Hello! So I’m not a security professional, but I work in IT and have studied the political and investigative aspects of cybersecurity from an academic perspective. I’m told that a junior role may be opening up where I work (large public enterprise) and I set up a meeting with the CISO to just have a conversation.
The questions I want to ask them are below, off the top of my head. I just hope these questions don’t sound stupid or too vague and convey the sense that I haven’t done my own research.
What I want to ask them is,
* how do you monitor threats when we have such a large enterprise and tens of thousands of user accounts with various privileges floating around?
* what certifications are required to hold this position, or can I earn them while on the job?
* are targeted spearphishing (email based) and regular phishing campaigns still the most effective ways that cybercriminals operate?
* is the human factor still the weakest point here, as far as training and awareness of employees to not click the wrong links and not to get deceived by malicious attachments?
* Do you use a large-scale intrusion detection system and comb through the logs for anomalies? (That’s what I *imagine* they do, but I don’t really know.)
* if a breach is detected in the university system, what steps are necessary? (This is probably outlined in a security framework that I should already be aware of, TBH. As far as I know, it involves reaching out to CISA immediately, whereas in the Colonial Pipeline attack, they actually reached out to FBI first.)
* how are we currently preventing ransomware attacks effectively, which seem to plague many other similar institutions?
So those are some questions I’ve thought to ask, and I hope this is the right place to start. Might there be something else I should be thinking about or missed? I hope they don’t sound too basic during this informational interview.