Best Answer To Interview Question: Tell me about a cyber incident you investigated and stopped.

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
What is the best answer to the interview question "Tell me about a cyber incident you investigated and stopped."
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Best answer is a truthful retelling of an incident response that highlights your skills, composure, and thought process as you worked the incident.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    There is no 'best answer', but what I *personally* love to hear is a practical example where the SANS incident response steps where followed

    Usually a phishing attack...how did you go on about all the incident response steps, what tools did you use, how did the triage go, lessons learned, etc.



    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • E Double UE Double U Member Posts: 2,239 ■■■■■■■■■■
    I would only be able to give examples of incidents where I investigated, panicked, and escalated to someone more capable :smile:
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Awesome, nice ones. Thanks for all the tips and suggestions guys.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    JDMurray said:
    The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.
    You could easily extend that logic to almost any cybersecurity question about your professional experience. Yes, a certain level of discretion is required however could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    iBrokeIT said:
    ...could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!
    If my former employer was the CIA, NSA, some other public-sector TLA, or a publicly-listed private-sector corp that had a very litigious attitude then I would certainly make it clear that anything I said in an interview would not represent my former employer. This would be especially difficult to do if all the work experience I was being interviewed for occurred at that one employer. There are actually many of us who are in this precious position.
Sign In or Register to comment.