Originally posted by echo99
No security experience except giving, limiting, adding rights to profiles. Adding policies to groups, etc.
You're a windows guy. You can try for it, but you won't get it. Yes, I look at applications regularly.
CISSP is a set of letters that I'd jump at.
If you want to break out of the WIN-only crowd and get into security, look at Cisco PIX classes and/or certification. It is a good way to start thinking in a security manner instead of what WIN gives you.
Yes, Cisco and other boarder guys are VERY different and you have to live security to be worth a darn in that group.
Oh, some things I've asked for interviews. These are not necessarily position killers, even a wrong response, as long as the person's thinking can make me think better of the person.
What is a packet?
What is a packet filter?
What is stateful inspection?
How do you look for a stack smashing connection with only firewall logs?
What does code red look like when it hits your firewall?
What's the protocol that uses port 22?
Why are there assigned ports?
If your firewall allows a connection to port 80 and someone telnets to it, what happens? To the connecting computer? To the server? To the firewall?