Security architech interview question...

This is a question that is open ended meaning that the prospective employer wants to find out not only your depth of knowledge in a subject but how you are able to communicate that to them as well as the client.  Rule number one never insult the way a client's infrastructure or systems are configured, they actually take it personally sometimes lol.  The first thing to do is to gain the perspective of the client by asking questions about their security posture and current business processes that the current configuration is protecting.  Second is to find the motivation they have to meet with you, future audits or current law suits are fairly common these days if they called you.  Third is to discuss industry best practices and do a comparison of how their systems align with those standards.  Fourth is offer assistance through knowledge and products to get the client to a place where their business needs aren't negatively impacted but their security is closer to industry standards and compliance requirements.

This is a 30,000 foot view and it is up to you and the clients motivation on how far down the rabbit hole the conversation goes.

P.S. earn trust then sell product and service.

As well as the above,

Prepare a pointer/summary list that encompasses all their present practices/policies; Good and Bad.
Go down through the list indicating ....
That's good .... That's good ..... That could be improved upon/changed .... that's poor/flawed etc.
Draw a line under the present practices/policies list.

---

Add additional new practices/policies that you would recommend.

I went into a Palo Alto interview and was asked how I would handle or advise a client on best practice that went against what the particular client presently had in their environment.  

1. Seek to understand and listen out to the concern - need to appreciate the viewpoints of the "against" e.g. costly, disruptive, complex etc
2. Make judgement call and bring out the key concern - need to distill the negative perception and layout the reality e.g. Fear, uncertainty etc
3. Justify (again) the need for certain practice - need to emphasis the "why the need for change", many way to skin a cat but first is to accept
4. Layout option and address the concern - need to prescribe how the practice is in a way not a "concern" or big bang change - lay ground
5. Propose the desired outcome to safeguard customer interest - need to reiterate the interest and objective of the discussion on the needs

I wanted to get a glimpse of to how to answer for future interviews I might have with this particular position?

6. Never try to be pushy and aggressive, listen more than just speaking more which can be counter productive
7. Draw out the "technicalities" in simplified blocks and run through how it applies and affect the environment
8. Pick your battle e.g introduce technical jargon to the right audience as the decision maker may not be tech savvy or interest.
9. Bring on the negative as well to build trust and transparency that limitation exist and no silver bullet exist but take risk measured means
10. Allay further concerns and create future opportunity to meet again, re-engage and reflect what can be done better and follow up

What should I have said or points that needed to be brought up?

Being knowledgeable is good but do not aim to be showing all the smartness - make them the smart buyer instead. Build rapport and key is address the concern and not push out stop gap for the sake of number. You need a long term relationship and not an once off session only.