I need to interview CCIE R&S for a opening position in the company. I am told to do this because I am the most qualified R&S person in the company which is not true. I am a security person.
Nevertheless, I interviewed three CCIEs people so far and I asked them three questions:
Question #1: Give the candidate an output of tcpdump and ask him to explain the output
Question #2: How does eBGP with MD5 authentication work across the firewall? What must be taken into account for this to work?
Question #3: In eBGP multi-hop configuration, your BGP configuration looks correct and both BGP routers can ping each other and that tcp port 179 is allowed. The BGP configuration looks correct but BGP does not come up. What could be the problem?
None of the CCIE R&S folks I interviewed so far was able to answer these questions correctly. Is that normal?
What would be the typical questions to ask CCIE R&S in an interview?
Thanks in advance
It would be best to ask applicants questions related to the job that he/she will be doing in the company (technical or non-technical). More focus on the main job.
Asking applicant a question that is nothing to do with the job he/she will be doing in the company is not productive, what if the applicant able to answer all the questions correctly but when he/she started working on the job he/she cannot perform.
Doesn't matter what certification the applicant possess.
Answer is it depends. 2 of your questions are about BGP. Perhaps the CCIE's you interviewed were not that experienced with BGP or hadn't used it in a while. Just being a CCIE does not mean you have immediate recall on any routing or switching question.
I have done technical interviews before and one of the key things to remember is that a question is always easy to answer when you know the answer :-). So you can sit down and write out 20 questions based on what you know. To you they seem obvious, but maybe not to the person you are interviewing.
Also, as Dandy pointed out, the questions should be based on what you need them to do. If they need detailed knowledge of BGP then you can probably rule the above candidates out. But if they don't need to know BGP in any great detail your questions and their answers haven't really helped you to make a decision.
You may also want to consider more open ended questions such as
Explain how an MPLS network works in terms of switching traffic from A to B. This would focus more on their understanding of specific concepts than their knowledge of specific commands/problems.
I would rather choose to ask a candidate about conceptual question more into technology.
1- Choosing the right routing protocol, where and why in a particular situation, this could provide you with a complete candidate knowledge in routing protocols in particular Scinarios.
2- one question regarding a design, not purely designing questin but As to where to implement specific technology equipment and why. Those equipment could be Security equipment switches , routers ..etc.
3- what is the best way for example to connect Internet edges and why?
4- charaterstics and bestway for implementation, troublshooting and solving a problem.
**Dont focus only on particular subject, try to ask different technical questions related to diffesrent technology.
** your Question on BGP Md5 authentication should be known by every CCIE i think even if he is not a Security person** (Its one of the best questions to gather the interviewee security knowledge)**
I dont agree that your whole questions are the right ones cause it doesnt provide ypou with at least 80% of technical interviewee conceptual technology knowledge.
"I would rather choose to ask a candidate about conceptual question more into technology."
totally agree with this.
"** your Question on BGP Md5 authentication should be known by every CCIE i think even if he is not a Security person** (Its one of the best questions to gather the interviewee security knowledge)**"
I don't however agree on this. Quick search on CCO - "bgp firewall" and the first doc in the results tells you exactly what the issues of BGP/MD5 through a firewall are. If it's that quick and easy to look up does it really matter if they can remember it or not ?
what i meant is conceptual basic security knowledge not a config point of view.
you are saying quick search in the CCO with (BGP firwall) will remind you, but this depend on his knowledge in the first place about FW rule. If he doesnt know a Firewall would breack the Hash algorithm of the MD5 authentication related to the BGP , he wouldnt even search correctly or find the appropriate cco document for that. Am I correct?
Upon all, it is recommended to validate the 'presence of mind' of the Person (CCIE R&S) being interviewed :-)
Guru Prasad R.
I've been in the same situation. I'm not a CCIE but I've interviewed many who are. I typically get nowhere with the types of questions you're asking. I didn't understand why until I had an interview and got totally embarresed because I couldn't answer some questions.
I think i'm pretty good at what i do but you wouldn't know it by that performance.
Nowadays I ask the open ended and conceptual questions suggested earlier. With this knowledge as a foundation a good Engineer can figure out most things with a "?" and a trip to Google.
I think there is some problem with some company trying to hire a talent. There are more interested on how really good the applicant are, but sometimes that is not right, the applicant might be good in a lot of things but thus he fits the job requirement which in the first place the reason why the company is hiring? Do take note that there are people who are good during interview (technical or non-technical) and there are people who are good in writing their CV.
The company should know what they need and publish that information in the Job Ad. Don't just publish "we want a CCIE". What for you want a CCIE, what does you want a CCIE to do, how the CCIE can help your company, maybe a CCNP will fit the requirement? If you want a CCIE to reach the quota of number of CCIE to have a partnership with Cisco, you don't even need to interview them. Just hire them :)
The interviewer must know the requirement why they are hiring such talent and focus the interview more on the main job responsibilities. The interviewer must have a list of questions prepared and have scoring matrix (e.g. excellent, very good, good, poor) specially if you will be interviewing a lot of people as you may lost track which of the applicant excel during the interview.
For deep technical questions, I suggest to give the applicant a multiple choice exam. Have some respect, even people who study for months to take their certification exams, Cisco gives them multiple choice exams - and majority fails :)
Some basic interview questions like "how do you see yourself 5 years from now" should be leave to the preliminary interview by an HR personnel. I really don't know why interviewer still ask that questions nowadays, doesn't it sink to their brains that we are in 21st century and everybody have a goal, what for we live in this planet.
There are some aspects of the job that applicants though they do that everyday, they don't remember them like the back of their hands. I think I will be scared if an applicant will be able to answer my questions asking them detailing the commands to configure Remote Access VPN in a Cisco ASA Firewall. This suggests that the applicant either doesn't have a life or something else :)
When I'm hiring for a network professional, they know my requirement as published in the Job Ad. Of course they will tailored their CV to fit the requirement (only people who were born yesterday doesn't know that). I sort all applicants CV and ask several to come for interview whom their CV fits the requirement. They were already interviewed by HR and given a written exam which I prepared. During the interview, I ask them to tell me about themselves (to make them confortable first and also to know whether you can understand them when they speak) then ask them technical concept according to the expertise they claim in their CV (which is my requirement or they tailored to my requirement). For example, I need a network professional who have experience in OSPF, I first ask him a fairly easy question whether an ASBR router can be an ABR router. If he is able to answer that, I ask a more difficult technical concept question (still in OSPF). I will not ask the applicant for ISIS since we never use that in our network and don't have plans using it.
One of the most important about the applicants is their willingness to learn and their attitude. You should open this during interview and take note of their reply. For example, you should ask the applicant whether he/she is willing to learn other things as the job may requires from time-to-time, whether he/she is willing to work longer hours or be called back during non-office hours. You will be surprise in their answers, some of them you can be sure you won't need them no matter how they are good during technical interview.
You already have some excellent answers. I have done a few tech vets for various panels recently.
I think tech vetting is a difficult task - you want to try to find out about them, and often the aim is to separate people.
Asking something very specific does not help. All it does is tell you they know the answer. Hiring should not really dpend upon knowing the answer to one obscure fact, unless you are looking for lucky people
What I try to do is stick to comparatively mainstream technologies - the ones I have used most are OSPF and Spanning tree. I have also asked people about routing protocol selection. I have also given them a kit list, and said "we need to do a demo next week, what would you suggest out of that lot?"
The most recent questions I have used (selection panels for expert level cert training) have been asking for an outline of the different flavours of spanning tree, and courtesy of Jeff Doyle "Why does OSPF insist on all inter area traffic passing through the backbone" both of which give me a good chance to talk to them and figure out what they know and an idea of how they think.
Bear in mind that you are interviewing CCIEs. It is no an unreasonable assumption that they have a reasonable grounding in the networking basics, what you need to know is how they will fit with your organisation, and what they need to do.
As you've acknowledged, you don't really consider yourself as qualified in R&S as your potential CCIE R&S candidates. If true, using any list of rote technical questions, might only indicate how well your candidate does, or doesn't, know rote answers. As other posters have written, it would be better to attempt to assess conceptional knowledge, but this is much more difficult to do, especially if you don't have an equal or better level of understanding in the technical subject yourself.
What you might consider, if you have experience with any network consultants that you trust, which have a high level of technical expertise, ask them to technically assess your interesting candidates.
Besides technical expertise, you also need to assess whether the candidate's "chemistry" seems a good fit between your company and the individual. I'm sure you do this, but if you can rely on someone else for high level technical assessment, you can focus your efforts more on this aspect of the interview process.
In other words, you take on full responsibility for the "chemistry" aspect of the interview, and only pre-screen the technical requirements. You rely on your trusted consultant experts for an in depth technical assessment.
If you do try this approach, besides providing some criteria of technical expertize you expect your consultant(s) to ferret out, discuss with them why the believe they candidate is qualified or not.
Oh, if you need to "sell" such an approach to management, and they are concerned about the additional consultanting cost, remind them of the cost of getting it "wrong" at this level.
Thank you everyone for extremely helpful comments.
There were three CCIEs in the company. One CCIE works with R&S, one CCIE works with Voice and myself in security.
Two CCIEs left the company a few months ago. Now management want to outsource the Voice network and consolidate
R&S and security. In other words, they want the new CCIE R&S to be knowledgeable with Security as well and the
same goes for me as well. Company wants to save money by having just two CCIEs on staff and that both CCIEs
must be knowledgable with both R&S and Security. The salary is about 180k with 20% bonus. The job is located
in Philadelphia, PA. I will be responsible for hiring a new CCIE for this possition. My R&S skills are not
that bad. I did spend about five years on R&S prior coming over to security. The company is to have the new
employee train me on R&S and that I will train him or her about security.
My goal is to ask potential hiring candidates with about twenty questions about new emerging technologies in
R&S and security. My questions centers around OSPF, eIGRP, BGP, MPLS and layer-2 technologies. I will throw in
a few questions about security a long the way. I would expect at the CCIE level, candidates should also know
about other vendors such as Palo Alto, Checkpoint, Juniper and Extreme. Also at this level, I woud expect
candidates to be able to be good at troubleshooting as well such as intepreting output of tcpdump because this
is so fundamental to networking. Once they pass the first phase I of the interview, I will ask them to come back
for phase II of the interview which will involve a lab.
On phase II of the interview, candidate will have four hours to complete a lab scenario that I design. This lab
is a replica of our production environment. The lab has hardware from multiple vendors such as Cisco, Juniper,
Checkpoint, Extreme and Palo Alto. There will a "proctor" in the lab to help the candidate for products that
he/she is not familiar with. After four hours, I will grade the candidate on the spot on how he or she performed
on the scale from 1 to 100. Google will be available so that candidate can search for information he or she needed
to complete the lab.
With this approach, I have interviewed about four different CCIE R&S candidates so far and one only made it to
phase II of the lab. The R&S candidate that made it to the lab had problems with BGP, OSPF and other issues with
other vendors products such as Juniper SSL VPN and checkpoint products. I would not have known this during the
phase I interview because he sound so convincing.
Is my approach a sound one in screening and hiring candidate?
"Is my approach a sound one in screening and hiring candidate?"
I still think you are relying on things you know a lot about and expecting the candidates to be at the same level.
So your'e lab is a replica of your production system. You are obviously very familiar with your production system. You will understand why things have been done a certain way, how each device integrates into the whole. Even CCIE's who step into a new network need time to assess and become familiar with it.
You also say that you would expect CCIE's to have knowledge of other vendors. I wouldn't. If you want them to have that knowledge them include it in the job specification but also be prepared to accept that they may be lacking in that area. After all what is you are looking for, a good all rounder or an expert in Cisco technologies.
I agree with you that any CCIE should have good troubleshooting skills.
If only one has made it through to the lab stage then you may want to reassess your initial interview phase. Ask yourself why they are failing, what it is that means you are not happy with their performance.
And the one candidate who did make it to the lab had issues with the non cisco equipment so either your proctor isn't doing his job properly or you are expecting expertise not just from the Cisco side but also other sides.
If you need an expert in R&S then concentrate on that, not on whether they can configure Juniper/checkpoint etc.. That stuff can be picked up.
Finally it is really important that you personally get on with whoever you hire especially if you are meant to be cross training each other.
I strongly agree with Jon.
First of all, I agree with both that troubleshooting skills are very important as the will to learn and improve.
a)Even CCIE's who step into a new network need time to assess and become familiar with it.
this is true for every human being, but usually management doesn't understand this. But you as a tech person should.
You should be aware that the security world is more multi vendor oriented then backbone and that everyone is exposed to other technologies in the measure of their past and current job experience and environment
c) assessment and lab
You say that you would like to find a mate more focused on R/S area.
Don'y you think you are rather looking for a clone of you? (without intention but from an external point of view it looks like so).
By the way, are you the proctor for other technologies or another person?
If the new employee has to work with you, you should share with him/her the lab/demo experience to understand if you can work well together.
So I would suggest something more relaxed then a formal lab, where you test human interaction that is the most important part.
Hope to help