Solved

CISSP interview questions

Posted on 2007-03-20
13
5,040 Views
Last Modified: 2013-11-29
Hello,

I am aspiring for an Information Security Managerial role. I have been working on technical part all this while and never attended a management interview. Can you give some input on what kind of question can be asked during a CISSP or Information Security Management interview.

regards,
empit
0
Comment
Question by:empit
  • 4
  • 2
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 18762333
Empit, are you a CISSP in good standing order?
If not, I can only advise you to take your experience, start studying and get certified as a CISSP.
Or if you are in a hurry: go out and grab this book immediatly: CISSP All In One Exam Guide 3-rd Edition by Shon Harris. This will give you a profound idea of what security management is about. It also contains many sample questions showing youAnd if you get that role, get certified as soon as possible. Please don't try to post as being a CISSP if you are not. You'll probably fall short very soon and take a hard beating.

If you are a CISSP, then you already know how wide the CBK is and also how to look at things. Just think back to the type of questions on the exam.

J.
0
 
LVL 2

Expert Comment

by:tellkeeper
ID: 18781165
I agree with all of what PowerIT says but would like to add that if you are a more technical person then, let's say, management, you might want to look into Gsec offered by GIAC. This test is getting more notice lately in the technical realm. You might find it to be more your style.
   As for interview questions, they are probably going to want to know your point of view on a lot of things. This will probably consist of how you would secure this or how you would change what they already have in place. Understand the common misconception about CISSP is that it deals only with IT. This cert if for the total security of information to include all threats (fire, intruders, etc.). I doubt if they are looking for a CISSP that they will be asking only IT related questions so know your stuff in all the areas the CISSP covers. I hope this helps.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18782556
Tellkeeper is right that CISSP is more then only the technical part. So if you are really aspiring a mgmt role, then it could be the right thing. The CBK has 10 domains.
 Access Control
 Application Security
 Business Continuity and Disaster Recovery Planning
 Cryptography
 Information Security and Risk Management  
 Legal, Regulations, Compliance and Investigations  
 Operations Security  
 Physical (Environmental) Security
 Security Architecture and Design  
 Telecommunications and Network Security  

J.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 18804349
Your best bet is to access www.cccure.org
They have tons of practice questions and I know a lot of CISSP's got their certs by practicing day and night on this website. I myself used it and you should continue taking their practice tests till you score upwards of 85.

Good luck ;)
0
 
LVL 20

Expert Comment

by:What90
ID: 18929219
Management questions focus on your people skills and being able to relate technical to the business operations.

Some of security management skills focus on understand risk models and COBIT, ITIL & ISO 17799:2005 and applying those to the business, being able to explain risk and problems to the non-technical management. Think reports, presentation and speaking skills.

The CISSP helps gives you a vocabulary to mixing in the two skill sets and not sound like complete weirdo.  

You'd need to be able to come across as someone who understands the technology and be able to relay how best to protect the business.

There's a couple of good podcasts you could listen to get a feel of management speak if you're not versed in it. I like these guys: http://www.manager-tools.com/
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:empit
ID: 18939333
Thank you What90. This is the kind of response I was looking for. I don't know why my question sounded different. If I am not a CISSP why in the first place shall I aspire for a Info. Sec. Managerial role. Any more valuable feedbacks ?
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18939625
Mmmm, I'll probably misinterprete this question again ;-)
But, you are NOT a CISSP and you also question WHY you should aspire an infosec mgr.
Why this question then?

J.
0
 
LVL 11

Expert Comment

by:billwharton
ID: 18939719
LOL, I'm totally confused too. Mr.Author - please be more clear about what you're looking to find out.
0
 
LVL 20

Accepted Solution

by:
What90 earned 500 total points
ID: 18943281
empit - I know a lot of folk that aren't CISSP's or have a security cert that run are Info Sec management. They do have the skills and ability to make it look easy though.

The CISSP cert on a CV is the lazy HR way of ticking a box.  It's very useful to have and I still believe valid to have for the aspiring Sec Info folk, but not 100% required for those management roles.

If you have the technical skills, focus yourself on the management part. Find a friendly manager and practice on them giving presentations or risk assessments and ask for honest feedback.
If you have training at your workplace, go on the people skills ones. Talking to management is mostly about confidence and having a plan what to say, especial when it not good news :-)

Print off a couple of job ads you're interested in and look at the requirements for the role, chop them up in to what you can do now and what you can't do. Train/read up/practice those areas you are weak in.

Bill and PowerIt - I've got a couple of friends asking the same type of question about breaking in to the management roles and all they say is CISSP every third word, as they believe it the only requirement to break in.
I try to tell them the certs are great, but their skills, experience and knowledge is the things that will keep them employed after the interview. That and not setting the place on fire in their first week :-)

   
0
 

Author Comment

by:empit
ID: 18956638
Thanks again what90. Your techniques sounds promising.

Bill, PowerIT, did I ever say that I am not a CISSP. I cleared the cleared the certification and now I am a CISSP too. However I am not convinced certification is going to give you all the knowledge that you may need
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18957225
Well, it's getting to dawn on me ;-)
Probably a difference in culture of management style which makes me misunderstand your question.
Another lesson learned!

J.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now