Interview guide - Security Architect

5mins - interviewer reviews CV without interviewee interaction. 20-40mins - Interview 10-20mins - interview and resume ‘debrief’

Watch the clock? You might not need/want to ask all or any of these questions.

Italics - something you could read or paraphrase. Bold - things you could dig into with a follow up question. To “help” them answer. First 3 are soft, last 3 are built from the technical job tasks. For more sample interview questions one of my favorite resources: Download a sample

“Thank you for interviewing with me today. Here at Blue Titan Cyber we use a behavioral interviewing style. I’ll be asking a series of questions about experiences you’ve had and how you handled them. We want to be sure that every person we hire has the same qualities that have made us so successful. There will be times when I will ask you for more information, and don’t worry, that’s normal. I will be taking notes - please don’t let it distract you. The way we’ll do it is, first, I’ll ask you some questions, and then I’ll answer any questions you might have of me. When you’re done with your questions, we’ll finish up. I’m excited you’re here - let’s get started.”

1. “[At first job on resume] Tell me about a time where your communication with others - type, frequency, with whom, about what - helped you build rapport or create better relationships and outcomes?” a. How did they learn about the other person? Were their exchanges based on respect, or simply getting an outcome? Did they continue the effort? Did they only do so to get a result, or do they show a pattern of always working at relationships? 2. Describe a situation when you have successfully managed multiple projects or tasks simultaneously. a. What planning or scheduling did they do to address the workload? Did they simply react to changes, or did they proactively stay on top of issues? Did they communicate reactively, or did they see this as normal professional responsibility and handle it well? 3. Tell me about a time when you needed to follow instructions accurately. How did you ensure that your work was correct? a. What did the candidate do to ensure they understood the instructions? Did they write them down, or ask questions? What steps did they take to ensure that the work didn’t get off track? Did they do anything to make sure the final product was what was expected? 4. Other: build out or expand on the softer interview questions; the non-technical questions

5. This job requires constant learning to solve new problems. Tell me what your problem solving approach is. How have you communicated that to your team? a. Ask about knowledge and skill reas below. Do they have a standard approach? Are they able to communicate to allow others what they have learned? Do they define each situation before running off to research? What rules do they always apply, if any? Can they learn in a group/team? 6. Tell me about your methods to determine the protection needs (i.e., security controls) for the information systems and network(s) and document appropriately. How do you measure your success in this area? a. How complex was the working environment? How many details were there? Did they have a clear way of keeping track of the details? What was their approach to managing multiple, conflicting priorities and projects…how often are they fighting fires, and how do they get it under control? 7. Tell me about your methods to perform security reviews, identify gaps in security architecture, and develop a security risk management plan. How do you measure your success in this area? a. How in depth was their assessment? How many details were there? Did they have a clear way of keeping track of the details? What was their approach to managing multiple, conflicting priorities and definitions of risk?

Security Architect < SP-ARC-002 < Systems Architecture < Securely Provision Ensures that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.

Task Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. Document and address organization’s information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle. Employ secure configuration management processes. Ensure that acquired or developed system(s) and architecture(s) are consistent with organization’s cybersecurity architecture guidelines. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Provide input on security requirements to be included in statements of work and other appropriate procurement documents. Document and update as necessary all definition and architecture activities. Determine the protection needs (i.e., security controls) for the information systems) and network(s) and document appropriately. Translate proposed capabilities into technical requirements. Assess and design security management functions as related to cyberspace.

Knowledge Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of authentication, authorization, and access control methods. Knowledge of application vulnerabilities. Knowledge of communication methods, principles, and concepts that support the network infrastructure. Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. Knowledge of cyber defense and vulnerability assessment tools and their capabilities. Knowledge of installation, integration, and optimization of system components. Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). Knowledge of operating systems. Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). Knowledge of the application firewall concepts and functions Knowledge of Personally Identifiable Information (PII) data security standards. Knowledge of Personal Health Information (PHI) data security standards. Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Skills Skill in applying and incorporating information technologies into proposed solutions. Skill in designing countermeasures to identified security risks. Skill in designing the integration of hardware and software solutions. Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software, anti-spyware). Skill in setting up physical or logical sub-networks that separate an internal local area network (LAN) from other untrusted networks. Skill in configuring and utilizing computer protection components (e.g., hardware firewalls, servers, routers, as appropriate). Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.

Abilities Ability to communicate effectively when writing. Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. Ability to apply an organization’s goals and objectives to develop and maintain architecture. Ability to optimize systems to meet enterprise performance requirements. Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Ability to apply secure system design tools, methods and techniques. Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations. Ability to set up a physical or logical sub-networks that separates an internal local area network (LAN) from other untrusted networks.