These questions make security professionals sound pretty dumb. I'd look for someone who understands systems deeper than the people who build on them.
Here on HN, we look for credibility in terms of projects and businesses launched. The security world looks for community contributions and research.
These questions are too much like a vocabulary exam with extremely low expectations. If all you're looking for is someone who breathes and can tell the difference between HTTP and HTML--you're missing a lot that a real security professional can bring to the table.
[P.S. I reread the questions and now I know why this article bothers me--they sound like regurgitated certification questions. Monkies get certifications, hackers do stuff. Ask these questions when you want to hire a monkey. If you want someone who breathes security, hold them to the same standards you'd hold a developer to--ask them to show you something they've worked on.]
Here on HN, we look for credibility in terms of projects and businesses launched. The security world looks for community contributions and research.
These questions are too much like a vocabulary exam with extremely low expectations. If all you're looking for is someone who breathes and can tell the difference between HTTP and HTML--you're missing a lot that a real security professional can bring to the table.
[P.S. I reread the questions and now I know why this article bothers me--they sound like regurgitated certification questions. Monkies get certifications, hackers do stuff. Ask these questions when you want to hire a monkey. If you want someone who breathes security, hold them to the same standards you'd hold a developer to--ask them to show you something they've worked on.]