Solved

CISSP interview questions

Posted on 2007-03-20
13
5,104 Views
Last Modified: 2013-11-29
Hello,

I am aspiring for an Information Security Managerial role. I have been working on technical part all this while and never attended a management interview. Can you give some input on what kind of question can be asked during a CISSP or Information Security Management interview.

regards,
empit
0
Comment
Question by:empit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 18762333
Empit, are you a CISSP in good standing order?
If not, I can only advise you to take your experience, start studying and get certified as a CISSP.
Or if you are in a hurry: go out and grab this book immediatly: CISSP All In One Exam Guide 3-rd Edition by Shon Harris. This will give you a profound idea of what security management is about. It also contains many sample questions showing youAnd if you get that role, get certified as soon as possible. Please don't try to post as being a CISSP if you are not. You'll probably fall short very soon and take a hard beating.

If you are a CISSP, then you already know how wide the CBK is and also how to look at things. Just think back to the type of questions on the exam.

J.
0
 
LVL 2

Expert Comment

by:tellkeeper
ID: 18781165
I agree with all of what PowerIT says but would like to add that if you are a more technical person then, let's say, management, you might want to look into Gsec offered by GIAC. This test is getting more notice lately in the technical realm. You might find it to be more your style.
   As for interview questions, they are probably going to want to know your point of view on a lot of things. This will probably consist of how you would secure this or how you would change what they already have in place. Understand the common misconception about CISSP is that it deals only with IT. This cert if for the total security of information to include all threats (fire, intruders, etc.). I doubt if they are looking for a CISSP that they will be asking only IT related questions so know your stuff in all the areas the CISSP covers. I hope this helps.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18782556
Tellkeeper is right that CISSP is more then only the technical part. So if you are really aspiring a mgmt role, then it could be the right thing. The CBK has 10 domains.
 Access Control
 Application Security
 Business Continuity and Disaster Recovery Planning
 Cryptography
 Information Security and Risk Management  
 Legal, Regulations, Compliance and Investigations  
 Operations Security  
 Physical (Environmental) Security
 Security Architecture and Design  
 Telecommunications and Network Security  

J.
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 11

Expert Comment

by:billwharton
ID: 18804349
Your best bet is to access www.cccure.org
They have tons of practice questions and I know a lot of CISSP's got their certs by practicing day and night on this website. I myself used it and you should continue taking their practice tests till you score upwards of 85.

Good luck ;)
0
 
LVL 20

Expert Comment

by:What90
ID: 18929219
Management questions focus on your people skills and being able to relate technical to the business operations.

Some of security management skills focus on understand risk models and COBIT, ITIL & ISO 17799:2005 and applying those to the business, being able to explain risk and problems to the non-technical management. Think reports, presentation and speaking skills.

The CISSP helps gives you a vocabulary to mixing in the two skill sets and not sound like complete weirdo.  

You'd need to be able to come across as someone who understands the technology and be able to relay how best to protect the business.

There's a couple of good podcasts you could listen to get a feel of management speak if you're not versed in it. I like these guys: http://www.manager-tools.com/
0
 

Author Comment

by:empit
ID: 18939333
Thank you What90. This is the kind of response I was looking for. I don't know why my question sounded different. If I am not a CISSP why in the first place shall I aspire for a Info. Sec. Managerial role. Any more valuable feedbacks ?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18939625
Mmmm, I'll probably misinterprete this question again ;-)
But, you are NOT a CISSP and you also question WHY you should aspire an infosec mgr.
Why this question then?

J.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 18939719
LOL, I'm totally confused too. Mr.Author - please be more clear about what you're looking to find out.
0
 
LVL 20

Accepted Solution

by:
What90 earned 500 total points
ID: 18943281
empit - I know a lot of folk that aren't CISSP's or have a security cert that run are Info Sec management. They do have the skills and ability to make it look easy though.

The CISSP cert on a CV is the lazy HR way of ticking a box.  It's very useful to have and I still believe valid to have for the aspiring Sec Info folk, but not 100% required for those management roles.

If you have the technical skills, focus yourself on the management part. Find a friendly manager and practice on them giving presentations or risk assessments and ask for honest feedback.
If you have training at your workplace, go on the people skills ones. Talking to management is mostly about confidence and having a plan what to say, especial when it not good news :-)

Print off a couple of job ads you're interested in and look at the requirements for the role, chop them up in to what you can do now and what you can't do. Train/read up/practice those areas you are weak in.

Bill and PowerIt - I've got a couple of friends asking the same type of question about breaking in to the management roles and all they say is CISSP every third word, as they believe it the only requirement to break in.
I try to tell them the certs are great, but their skills, experience and knowledge is the things that will keep them employed after the interview. That and not setting the place on fire in their first week :-)

   
0
 

Author Comment

by:empit
ID: 18956638
Thanks again what90. Your techniques sounds promising.

Bill, PowerIT, did I ever say that I am not a CISSP. I cleared the cleared the certification and now I am a CISSP too. However I am not convinced certification is going to give you all the knowledge that you may need
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18957225
Well, it's getting to dawn on me ;-)
Probably a difference in culture of management style which makes me misunderstand your question.
Another lesson learned!

J.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question