Posted Mar 24, 09:00 AM by ben
The last time I went through the interviewing phase I did some googling and certainly stole some of the better ideas out there.
I’ve began building on top of my “top ten” list of interview questions to try and get at a more fundamental comprehension level understanding. I’m doing this by applying Bloom’s taxonomy. This is what is typically used to reinforce certain levels of knowledge in the learning process. For instance, asking a candidate “What is DNS?” is a ‘knowledge’ level question while “Describe the functions of DNS and point out security flaws or implications to poor implementations of it that could exist” is a question that challenges the candidates knowledge and analyzing capability. My layman’s understanding of this taxonomy is that the above question would fall under the Evaluate classification. I took the time to write down the taxonomy breakdowns in my moleskin as a future reference.
Can you tell my wife is a teacher?
Commenting is closed for this article.
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS
I think Bloom’s levels have a lot of overlap.
Ignoring that, you have to be careful not to confuse a subject’s response to your smarter DNS question for Evaluation when it is really just Comprehension.
Comprehension is especially nasty in infosec because it leads to the continuation of infosec myths from the bad old days.
(I think we are still in the bad old days)
— Grant · Mar 24, 09:55 AM · #
Having overlap does not make it irrelevant or un-useful.
The idea is that there are varying ways to ask a question that can allow you to better surmise their comprehension level. Having them come up with scenarios or judge the value of something has a greater value than them repeating “defense in depth” “not security through obscurity” and other tag lines.
I’m not sure if your comment is opposed, in agreement, or what.
— ben · Mar 25, 08:52 AM · #