Information Security Officer Interview Questions
633
Information Security Officer interview questions shared by candidates
How many years of formal CISO title do you have?
4 Answers↳
More than enough to call out a lazy leader
↳
I think nothing will change if all recruiters in the world are fired.
↳
Finally, we hired somebody after 6 months. With COVID-19, we will fire him soon. Seems like a looser who will not survive Less
what is an advantage of a domain?
4 Answers↳
On the contrary, that question can only be understood by an applicant who knows that “Domain” here refers to applying the ISO 27001 standard. It has nothing to do with your website. Less
↳
Central management and organization of a group of devices, users, and resources.
↳
This question was obviously asked by someone who knows nothing about security. What is an advantage of a domain? What type of domain were they asking about? Physical? The name in a DNS? A logically separated environment? You are lucky you were not hired. The VP in charge is unethical and intolerable. Most people there don't like or trust him but he is protected by the COO. Less
Can you talk more about symmetric vs asymmetric encryption.
2 Answers↳
Most of the questions that the recruiter had were vague, especially when it was advertised as an operational role. Less
↳
- symmetric encryption uses the same (secret) key for encryption and decryption; asymmetric - two different ones (public and private) - symmetric key is shared between communicating parties, which makes key distribution hard to scale (for N parties to talk to each other they need to estalish secret key for each possible pair - N-square problem) - asymmetric keys are easier to distribute: one keeps one's private key and publicly distributes the corresponding public key - symmetric crypto is typically stronger than asymmetric one for comparable key sizes - symmetric crypto is typically faster - it is common to use symmetric crypto to encrypt plaintext with some random (session) key and then pass this key encrypted with the recipient's public key - one can go on and on for hours - it is a vast subject Less
No questions were asked except for the personality test itself.
2 Answers↳
Rejected the job.
↳
Best way to get on at Teck? Have a graduate degree. OR be close friends or family of a manager. They love trades that do good and become managers or even, directors? okay, but you'd better have a bachelors as a technician and graduate degree for race21 Less
Je m'étais beaucoup préparé pour cet entretien , donc , il n'ya pas vraiment eu de surprise . mais j'ai eu droit à une série de question ou exercice liés aux questions techniques , ( il y'avait même des bouts de code à décrypter ..)
2 Answers↳
Il faut très bien se préparer , surtout si on doit rencontrer beaucoup de personnes comme ça été mon cas. je me suis préparée grace à des questions trouvées sur internet pour les entretiens chez nestlé et nespresso. Less
↳
Ou exactement
If you had an unlimited budget what controls would you implement?
2 Answers↳
Camera’s though out the building not only for security of the building but for the safety of my employees. Education for active shooter and practice these policies. Sexual harassment as well as work place violence. A security monitoring room preferably off premises. Quality Radio’s as there is a lot of dead spots for communication in a building of that size as well as material building construction equipment. Face to face relief. Check point location so you can verify that your security officer have checked all required locations Background checks on all new employees. Periodic drug testing. Can be done by the last 4 of there social security #. There is no place for security officers who are not alert and observant. Less
↳
I would also make sure the outside of the building is well lit and roving patrol making sure when employees safely leave the building and get to there cars safety Less
How do you change a culture of insecurity?
2 Answers↳
You have to impress upon people the urgency of protecting the information. I can't change the culture, culture change comes from executives. Less
↳
Most organizations can rationalize the basic need for security. Usually, if there is a cultural barrier it is because there has been high transactional cost in the past. If Security is seen as a barrier to staff doing their work, they will resist, and mightily. If you're trying to reset the culture, first ask about the experience of the staff and how they think about the workflow, the functionality of the IT system. With their feedback in mind, you can start to understand how to remove those blocks and develop influence over the culture. Less
