Best Answer To Interview Question: Tell me about a cyber incident you investigated and stopped.

egrizzly

What is the best answer to the interview question "Tell me about a cyber incident you investigated and stopped."

Find more posts tagged with

interview question

incident investigation

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

iBrokeIT

Best answer is a truthful retelling of an incident response that highlights your skills, composure, and thought process as you worked the incident.

JDMurray

The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.

UnixGuy

There is no 'best answer', but what I *personally* love to hear is a practical example where the SANS incident response steps where followed

Usually a phishing attack...how did you go on about all the incident response steps, what tools did you use, how did the triage go, lessons learned, etc.

E Double U

I would only be able to give examples of incidents where I investigated, panicked, and escalated to someone more capable

egrizzly

Awesome, nice ones. Thanks for all the tips and suggestions guys.

iBrokeIT

JDMurray said:

The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.

You could easily extend that logic to almost any cybersecurity question about your professional experience. Yes, a certain level of discretion is required however could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!

JDMurray

iBrokeIT said:
...could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!

If my former employer was the CIA, NSA, some other public-sector TLA, or a publicly-listed private-sector corp that had a very litigious attitude then I would certainly make it clear that anything I said in an interview would not represent my former employer. This would be especially difficult to do if all the work experience I was being interviewed for occurred at that one employer. There are actually many of us who are in this precious position.