?
Solved

CISSP interview questions

Posted on 2007-03-20
13
Medium Priority
?
5,135 Views
Last Modified: 2013-11-29
Hello,

I am aspiring for an Information Security Managerial role. I have been working on technical part all this while and never attended a management interview. Can you give some input on what kind of question can be asked during a CISSP or Information Security Management interview.

regards,
empit
0
Comment
Question by:empit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 18762333
Empit, are you a CISSP in good standing order?
If not, I can only advise you to take your experience, start studying and get certified as a CISSP.
Or if you are in a hurry: go out and grab this book immediatly: CISSP All In One Exam Guide 3-rd Edition by Shon Harris. This will give you a profound idea of what security management is about. It also contains many sample questions showing youAnd if you get that role, get certified as soon as possible. Please don't try to post as being a CISSP if you are not. You'll probably fall short very soon and take a hard beating.

If you are a CISSP, then you already know how wide the CBK is and also how to look at things. Just think back to the type of questions on the exam.

J.
0
 
LVL 2

Expert Comment

by:tellkeeper
ID: 18781165
I agree with all of what PowerIT says but would like to add that if you are a more technical person then, let's say, management, you might want to look into Gsec offered by GIAC. This test is getting more notice lately in the technical realm. You might find it to be more your style.
   As for interview questions, they are probably going to want to know your point of view on a lot of things. This will probably consist of how you would secure this or how you would change what they already have in place. Understand the common misconception about CISSP is that it deals only with IT. This cert if for the total security of information to include all threats (fire, intruders, etc.). I doubt if they are looking for a CISSP that they will be asking only IT related questions so know your stuff in all the areas the CISSP covers. I hope this helps.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18782556
Tellkeeper is right that CISSP is more then only the technical part. So if you are really aspiring a mgmt role, then it could be the right thing. The CBK has 10 domains.
 Access Control
 Application Security
 Business Continuity and Disaster Recovery Planning
 Cryptography
 Information Security and Risk Management  
 Legal, Regulations, Compliance and Investigations  
 Operations Security  
 Physical (Environmental) Security
 Security Architecture and Design  
 Telecommunications and Network Security  

J.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 11

Expert Comment

by:billwharton
ID: 18804349
Your best bet is to access www.cccure.org
They have tons of practice questions and I know a lot of CISSP's got their certs by practicing day and night on this website. I myself used it and you should continue taking their practice tests till you score upwards of 85.

Good luck ;)
0
 
LVL 20

Expert Comment

by:What90
ID: 18929219
Management questions focus on your people skills and being able to relate technical to the business operations.

Some of security management skills focus on understand risk models and COBIT, ITIL & ISO 17799:2005 and applying those to the business, being able to explain risk and problems to the non-technical management. Think reports, presentation and speaking skills.

The CISSP helps gives you a vocabulary to mixing in the two skill sets and not sound like complete weirdo.  

You'd need to be able to come across as someone who understands the technology and be able to relay how best to protect the business.

There's a couple of good podcasts you could listen to get a feel of management speak if you're not versed in it. I like these guys: http://www.manager-tools.com/
0
 

Author Comment

by:empit
ID: 18939333
Thank you What90. This is the kind of response I was looking for. I don't know why my question sounded different. If I am not a CISSP why in the first place shall I aspire for a Info. Sec. Managerial role. Any more valuable feedbacks ?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18939625
Mmmm, I'll probably misinterprete this question again ;-)
But, you are NOT a CISSP and you also question WHY you should aspire an infosec mgr.
Why this question then?

J.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 18939719
LOL, I'm totally confused too. Mr.Author - please be more clear about what you're looking to find out.
0
 
LVL 20

Accepted Solution

by:
What90 earned 2000 total points
ID: 18943281
empit - I know a lot of folk that aren't CISSP's or have a security cert that run are Info Sec management. They do have the skills and ability to make it look easy though.

The CISSP cert on a CV is the lazy HR way of ticking a box.  It's very useful to have and I still believe valid to have for the aspiring Sec Info folk, but not 100% required for those management roles.

If you have the technical skills, focus yourself on the management part. Find a friendly manager and practice on them giving presentations or risk assessments and ask for honest feedback.
If you have training at your workplace, go on the people skills ones. Talking to management is mostly about confidence and having a plan what to say, especial when it not good news :-)

Print off a couple of job ads you're interested in and look at the requirements for the role, chop them up in to what you can do now and what you can't do. Train/read up/practice those areas you are weak in.

Bill and PowerIt - I've got a couple of friends asking the same type of question about breaking in to the management roles and all they say is CISSP every third word, as they believe it the only requirement to break in.
I try to tell them the certs are great, but their skills, experience and knowledge is the things that will keep them employed after the interview. That and not setting the place on fire in their first week :-)

   
0
 

Author Comment

by:empit
ID: 18956638
Thanks again what90. Your techniques sounds promising.

Bill, PowerIT, did I ever say that I am not a CISSP. I cleared the cleared the certification and now I am a CISSP too. However I am not convinced certification is going to give you all the knowledge that you may need
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18957225
Well, it's getting to dawn on me ;-)
Probably a difference in culture of management style which makes me misunderstand your question.
Another lesson learned!

J.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question