Senior Management Cybersecurity Interview Questions

Posted by Jeff Pelliccio on May 16, 2018 9:00:00 AM

In ICS insights, Interview Tips, Job Search Tips

If you're looking to secure employment as a cybersecurity professional, you'll need to be prepared for your interviews. There are many factors to consider when going in for an interview, including whether or not you're filling a new position or taking someone's place who has been let go or left on their own. You also need to consider the fact that the interview process is somewhat difficult for the hiring manager due to several reasons, including:

  • Expectations are set very high for cybersecurity professionals
  • Top-talent candidates often don't fall within budget
  • Filling a new position means the interviewer doesn't know exactly what he or she is looking for

Below are a few questions that you should be prepared for during an interview for a senior management role in cybersecurity. Along with the questions are ideal answers you could respond with.

What are the different types of data classification and why are they important?

In order for data to be defined, it needs to be separated according to various levels and categories. The exact categories that pieces of information will fall into will vary from one organization to another. Generally, though, data will fall into any of three following levels:

  • Top secret: If the information is leaked from this category, it could cause catastrophic events to the organization (example includes trade secrets)
  • Confidential: Information in this category is pertinent to company policies and processes
  • Public: This information is available to the public, such as in the form of newsletters

If a user needs admin rights to perform daily tasks, should the rights be granted?

A basic user is not typically granted admin rights so as to reduce the risk of security breaches. In certain cases, however, it may be best for admin rights to be granted. Still, it is a supervisor's responsibility to assess the situation and determine whether admin rights are necessary to the completion of the user's daily tasks. In the event that admin rights are granted, the user must sign a paper stating he or she understands the responsibility that comes along with having these rights. Many times, the best thing to do is to grant admin rights but only for a specified period of time. 

Should social media usage be allowed in the office?

Social media, when used properly, is a great way for employees to connect with one another, which is vital to office morale. During work hours, however, a read-only mode policy should be enforced. In the event that social media interferes with work activities, it should then be restricted on a per-employee basis. 

What different methods can be used to make employees aware of information relating to security policies and procedures?

(You will want to answer with at least two methods)

  • One way to ensure employees are made aware of security policies and procedures is by making security training mandatory. This training should take place within a new worker's first week of employment. In addition, new training should be provided on a yearly basis to ensure all workers are kept up-to-date on the latest security policies. The training itself can be conducted via several types of formats, including online or in a classroom setting. 
  • Another method for keeping employees aware of the latest security protocols is to send out frequent notifications, either in a newsletter or email format. 

When given the choice to use Open source software or licensed software to perform a task, which type is better?

From a security perspective, licensed software tends to make for the better choice. This type of software is usually easier to track through the organization, and it also helps a client to have a better sense of confidence in the organization regarding its software and practices. 

How often do security policies need to be revised?

Security policies should be reviewed on a regular basis, with a yearly review being the absolute minimum. When changes need to be made to the policies, detailed documentation of the changes should be created and stored in each policy's revision history file. In instances in which the changes affect the end user, then the end user needs to be notified of such changes. 

From a security viewpoint, what needs to be included in reports created by the CEO?

A report created by the CEO, or another officer on the CEO level, should be no more than two pages long, and it should include:

  • A summary of the organization's current state of security
  • Any quantified risks
  • Annual loss expectancy
  • Countermeasures that can be implemented to mitigate risks and loss

In which ways do risks need to be reported?

Before a risk is reported, it should be thoroughly assessed. There are two methods for performing risk assessment:

  1. Quantitative analysis
  2. Qualitative analysis

By performing both forms of risk assessment, this helps cater to the technical and administrative departments within the organization. If the risk is only being reported to a certain department, then only one type of analysis may be needed. Generally, though, performing both forms of analysis is recommended because it helps answer any questions that may arise after the risk has been reported. 

What qualifies as an incident and how would you manage it?

When something happens that compromises the security of the organization, this is considered an incident. To properly manage an incident, it must first be identified and reported. The incident reporting, management, and closure process usually go like this:

  • Identify the incident
  • Document details of the event
  • Investigate the incident and perform a root cause analysis
  • Create solution(s)
  • Alert all necessary departments and stakeholders
  • Perform remediation steps
  • Create a closure report and inform all involved parties

Do you consider social media to be secure?

There have been too many data leaks regarding social media to consider it completely secure. Most major platforms, though, such as Facebook, are still fine for use as long as users are taking necessary steps to protect themselves. Three ways to protect data on social media include:

  • Connecting only with trusted family, friends, and co-workers
  • Never upload confidential information (even when uploading it to a private profile or folder)
  • Update password on a regular basis

What are your thoughts on the chain of custody?

When data flows through a chain of custody, it needs to be documented who had access to it, when they accessed it, and their purpose for accessing it. If any of these three things are not documented, legal issues may arise. 

What is the best way to maintain a data archive?

Years ago -- many, many years ago -- data was stored in files and cabinets. Eventually, this form of data storage was replaced by magnetic tapes. When data is stored in this manner, though, it requires much maintenance. As we continue to become more technologically advanced, more organizations are turning to the use of cloud-based storage. And while data storage using the cloud is very efficient, it also comes along with data privacy issues. In order for it to be properly maintained, it needs to be archived using managed services. 

What are your views on BYOD?

Even though there is no single correct answer to this question, whichever side you fall on, you need to stick it and have strong justification for having such belief. 

Preparation is Key

While senior management roles can seem intimidating to interview for, it all lies in preparation. The same goes for cybersecurity. If you're in the process of looking for a new job, contact ICS. We can work with you to look for the perfect role and coach you through the process to a positive outcome. Check out our open roles today!

Search Jobs