good questions to know for security interviews?
jkstech
Member Posts: 330
what do you all think are some pretty good things you should or must know when interviewing for a security position?
I know you can really guess all things they may ask, but what are some things that you just "shouldn't go in without knowing" ?
thanks
I know you can really guess all things they may ask, but what are some things that you just "shouldn't go in without knowing" ?
thanks
get back to studying!!!
Comments
-
Smallguy Member Posts: 597most of the time your interview atleast initally will not be very technical
your best bet is to call the company and ask if it wil be a technical interview so yo can properly prepare
but in my experience it is usually just question liek what is your greatest flaw what is your greatest strength... etc all behavorial questions
if you have a 2nd interview thne you will probalby be asked technical questions. -
keatron Member Posts: 1,213 ■■■■■■□□□□Your best move here is to make sure you don't over state your experience. If you have no security experience, make sure you say that. In most cases your interviewer won't try to ask you stuff that would be clearly outside the scope of your stated experience. However, if you state you have 3 years of security experience and have none, get ready for a painful interview.
I've had way to many interviews where the potential candidate sends us a resume that reads like he's a security god, then get to interview and realize he's being interviewed by myself and a couple other people. They usually end up back pedaling and saying stuff like "I really don't have any real security experience..." I only make this point to make sure you understand that you yourself have a lot of power in dictating how the interview goes. Your resume, your statement, etc. For example, when I sit down to interview you and I look at your resume and I see no mention of any Pix experience, then I probably wont start hitting you with a bunch of Pix questions. I might ask if you've ever configured a Pix, or if you're familiar with it. Some candidates put Cisco 8550, Pix Appliances, etc etc on their resume, when in reality all they've ever done is watched someone configure one. So if you're clear in communicating your experiences on your resume, then the interview shouldn't be a problem (from a technical standpoint). If the experiences on your resume are not what the employer wants to talk about, chances are you wouldn't be in the interview to begin with. Just always be ready to explain in detail your resume and to explain how your experiences (as stated on your resume) will map to what's needed in the organization you're interviewing for. And make sure you ask as many questions as you can as well. This is another way for you to dictate the flow of some of the interview process.
Keatron. -
jkstech Member Posts: 330thanks alot fellas
yeah, it's a job that I want to apply for, I do not have extensive security experience outside of school (MCSE:SECURITY) and normal daily security stuff, but it is where I am trying to go, the reason I want to apply for the job is because they had so many and/or statements
like, degree or 3 yrs experience or certification or get certified within 3 yrs
so, I figured the "get certified within 3 yrs" shows the willingness to train, what do you think?get back to studying!!! -
keatron Member Posts: 1,213 ■■■■■■□□□□I would say go ahead a take a shot at the interview. Even if you find out you're not qaulified, the experience will be worth while, especially if this is your first security specific interview.
Keatron. -
jkstech Member Posts: 330yes, that is my reasoning, it would be nice to get it thoughvget back to studying!!!
-
Claud Murdock Inactive Imported Users Posts: 29 ■□□□□□□□□□Woa keatron, that was some AWSOME info! that will sure help me out for future reference.
btw: I had an interview for DISA last month, and they said within 3 months of starting I had to have those two DoD certs (IAM, and something else). Is this standard for InfoSec branched givernment ageny's??? I know you have to know the ISO standards like the back of your hand... -
JDMurray Admin Posts: 13,101 AdminHere's the SANS page defining the IAM and IAT levels: http://www.sans.org/training/dod8570.php
-
keatron Member Posts: 1,213 ■■■■■■□□□□Claud Murdock wrote:Woa keatron, that was some AWSOME info! that will sure help me out for future reference.
btw: I had an interview for DISA last month, and they said within 3 months of starting I had to have those two DoD certs (IAM, and something else). Is this standard for InfoSec branched givernment ageny's??? I know you have to know the ISO standards like the back of your hand...
Yes, this is very standard. An often times sub-contractors have to have the same. -
jkstech Member Posts: 330well turns out it was pretty harmless, they asked questions that would definately weed out the general IT applicant, but anyone with some networking knowledge and some study in info sec would have done well, I answered pretty much every question they asked, it was a good interview and they called me the same day for a follow-up....i'd really like to get this position as it is a great opportunity and the company seems to understand and value continuing education and certificationget back to studying!!!