[Ma-linux] Looking for a particular Linux skillset with Information Assurance knowledge

Ron Sinclair ron at wigglit.com
Thu Jan 31 17:41:55 EST 2008 

[Mods, sorry about the double-postings via an unapproved e-mail account.]

In my world, which is security analytics, the focus is more at the network 
level.  The percentage of HIDS that we manage vs NIDS and IPSs/IDPs is low.  
Although I've some experience with HIDS, in most if not all cases the issue 
is mainly that HIDS software is placed on high value targets such as 
financial databases.  Since the ACLs are usually locked down pretty tight on 
such hosts, the analysts usually only see the alert itself and has no 
permissions to actually validate the alert (although we typically phone the 
customer and give them the alert details so that someone with the proper 
credentials can investigate).  This means that if you get some type of 
kernel-based alert from the HIDS, you won't be able to delve further since 
you are purposefully prevented access to a machine.  This is the first time 
I've ever seen someone looking for security analysts to have knowledge of 
kernel level attacks.  I'm looking at this from the managed security 
perspective, though.  I take it this job posting isn't an MSS organization.

The clearance requirement also hints at government contracting work.  Will 
this person be able to elaborate on what organization they are contracting 
for?  There are some pretty shoddy places around here that hire non-stop due 
to a high turnover rate.

To be honest, I'm curious and am willing to attend a NOVALUG meet but I'm 
currently happy where I'm at, so my attendance would probably be a waste of 
my time.

I could certainly give hints at what the typical seasoned security analyst 
looks for when seeking employment and can even refer coworkers looking for a 
change.

--
Ron

On Thursday 31 January 2008 09:18:52 Jay Hart wrote:
> To list:
>
> I posted about a month ago a job posting for Information Assurance
> positions, where the company is also looking for these individuals to be
> "linux gurus" and have a great/good knowledge of the Linux kernel.
>
> Also, the company (GD-AIS) needs these people to have a top secret
> clearance, but I think they would be willing to hire something with a
> secret.
>
> The hiring manager, or a member of his team, is willing to come to a
> NOVALUG meeting and talk about what they are looking for with regards to
> skills, knowledge, etc.
>
> At a minimum, it would be:
>
> Must be knowledgeable in Information Assurance
> Must have at least a secret clearance
> Must be a "linux guru" (kernel??)
> Must have knowledge of the linux kernel
>
> If I get some interest that people on this list would be able to meet these
> criteria, then I would go forward and ask him to show up, otherwise I might
> be wasting his time.
>
> One final question: Does anyone know of a SIG or other group in the
> national capital region, where this skillset might be more prevalent?
>
> I am not getting any kind of compensation from this company in regards to
> this. I'm just trying to mate up our members skills, with a company looking
> for linux knowlegdeable people.
>
> Thanks for your time,
>
> Jay Hart
>
>
> _______________________________________________
> Ma-linux mailing list
> Ma-linux at calypso.tux.org
> http://calypso.tux.org/cgi-bin/mailman/listinfo/ma-linux

More information about the Ma-linux mailing list