When it comes to hiring a network
security manager, organizations want to find not only someone well-versed
in IT security and business practices, but someone who stays abreast of new threats and ways to
counteract them. Also high on the list: a personal passion for security.
are nine questions you could face in an interview:
How do you stay current with IT security
Variations: Where do you get your IT
security news from? What do you see as the future of IT security and how do you plan to be prepared?
security managers can’t be complacent with their skills. They need to stay on
top of new security threats, trends and preventative measures. "What I’m
looking for is somebody who’s able to respond with multiple IT security
sources, such as user groups online, conferences and IT security groups," says
Kelly O’Connell, branch manager for Robert Half International. "I’m not
looking for one in particular, but I want to know the candidate has multiple
ways to stay on top of industry best practices for
What kind of network do you have at
is intended to weed out the true enthusiast from someone who leaves their work at
the office. Interviewers want to know you’re passionate enough about IT
security to play with it at home. "What I’m looking for is essentially somebody
to say, ‘I have a practice environment at home,’ where they can play and try
How would you conduct a
penetration test with these IT addresses?
A problem-solving question is often used for network security
managers. It’s intended to test your knowledge and problem solving abilities. Mike
Davis, principle scientist for IOActive, a computer security firm, asks this
and similar questions including: If a
customer gives you these 20 addresses, where would you start your security
assessment and how? If a company uses clear text protocol to check e-mail over
HTTP, what are your concerns?
Give an example, outside
of technology solutions, of business solutions you implemented as a security
A similar question: Explain
how security and risk technologies are integrated into a business?
security managers need to know how to implement successful security approaches in
all business processes. "The candidate should explain their knowledge of
security technology and what its effect is with a business," says Wils
Bell, president of Security Headhunter.com, a national IT security search firm.
"I’m seeing a trend of people with IT security background and degrees, now
getting a master’s in business."
Explain the difference between a threat,
risk and vulnerability.
no right answer to this question, according to Robert Half, since there are
various schools of thought. Yet how you answer will reveal your management
perspective, ability to assess, and knowledge of best practices. A similar
question that may be asked is: When planning
a network security environment, what’s more important, a threat or a
What do you feel your
biggest accomplishment has been in network security?
Similar questions: What
has been your biggest failure in a network security environment? What did you
learn from that mistake? What has been your biggest challenge in network
Explain the security
environment and the level of complexity you previously managed.
this one give an overview of previous networks, including the number of servers
and users, network security protocols implemented, and business process
How do you respond to a situation
where your boss indicates a direction should be taken that you disagree with from
a security perspective?
someone gives you a directive and you disagree and think it will put the
company at risk, you need to make management aware and go in there and explain
why and what solutions you have," says Bell.
Describe the last program or
script you wrote and what problems you encountered.
"I want to make sure they have hands-on network security experience
and can write script rather than only have planning or strategic experience,"
Some other questions you may be asked:
How do you present needs
to upper management for new resources, staff or equipment?
If you need to encrypt and compress data
for transmission, which would you do first and why?
Explain a time when you didn’t see a
vulnerability or virus and what did you do to make sure it didn’t happen again?
What steps did you take
and what drove you to network security over other careers?
Tell me how you mentor/motivate
— Chandler Harris