09 December 2021
Top Cybersecurity Interview Questions
− Can you name some of the emerging cyber threats?
− Can you walk me through economics of cyber security?
− What parts of the information security should the organizations outsource?
− What security conferences have you participated over the past 24 months?
− Can you explain some ways cyber criminals are using services like LinkedIn?
− Can you name a few leading cyber security vendors? What do they do?
− What is information security and how is it achieved?
− What are the core principles of information security?
− What is non-repudiation (as it applies to IT security)?
− As a CISO how would you justify a security spent to the board of directors?
− How often should the information security be covered in the boardroom, why?
− What is the relationship between information security and data availability?
− What is a security policy and why do we need one?
− What is the difference between logical and physical security? Can you give an example of both?
− What’s an acceptable level of risk?
− How does Gartner rank the vendors in their Magic Quadrant?
− What are the most common types of attacks that threaten enterprise data security?
− What is the difference between a threat and a vulnerability?
− Can you give me an example of common security vulnerabilities?
− Are you familiar with any security management frameworks such as ISO/IEC 27002?
− What is a security control?
− What are the different types of security control?
− Can you describe the information lifecycle? How do you ensure information security at each phase?
− What is Information Security Governance?
− What are your professional values? Why are professional ethics important in the information security field?
− Is geo-blocking a valid security control?
− Are open-source projects more or less secure than proprietary ones?
− Who do you look up to within the field of Information Security? Why?
− Where do you get your security news from?
− What’s the difference between symmetric and public-key cryptography?
− What kind of network do you have at home?
− Why the IT and security teams don’t like agents?
− Can you name a few recent security breaches?
− What is GDPR and does it affect you?
− What role does the automation have in information security?
− What is the difference between SIEM and UEBA?
− Can give me an example of supply chain attack?
− Can you define what is APT?
− Why are the insurance companies paying out the ransomware demands?
− What are the top 3 countries in information war?
− Can you explain some ways the attackers are using AI?
− Why are the cyber insurance premiums raising?
− How would you explain the threat of deep fakes?
− Which one is more secure, a strong password or biometric authentication?
− What’s the difference between deep web and dark web?
− Why ransomware doesn’t affect the mobile devices?
− What is MITRE ATTACK?
− Should CISO report to CIO or CEO and why is that?