I was 9 years old and my third grade teacher was Mr. Radnitzer. I’ve searched for his first name, but after 30-ish years those records are long gone. I want to say his first name was Karl, but that’s a blind guess. He looked like a Karl though. He wasn’t impressed with my elevated reading level and vocabulary, he wanted to know why I was behind in math and all of my trying to talk my way out of it wasn’t going to fly. I was lucky growing up, I think every teacher in every year had engaged me in some way and been tenacious in getting me to push where I was weak. Mr. Radnitzer wasn’t content to just give me bad grades on incomplete homework, he’d make me stay after and sit with me, and make me talk through problems. If that was all he’d done for me I’d be pretty lucky, but there’s one other thing I remember that forever changed how I approach pretty much everything.
That year was the year that I got introduced to the Scientific Method. I think it was the simple exercise of picking a hypothesis about why a given thing happened, and then we’d talk through how you’d test it. And we did that and it was cute and then we were done with it. And in subsequent years other teachers put more emphasis on it and pushed us to approach things in that way. But Mr. Radnitzer planted the seed. I hadn’t realized it until much later in life, but all of that emphasis on approaching every new thing in a scientific way has made me successful not only as a systems and security admin, but in so many other areas of my life.
I was talking to a longtime friend about how we handled interviewing and hiring candidates for systems, security, database, or any other kind of admin. We tested their technical skills, made sure that what they claimed on their resume was true, and that usually didn’t take that long. But we both had a stringent requirement that the person had to have an “analytical mindset” and we we’d ask probing questions to try and get them to demonstrate it. I’d put the candidate on shaky ground and see how they did.
“I’m aware you don’t have experience with this skill yet, but if someone told you that only VOIP wasn’t working between one site and another, but normal data was flowing through, what things would you do to approach the problem?”
I’d ask database admins this question, or OS admins who weren’t being hired for anything related to network or voice troubleshooting. And you’d look for lots of things besides just the technical approach to the problem itself.
- Was the candidate comfortable in what they knew and what they didn’t know, or would they attempt to attack the assertion that they didn’t know the given skill? Would they claim expertise on a skill they hadn’t mastered yet?
- When they approached the problem, would they immediately test the facts/constraints they were given?
- Would the candidate ask if they had other help to pull from, either a coworker or a support contract to assist?
- Did they ask to clarify the urgency of the problem and address the issue differently based on the urgency?
The problem didn’t have an answer, it didn’t really need one, it was a simulation to see how a given person approached the unknown. We were looking for people who were not only comfortable but fascinated with the unknown, and had some experience approaching it in a way that gave them a good foothold as quickly as possible. Those people, assuming they passed other socialization tests (i.e. not an asshole) and have demonstrated enough self-discipline to get themselves cleaned up and to work on time regularly, are the people you want alongside you when the defecate hits the oscillator.
As I’ve been looking back over my career and trying to figure out what I can bring to an InfoSec position, I realized that saying “I think on my feet” is only part of the equation. I have a lifetime of observation, hypothesis, testing, and re-evaluation that defines how I look at and interact with the world. And I owe it at least in part to my third grade teacher, Mr. Radnitzer.