cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Lamont29
Community Champion

The most relevant Interview Question?

How are you staying current? Prior to becoming a CISSP, I'd get this question almost every time at a job interview, but not so much from prospective employers 'after' getting certified. However, I believe that life-long learning is key to our (CISSP's) success. So how are you guys keeping current and honing your skills?

 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
10 Replies
CISOScott
Community Champion

Occasionally picking up another cert, reading websites daily for cyber news, helping others, participating in forums, listening to podcasts, reading (or listening) to books (not just cyber security but others too).

 

I also look to attend conferences, take webinars, have vendors demo their products, etc.

dcontesti
Community Champion

The only thing I might add to Scott's list is Presenting at conferences.  Presenting forces me to become more familiar with the subject and also in talking to the audience, I sometimes gain information that I did not have.

 

Regards

 

Diana

 

rslade
Influencer II

> Lamont29 (Contributor III) posted a new topic in Tech Talk on 03-01-2019 06:45

> How are you staying current?

I very much believe in life-long learning, and this is a good 'un for almost any
position. Unfortunately, most people know the "right" answer, and it can be
difficult to separate those who actually *are* constantly learning, from the herd.
(Determining how detailed the answer is could be telling.)

I'm finding it hard to think of a single tech or biz question that would be applicable
in all situations, but always ask two when recruiting:
- Tell me about your greatest success. (Note the wording: this is not necessarily
job specific.) The choice tells a lot about what the candidate considers important.
- Tell me about your most recent failure. (Again, note the wording.) The
willingness to answer with a real event says a lot.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Hanlon's razor: Never attribute to malice that which can be
adequately explained by stupidity.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> CISOScott (Advocate I) posted a new reply in Tech Talk on 03-01-2019 10:54 AM in

> Occasionally picking up another cert, reading websites daily for cyber news,
> helping others, participating in forums, listening to podcasts, reading (or
> listening) to books (not just cyber security but others too).   I also look to
> attend conferences, take webinars, have vendors demo their products, etc.

Yeah, that's the "right" answer. See? Everyone knows it.

Actually, I find it's changed for me, over the years. At this point, I don't do any
more certs.

In terms of reading for news, I still do that, but, to make sure, I *post* news.
That way, I test myself in terms of "am I keeping up with what's actually
important?" If I'm just passing along the regular run of garbage that happens
anyway, people are going to complain about what I'm posting.

"Helping others" is pretty key by this point. Again, I do a lot of teaching,
presentations, and mentoring. If the people I'm "helping" don't find it helpful,I
know I've got some work to do.

I don't do podcasts and Webinars. I just find they take too long to deliver too
little actual information. They aren't an efficient use of my time (and I haven't
got much left).

I still read a lot of books, although not as many as when I was doing the review
project. (Again, doing the reviews, particularly online, meant I really had to learn
from the books, and, if I didn't get it right, "the Internet" would definitely let me
know I'd got it wrong.)

These days I only attend conferences if I'm speaking or helping run them. By this
point I've heard most of the presentations, and it's really rare to run into
something actually new.

I still go to vendor presentations, but that's mostly to meet old friends ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Life may have no meaning. Or even worse, it may have a meaning
of which I disapprove. - Ashleigh Brilliant
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
vt100
Community Champion

Besides obvious, (reading, learning, getting certified, speaking, presenting), actually doing work in the field and encountering multitude of environments, each with its unique challenges and degrees of complexity, is quite helpful.

 

Every new engagement is a learning opportunity.

Shannon
Community Champion

 

Like @rslade said, there's a 'right' answer & most are probably going to provide that, so you'd want to make your's stand out --- but depending on the interviewer's mentality, how you do that can get you shortlisted or just taken off the list.

 

Besides what's already been mentioned here, I think interacting with others plays a part, not only via forums & presentations. You'll be able to get an idea of the impact of IT & how Security is exercised & perceived --- on multiple levels & in different environments.

 

If an employer values employee awareness, emphasizing on interaction may help.

 

(Okay, I confess --- I haven't attended an interview for quite some time now.)

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Shannon
Community Champion

 

I missed out the part where you pass on your knowledge during an interaction, but that goes without saying...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
rslade
Influencer II

> Shannon (Advocate I) mentioned you in a post! Join the conversation below:

>   (Okay, I confess --- I
> haven't attended an interview for quite some time now.)

I suppose it's been a while now, for me., but, boy! I've sure attended enough of
them in my lifetime!

Group interviews, hostile interviews, trick questions, I know all the interview
stunts. I've seen all the fads come and go.

I had one outfit finish up by telling me they needed me to take a test to prove I
knew my tech. They gave me a Lotus 1-2-3 (forerunner of Excel) trivia quiz that
someone had photocopied out of a computer mag. (I figured that, if they weree
using that to assess candidates, I definitely didn't need to work for them, and
walked out.)

I was in the waiting area for one interview when I realized I could hear some
conversation over the area "dividers" that didn't quite go all the way to the roof.
It was the head of the tech area and the HR rep deciding what "trick" questions
they'd ask.

A frequent question is what I call "what do you want to be when you grow up?",
more usually phrased as "where do you see yourself in 2/5/10/15 years?" But one
recruiter worded it so badly it was along the lines of "what do you want to have
done by the time you die?" (My response: "I know this is the wrong answer, but
I've already done it." Even though it didn't sell at all well, I'm still very proud of
having done a book the first time out.)

There is no substitute for actually preparing, when you are recruiting. (And, if you
are the interviewee, don't worry about acing the interview. If you *do* manage to
"hack" the interview, and get the job even though you aren't what they think you
are, you won't enjoy working there anyway ...)

======================
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Steve-Wilme
Advocate II

It's an odd question, and relatively easy to answer, but not one you can particularly stand out by answering.  It would be more telling if they asked what have you done to become a better security professional in your career and why.  But it's like they are looking for an answer that matches a checklist, as if it's a mandatory HR driven question they have to ask.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS