One of the disadvantages about being the oldest in the group, apart from receding hair and growing stomach, is that I tend to get asked to do the technical part of the new candidate interviews. When we are doing lots of interviews as we are at the moment this can get a bit samey. In this present round I have had my boss sitting in and I think he is getting bored too; in fact he has taken to asking me to “throw in a scenario” or “do something different”.

The other snag is that I get to interview on topics I know very little about (a wide field!). Today I had to do an interview for a security position; something I know next to nothing about. Given my lack of knowledge I decided in the best architectural fashion to split security into areas and then build a scenario starting at the bottom and working up.

It appears to me that there are 4 main areas in security:

 

1.    On the Wire and keys (public, private, asymmetric, DES, RSA, Fractal, QKD)

2.    Authentication/ Authorisation Sub Systems (Gina, LSSA, SSPI) (Kerberos / PKI, trust and federation) WS-sec,

3.    Single Sign on / heterogeneous systems, agents, Directories / Identity and MIIS

4.    Application LDAP, ADSI

 

So after a few warm up questions on the advantage and disadvantages of fractal keys and what changes would be needed to Windows to add in non standard password encryption I kicked off with a banking scenario.

 

This was set around a very large bank which had a Mergers and Acquisitions strategy and had standardised on Kerberos but wanted to have a single user id and password across all its acquisitions. This led into Kerberos scalability and manageability and thence into PKI and discussions of the differences between trust and federation.

 

Next in the scenario the bank wanted to standardise around a SOA for applications which led to discussions around support for trust and federation in WS-Security.

 

Then in the scenario the bank wanted to provide single sign on across W2k, UNIX (LDAP) and Mainframe (RACF) systems which covered off agents and password update and synchronisation with a quick dip into directories and Host Integration Sever (one of my favourite products).

 

Finally the bank had employee data on CICS which it wanted to use to validate access to the HR application running on the UNIX system. This led into Identity Services and MIIS discussions with a quick look at AD extensibility and ADSI and ADO AD access

 

It was a fun scenario which my Boss enjoyed; I’m less sure about the candidate’s feelings. His comment was “That’s the first time I have looked at security in this way, it was very interesting and I learnt a lot”. Actually most people say they learn a lot in my interviews, I am not sure if that is a good or a bad thing!