Interview Questions

There's been a lot of ink put toward resume recommendations and preparing for interviews over the years, and I feel like there's been even more lately, given the number of folks looking to transition to one of the cybersecurity fields, as well as tech layoffs we've seen since last year.

One of the topics I don't really see being addressed is questions you, the interviewee, can ask of the interviewer when it's your turn. As an interviewee, you're probably preparing yourself for the technical questions you're likely to face, but there are other aspects to the role.

I was once in a role where an organization was trying to start a consulting arm, so they hired a manager and one or two technical folks in each of two offices. Not long after starting, I found that the analyst in the other office was going to conduct a pen test for a customer; that analyst had previously worked at ISS, where they'd installed the RealSecure IDS product for that customer. I won't bore you with the drama, but suffice to say that I was able to get a copy of the "pen test" report; the engagement amounted to nothing more than running ISS's Internet Scanner product against the customer systems. As our team hadn't generated revenue yet, we didn't have any licenses for ISS's, nor anyone else's products. As such, the license used to run Internet Scanner was hacked, which the RealSecure product could detect. I gave notice after I found out that management had no intention of addressing the issue.

So, a question to ask interviewers at both the technical and management level is, you find out that tools were used on an engagement without valid licenses...what do you do?

Other questions you could ask include:

You find out that tools used on an engagement were run outside the bounds of the license agreement; what do you do?

You find out that a DFIR report or SOC ticket (depending upon the role you're interviewing for) submitted to a customer is grossly incorrect; not just "it could be misinterpreted" but what was reported to the customer was just flat out wrong. What do you do?

As the interviewee, the answers to these questions will give you insight into what to expect at the organization, should you accept an offer. 

However, interviewers can also ask these questions, and gain insights themselves.

And yes, these questions are based on my experiences in the field.

Article Link: Windows Incident Response: Interview Questions