infosec interview

fredmoo

hi all -  I have an upcoming in-person interview with 2 persons (CIO & COO) with a small federal agency for a GS-11 infosec position.

here's duties summary:

Responsibilities

As an IT Specialist, you will be responsible for:

• Identifying and mitigating IT system vulnerabilities through testing, audits, and network assessments;
• Evaluating new IT systems and products to determine their supportability and impact on IT security and the network;
• Creating system security contingency plans and data recovery procedures;
• Developing a variety of system compliance documentation and similar reports on network security compliance for delivery to management;
• Collaborating with end users to understand their technical needs and identifying areas where there may be security vulnerabilities; and
• Preparing and delivering training to end users on information security requirements
  

What kind of questions can I expect them to ask?  thanks in advance for your help.

Meggo

I am not an IT hiring manager by any stretch, but this article on our Resources website is one of our top performing pieces. Hopefully this helps you prepare for your interview. Good luck! 

https://resources.infosecinstitute.com/top-50-information-security-interview-questions/

soccarplayer29

I'd suggest you prepare for the following topics:
1) FISMA
2) NIST 800-53
3) POA&Ms
4) Contingency best practices (backups, failover, etc.)
5) Vulnerability scanning processes
6) Patch management
7) How do you evaluate/procure new products

beads

Be prepared to discuss what packages you have used for say vulnerability scanning like Qualys. How have you handled patching Microsoft systems: WSUS, individual machines, everyone for themselves? What are the pros and cons of each and why? No one is asking you to build Rome but how you have worked and interacted with the tools at hand.

Most of what you have listed are normal day to day questions requiring answers that show how comfortable you are with the material at hand as well as you actual interest in working with these technologies in general. Its easy for an experienced hiring manager to tell if your really interested in the position when you follow through with answers that go beyond just answering the question but by making the answer better than asked. Be honest about your abilities and willing to learn both on your own as well as on job. Enthusiasm while being professional scores big points. Geeking out too much and you sound like a tech-zealot or something.

Good board to ask these questions, though. Please follow up.

p0sitron_col1dr

The Cyber Mentor appears to have a couple of YouTube videos on his channel that specifically covers Ethical Hacking job interviews and/or mock interviews.

JDMurray

If you can talk costs and budgets and other non-technical aspects of business you will impress any CxO. Any advanced Excel skills you can demo are also useful to "wow" the business-side of the house.

LordQarlyn

Since this post is nearly a year old, I'll ask how did the interview go?

TechnicalJay

LordQarlyn said:

Since this post is nearly a year old, I'll ask how did the interview go?

Is all you do spam these forums? He hasn't been active since Jan 7 2019.

LordQarlyn

TechnicalJay said:

LordQarlyn said:

Since this post is nearly a year old, I'll ask how did the interview go?

Is all you do spam these forums? He hasn't been active since Jan 7 2019.

Is all you do is stalk and harass people looking for things to whine about? I'm not the one who revived this necro thread lol.

TechnicalJay

LordQarlyn said:

TechnicalJay said:

LordQarlyn said:

Since this post is nearly a year old, I'll ask how did the interview go?

Is all you do spam these forums? He hasn't been active since Jan 7 2019.

Is all you do is stalk and harass people looking for things to whine about? I'm not the one who revived this necro thread lol.

Considering I only look at most recent threads on the homepage and was going down the list. No not at all.