.g.l.i.t.c.o.m. (remove the required dots)
Linux Registerd User #180338
PGP/GPG Fingerprint: 1B29 13C3 754B 0275 997E 9F12 66AA C794 CFF0 F988
More information about the Ma-linux