CISSP interview questions


I am aspiring for an Information Security Managerial role. I have been working on technical part all this while and never attended a management interview. Can you give some input on what kind of question can be asked during a CISSP or Information Security Management interview.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Empit, are you a CISSP in good standing order?
If not, I can only advise you to take your experience, start studying and get certified as a CISSP.
Or if you are in a hurry: go out and grab this book immediatly: CISSP All In One Exam Guide 3-rd Edition by Shon Harris. This will give you a profound idea of what security management is about. It also contains many sample questions showing youAnd if you get that role, get certified as soon as possible. Please don't try to post as being a CISSP if you are not. You'll probably fall short very soon and take a hard beating.

If you are a CISSP, then you already know how wide the CBK is and also how to look at things. Just think back to the type of questions on the exam.

I agree with all of what PowerIT says but would like to add that if you are a more technical person then, let's say, management, you might want to look into Gsec offered by GIAC. This test is getting more notice lately in the technical realm. You might find it to be more your style.
   As for interview questions, they are probably going to want to know your point of view on a lot of things. This will probably consist of how you would secure this or how you would change what they already have in place. Understand the common misconception about CISSP is that it deals only with IT. This cert if for the total security of information to include all threats (fire, intruders, etc.). I doubt if they are looking for a CISSP that they will be asking only IT related questions so know your stuff in all the areas the CISSP covers. I hope this helps.
Tellkeeper is right that CISSP is more then only the technical part. So if you are really aspiring a mgmt role, then it could be the right thing. The CBK has 10 domains.
 Access Control
 Application Security
 Business Continuity and Disaster Recovery Planning
 Information Security and Risk Management  
 Legal, Regulations, Compliance and Investigations  
 Operations Security  
 Physical (Environmental) Security
 Security Architecture and Design  
 Telecommunications and Network Security  

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Your best bet is to access
They have tons of practice questions and I know a lot of CISSP's got their certs by practicing day and night on this website. I myself used it and you should continue taking their practice tests till you score upwards of 85.

Good luck ;)
Management questions focus on your people skills and being able to relate technical to the business operations.

Some of security management skills focus on understand risk models and COBIT, ITIL & ISO 17799:2005 and applying those to the business, being able to explain risk and problems to the non-technical management. Think reports, presentation and speaking skills.

The CISSP helps gives you a vocabulary to mixing in the two skill sets and not sound like complete weirdo.  

You'd need to be able to come across as someone who understands the technology and be able to relay how best to protect the business.

There's a couple of good podcasts you could listen to get a feel of management speak if you're not versed in it. I like these guys:
empitAuthor Commented:
Thank you What90. This is the kind of response I was looking for. I don't know why my question sounded different. If I am not a CISSP why in the first place shall I aspire for a Info. Sec. Managerial role. Any more valuable feedbacks ?
Mmmm, I'll probably misinterprete this question again ;-)
But, you are NOT a CISSP and you also question WHY you should aspire an infosec mgr.
Why this question then?

LOL, I'm totally confused too. Mr.Author - please be more clear about what you're looking to find out.
empit - I know a lot of folk that aren't CISSP's or have a security cert that run are Info Sec management. They do have the skills and ability to make it look easy though.

The CISSP cert on a CV is the lazy HR way of ticking a box.  It's very useful to have and I still believe valid to have for the aspiring Sec Info folk, but not 100% required for those management roles.

If you have the technical skills, focus yourself on the management part. Find a friendly manager and practice on them giving presentations or risk assessments and ask for honest feedback.
If you have training at your workplace, go on the people skills ones. Talking to management is mostly about confidence and having a plan what to say, especial when it not good news :-)

Print off a couple of job ads you're interested in and look at the requirements for the role, chop them up in to what you can do now and what you can't do. Train/read up/practice those areas you are weak in.

Bill and PowerIt - I've got a couple of friends asking the same type of question about breaking in to the management roles and all they say is CISSP every third word, as they believe it the only requirement to break in.
I try to tell them the certs are great, but their skills, experience and knowledge is the things that will keep them employed after the interview. That and not setting the place on fire in their first week :-)


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
empitAuthor Commented:
Thanks again what90. Your techniques sounds promising.

Bill, PowerIT, did I ever say that I am not a CISSP. I cleared the cleared the certification and now I am a CISSP too. However I am not convinced certification is going to give you all the knowledge that you may need
Well, it's getting to dawn on me ;-)
Probably a difference in culture of management style which makes me misunderstand your question.
Another lesson learned!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.