A very senior guy comes in the room where I am with a very concentrated look on his face and my resume in his hand. On my resume its mentioned that I have a lot of experience bringing security relevant concepts to inexperienced people.
So he describes a problem hes actually working through when he was "interrupted" to come interview me. He was trying to terminate an SSL connection, modify the stream (for video manipulation) and send it along to the client. I explained public key and how what he wanted to do was called a MitM attack and how he couldn't continue on the stream without the private key of the server. We had a real conversation with me explaining (to a very smart guy) so he could completely understand everything he "needed" to know to solve the problem he was working on.
I got the job. It was the only interview I've had where I really felt they were asking me something relevant to the work and the kind of work I would be required to do. I ended up having to write Symbian OS code, which I had no prior experience in.
TBH most of the comments so far are the interview questions I hate as they have no relevance to anything I care about or will ever be asked to do.
> I got the job. It was the only interview I've had where I really felt they were asking me something relevant to the work and the kind of work I would be required to do.
This is the interview method espoused in Reinventing the Interview:
Was it for a senior position or a very highly respected company? The companies I've applied to and interviewed with (not all) would ask me questions that were very specifically on my resume (I'm very confident the interviewers didn't even spend 30 seconds looking at the resume).
A very senior dev had to be explained he couldn't do a man-in-the-middle attack on an encrypted stream without the server's private key? With all due respect and I don't know much about security but something seems off, maybe you haven't explained the whole story or maybe I'm getting something wrong.
I think the implication is that the senior dev conducting the interview wasn't really interrupted (hence the quotes around the word) and that it was just how the realistic interview question was presented.
senior means different things in different places. More and more developers are considered "senior" just because of experience building basic web apps, doesn't mean they have a deep understanding of http/s, public/private key cyrpto, etc...
Not a good thing, but thats how it is some places.
This doesn't require a deep knowledge of https or public/private crypto though. It requires a very basic knowledge of how encryption works. Although to be fair, you can go a long way without that knowledge.
So he describes a problem hes actually working through when he was "interrupted" to come interview me. He was trying to terminate an SSL connection, modify the stream (for video manipulation) and send it along to the client. I explained public key and how what he wanted to do was called a MitM attack and how he couldn't continue on the stream without the private key of the server. We had a real conversation with me explaining (to a very smart guy) so he could completely understand everything he "needed" to know to solve the problem he was working on.
I got the job. It was the only interview I've had where I really felt they were asking me something relevant to the work and the kind of work I would be required to do. I ended up having to write Symbian OS code, which I had no prior experience in.
TBH most of the comments so far are the interview questions I hate as they have no relevance to anything I care about or will ever be asked to do.