Here is a wonderful post to review whether you are planning on interviewing someone soon or are the one being interviewed. Beyond questions that test your knowledge (e.g., the difference between encoding, encryption, and hashing), the list also includes a number of opinion-based questions (e.g., open source or proprietary software being more secure). The author, Daniel Miessler, breaks the questions down into General, Network Security, Corporate/Risk, and Advanced. Here are a few of my favorites.
- Are open-source projects more or less secure than proprietary ones?
- What’s the difference between encoding, encryption, and hashing?
- Who do you look up to within the field of Information Security? Why?
- Where do you get your security news from?
- What kind of network do you have at home?
- What are Linux’s strengths and weaknesses vs. Windows?
- Describe the last program or script that you wrote. What problem did it solve?
What are your favorite interview questions? Let us know in the comments below.
What follows is a list of questions for use in vetting candidates for positions in Information Security. Many of the questions are designed to get the candidate to think, and to articulate that thought process in a scenario where preparation was not possible. Observing these types of responses is often as important as the actual answers.
I’ve mixed technical questions with those that are more theory and opinion-based, and they are also mixed in terms of difficulty. They are also generally separated into categories, and a number of trick questions are included. The goal of such questions is to expose glaring technical weakness that will manifest later in the workplace, not to be cute. I also include with each question a few words on expected/common responses.
Today’s post pic is from geralt.