Best Answer To Interview Question: Tell me about a cyber incident you investigated and stopped.

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 490 ■■■■■□□□□□
What is the best answer to the interview question "Tell me about a cyber incident you investigated and stopped."
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • iBrokeITiBrokeIT GDSA, GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, Pen+, CySA+, Sec+, N+, A+, eJPT Member Posts: 1,315 ■■■■■■■■■□
    Best answer is a truthful retelling of an incident response that highlights your skills, composure, and thought process as you worked the incident.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON GCWN Linux+

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,542 Admin
    The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,397 Mod
    There is no 'best answer', but what I *personally* love to hear is a practical example where the SANS incident response steps where followed

    Usually a phishing attack...how did you go on about all the incident response steps, what tools did you use, how did the triage go, lessons learned, etc.



    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube Channel!

  • E Double UE Double U Member Posts: 2,033 ■■■■■■■■■■
    I would only be able to give examples of incidents where I investigated, panicked, and escalated to someone more capable :smile:
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA and more.

    2022 goal(s): CRISC, maybe CGEIT

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 490 ■■■■■□□□□□
    Awesome, nice ones. Thanks for all the tips and suggestions guys.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • iBrokeITiBrokeIT GDSA, GRID, GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, Pen+, CySA+, Sec+, N+, A+, eJPT Member Posts: 1,315 ■■■■■■■■■□
    JDMurray said:
    The best answer? Probably that you cannot say because it would risk exposing too much detail about your former client/employer's organization. Most hiring managers really wish their own reports would answer this question that way.
    You could easily extend that logic to almost any cybersecurity question about your professional experience. Yes, a certain level of discretion is required however could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON GCWN Linux+

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,542 Admin
    iBrokeIT said:
    ...could you imagine a interviewing a candidate that refused to tell you anything about their professional experience because it "could expose too much detail about their former client/employer's organization". Nonsense!
    If my former employer was the CIA, NSA, some other public-sector TLA, or a publicly-listed private-sector corp that had a very litigious attitude then I would certainly make it clear that anything I said in an interview would not represent my former employer. This would be especially difficult to do if all the work experience I was being interviewed for occurred at that one employer. There are actually many of us who are in this precious position.
Sign In or Register to comment.