Log in

No account? Create an account

Previous Entry | Next Entry

IronPort interview

I'm still very busy, so here's as much of the phone interview as I remember.

Which of the projects from your résumé is the most relevant to our company?

I talked about analyzing the AV traffic logs, click fraud, etc.

Interviewer wanted more specifics, e.g. platform, algorithms used, etc.

I described the configuration of the AV frontends (Resin on Linux), the routing shipping of logs, the use of the log headers to determine the fields (compared this to NCSA apache logs which are more difficult to interpret because some fields are not properly delimited; unfortunately, due to nervousness, didn't word this so well), the application of SEMPO criteria and how I wasn't pleased with it because I felt fraud could still occur (unfortunately forgot what the 'P' stood for, but remembered the website), and some other things I've written about. I also expressed disappointment that I couldn't do more due to a lack of resources and gave some examples of other techniques that could have been employed such as machine learning.

If you had as much resources as you needed, what would you have done?

In addition to what I wrote earlier, I said I'd give the advertisers more options, such as filtration of URLs and IP addresses, with the caveat that it might not catch all the fraud, and filter legit traffic. I also said I'd give other payment options, such as fixed fees. The guy mentioned that he thought the industry was moving more towards CPA, and I said CPC is still primarily used, but I'd offer that as an option also. The basic idea was to give the advertisers more control over their spend and reassure them that we are doing the best that can be done to fight fraud.

At Nominum, what protocols did you work with? I saw you did DNS ...

I described the code that took tcpdump traces, substituted new information (e.g. IP address), and was used to load test firewalls.

In the last five years, which was your favorite project?

In my mind, I briefly debated whether I should give an example of something I'd done before AV, but decided it was better to just answer the question, so I said I was most happy with the change of the log format to include the headers for identifying tokens.

Did you mentor people? If so, how?

Not formally (I was not a manager), but I gave guidance/input/advice as needed. I mentioned the thing that needed most to be communicated was that it was easy to fake lots of information that came across HTTP, so interpretation of results needs to be done with some caution. Example: just because the user agent says "Mozilla" doesn't mean it is.

If someone designed a security measure tying a cookie to an IP address, and it returned an error to the user (attempted fraud), what would you suggest to the designer?

I first mentioned that this doesn't even guarantee that there will be no fraud, because the machine could have been compromised. He had first asked the question in a somewhat different way than the question I wrote above, so when he reasked it and I asked for clarification, it occurred to me he might have been looking for the situation where addresses change because they're dynamically assigned through DHCP. So I said that, and added some info about how cookies in general aren't a good idea for security.

Do you have any more questions?

I asked if they'd been fully integrated into Cisco's dev and release environment. He said no; companies are pretty separate. I also asked what his project was.

So ... this one's kind of hard to call. I wish I'd thought of the DHCP answer right away. Other stuff – in general, I wish there were better things to say about working with the logs, but you already know that if you've been reading this for a while. In general, I don't like talking about that, but it makes sense for them to ask. I got the impression he was trying to figure out whether what I was working on at AV was something I really loved working on.

Overall, I was nervous, even before the call, and wished I could, if nothing else, relax. Two hours after the interview ended, while out shopping, I was still tense. My BP was 146/88. Sometimes, I think I just don't interview well, and that's just not the best way for someone to figure out if I'm a good match. (Granted, it's the way that is used.) As an example, even the best baseball players make outs 70% of the time. You might catch one on an 0-for-4 day. That doesn't mean they're not valuable to their (or your) team. But you need to look at historical trends to figure that out. Unfortunately, there isn't anything like this in assessing software engineers.


( 2 comments — Leave a comment )
Nov. 1st, 2007 12:57 pm (UTC)
That doesn't sound like it went badly.

I think phone interviews are hard. To me, the phone is the worst of both worlds in terms of communication - unlike with email or even instant messaging, you have to come up with what you say on the fly, and can't have long pauses while you sort out your thoughts. And you miss some of the tone, all of the body language and facial expressions, and other useful nuances of in-person communication.
Aug. 21st, 2009 05:18 am (UTC)
Iron Port Interview nce..in here the author saying about the protocol details.I know about the Internet Protocol i had checked the information of internet protocol address in ip-address.comnice.
( 2 comments — Leave a comment )