Best Answer To Interview Question: Tell me about a cyber incident you investigated and stopped.
egrizzly
Member Posts: 533 ■■■■■□□□□□
What is the best answer to the interview question "Tell me about a cyber incident you investigated and stopped."
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Comments
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Best answer is a truthful retelling of an incident response that highlights your skills, composure, and thought process as you worked the incident.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
JDMurray Admin Posts: 13,101 AdminThe best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.
-
UnixGuy Mod Posts: 4,570 ModThere is no 'best answer', but what I *personally* love to hear is a practical example where the SANS incident response steps where followedUsually a phishing attack...how did you go on about all the incident response steps, what tools did you use, how did the triage go, lessons learned, etc.
-
E Double U Member Posts: 2,239 ■■■■■■■■■■I would only be able to give examples of incidents where I investigated, panicked, and escalated to someone more capableAlphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
egrizzly Member Posts: 533 ■■■■■□□□□□Awesome, nice ones. Thanks for all the tips and suggestions guys.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□JDMurray said:The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
JDMurray Admin Posts: 13,101 AdminiBrokeIT said:
...could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!