Best Answer To Interview Question: Tell me about a cyber incident you investigated and stopped.
egrizzly
Member Posts: 533 ■■■■■□□□□□
What is the best answer to the interview question "Tell me about a cyber incident you investigated and stopped."
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Comments
-
iBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
Best answer is a truthful retelling of an incident response that highlights your skills, composure, and thought process as you worked the incident.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
JDMurray
Admin Posts: 13,090 Admin
The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way. -
UnixGuy
Mod Posts: 4,570 Mod
There is no 'best answer', but what I *personally* love to hear is a practical example where the SANS incident response steps where followedUsually a phishing attack...how did you go on about all the incident response steps, what tools did you use, how did the triage go, lessons learned, etc. -
E Double U
Member Posts: 2,233 ■■■■■■■■■■
I would only be able to give examples of incidents where I investigated, panicked, and escalated to someone more capable
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
egrizzly
Member Posts: 533 ■■■■■□□□□□
Awesome, nice ones. Thanks for all the tips and suggestions guys.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
-
iBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
You could easily extend that logic to almost any cybersecurity question about your professional experience. Yes, a certain level of discretion is required however could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!JDMurray said:The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
JDMurray
Admin Posts: 13,090 Admin
If my former employer was the CIA, NSA, some other public-sector TLA, or a publicly-listed private-sector corp that had a very litigious attitude then I would certainly make it clear that anything I said in an interview would not represent my former employer. This would be especially difficult to do if all the work experience I was being interviewed for occurred at that one employer. There are actually many of us who are in this precious position.iBrokeIT said:
...could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!
