One of the friend asked this question in one of the popular forums, i thought I should keep copy of my answer in my blog as well.
What sort of interview questions can be asked in information security profile?
It depends on your role under information security profile, If you are ininformation security engineering role, questions will be more from tools andtechnologies and security audit and analysis methodologies. Questions may comefrom application security(OWASP TOP10), network security or computer forensics.
In the corporate world no one expects an information security engineer to bemaster of all the security disciplines.
Questions from different operating system techniques and popular web serversand information security architecture will be asked. Various operating system administrationdetails questions may surface. Vulnerability assessment is another topic whichcan be discussed.
Security consultant as a profession itself is about being specialist notjournalist. So solid understanding of how systems work is always appreciated. Inthe interview you should talk about the specifics of technologies, tools andmethods. High level overview may not help much. It’s not always about what cancome interview but it is also about projecting your knowledge and show them howthat can be beneficial for your company.
If you are in information security management role then you are expected toknow about different compliance, policies and standards like PCI-DSS,ISO 27000etc.
Some of the things that can help you to showcase your knowledge –
1. Your previous speaking assignments if any
2. Publications
3. Contribution on open source security tools.
4. Any interesting threat identification and preventionexample.
5. Industry certifications
And Yes very important thing – interviewer would definitely ask you about whatyou do to keep yourself updated on recent security incidents. Be prepared for that!
What sort of interview questions can be asked in information security profile?
It depends on your role under information security profile, If you are ininformation security engineering role, questions will be more from tools andtechnologies and security audit and analysis methodologies. Questions may comefrom application security(OWASP TOP10), network security or computer forensics.
In the corporate world no one expects an information security engineer to bemaster of all the security disciplines.
Questions from different operating system techniques and popular web serversand information security architecture will be asked. Various operating system administrationdetails questions may surface. Vulnerability assessment is another topic whichcan be discussed.
Security consultant as a profession itself is about being specialist notjournalist. So solid understanding of how systems work is always appreciated. Inthe interview you should talk about the specifics of technologies, tools andmethods. High level overview may not help much. It’s not always about what cancome interview but it is also about projecting your knowledge and show them howthat can be beneficial for your company.
If you are in information security management role then you are expected toknow about different compliance, policies and standards like PCI-DSS,ISO 27000etc.
Some of the things that can help you to showcase your knowledge –
1. Your previous speaking assignments if any
2. Publications
3. Contribution on open source security tools.
4. Any interesting threat identification and preventionexample.
5. Industry certifications
And Yes very important thing – interviewer would definitely ask you about whatyou do to keep yourself updated on recent security incidents. Be prepared for that!
Comments
Post a Comment