Interview Questions

There’s been a lot of ink put toward resume recommendations and preparing for interviews over the years, and I feel like there’s been even more lately, given the number of folks looking to transition to one of the cybersecurity fields, as well as tech layoffs we’ve seen since last year.

One of the topics I don’t really see being addressed is questions you, the interviewee, can ask of the interviewer when it’s your turn. As an interviewee, you’re probably preparing yourself for the technical questions you’re likely to face, but there are other aspects to the role.

I was once in a role where an organization was trying to start a consulting arm, so they hired a manager and one or two technical folks in each of two offices. Not long after starting, I found that the analyst in the other office was going to conduct a pen test for a customer; that analyst had previously worked at ISS, where they’d installed the RealSecure IDS product for that customer. I won’t bore you with the drama, but suffice to say that I was able to get a copy of the “pen test” report; the engagement amounted to nothing more than running ISS’s Internet Scanner product against the customer systems. As our team hadn’t generated revenue yet, we didn’t have any licenses for ISS’s, nor anyone else’s products. As such, the license used to run Internet Scanner was hacked, which the RealSecure product could detect. I gave notice after I found out that management had no intention of addressing the issue.

So, a question to ask interviewers at both the technical and management level is, you find out that tools were used on an engagement without valid licenses…what do you do?

O

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Windows Incident Response

Read the original article: