July 21, 2021

Informational interview with a CISO soon – How to ask the right questions?

Hello! So I’m not a security professional, but I work in IT and have studied the political and investigative aspects of cybersecurity from an academic perspective. I’m told that a junior role may be opening up where I work (large public enterprise) and I set up a meeting with the CISO to just have a conversation.

The questions I want to ask them are below, off the top of my head. I just hope these questions don’t sound stupid or too vague and convey the sense that I haven’t done my own research.


What I want to ask them is,

* how do you monitor threats when we have such a large enterprise and tens of thousands of user accounts with various privileges floating around?
* what certifications are required to hold this position, or can I earn them while on the job?
* are targeted spearphishing (email based) and regular phishing campaigns still the most effective ways that cybercriminals operate?
* is the human factor still the weakest point here, as far as training and awareness of employees to not click the wrong links and not to get deceived by malicious attachments?
* Do you use a large-scale intrusion detection system and comb through the logs for anomalies? (That’s what I *imagine* they do, but I don’t really know.)
* if a breach is detected in the university system, what steps are necessary? (This is probably outlined in a security framework that I should already be aware of, TBH. As far as I know, it involves reaching out to CISA immediately, whereas in the Colonial Pipeline attack, they actually reached out to FBI first.)
* how are we currently preventing ransomware attacks effectively, which seem to plague many other similar institutions?


So those are some questions I’ve thought to ask, and I hope this is the right place to start. Might there be something else I should be thinking about or missed? I hope they don’t sound too basic during this informational interview.


Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.