How To Hack Cyber Security Interview Questions
1. What’s the one thing that you have found that contributes the most to software security risks?
Budget, lack of buy-in, communication breakdowns between development, IT/security operations, and management come to mind.
2. What are the most challenging aspects of software security impacting businesses today?
Things like getting right the first time, finding the low-hanging fruit promptly before the bad guys do, and even the various complexities associated with people/politics.
3. How can security be best integrated into the SDLC without getting in the way of the typical project deliverables?
Think properly-set expectations up front during the requirements phase, good tools, and open communications – especially those that involve the security team.
4. How would you go about finding security flaws in source code – manual analysis, automated tools, or both?
Hopefully they’ll lean more towards the latter. No one is good enough or has the time to do everything manually!
5. What part (or parts) of the OWASP Top 10 do you have the most experience with? Which flaws are most impactful to a business’s bottom line?
Ideally, they’ll be familiar with the OWASP Top 10. It’s not uncommon to meet developers and QA professionals who have never heard of it.
6. From developers to end users to executive management, what do you think is the best way to get and keep people on board with software security?
Anything from awareness training to technical controls to open lines of communication can come into play.
7. How do you determine a vulnerability’s severity?
The key is “what’s the business risk?” For example, if it’s a seemingly-ugly SQL injection issue that’s not actually exploitable or, if it is, there’s nothing of value to be obtained, is that critical, high, or just a moderate flaw? Understanding how job candidates think and relate to business risk can be extremely impactful to their overall value to your organization.
Comments
Post a Comment