Interview Guide - Cyber Workforce Developer and Manager

5mins - interviewer reviews CV without interviewee interaction. 20-40mins - Interview 10-20mins - interview and resume ‘debrief’

Watch the clock? You might not need/want to ask all or any of these questions.

Italics - something you could read or paraphrase. Bold - things you could dig into with a follow up question. To “help” them answer. First 3 are soft, last 3 are built from the technical job tasks. For more sample interview questions one of my favorite resources: Download a sample

“Thank you for interviewing with me today. Here at Blue Titan Cyber we use a behavioral interviewing style. I’ll be asking a series of questions about experiences you’ve had and how you handled them. We want to be sure that every person we hire has the same qualities that have made us so successful. There will be times when I will ask you for more information, and don’t worry, that’s normal. I will be taking notes - please don’t let it distract you. The way we’ll do it is, first, I’ll ask you some questions, and then I’ll answer any questions you might have of me. When you’re done with your questions, we’ll finish up. I’m excited you’re here - let’s get started.”

1. “[At first job on resume] Tell me about a time where your communication with others - type, frequency, with whom, about what - helped you build rapport or create better relationships and outcomes?” a. How did they learn about the other person? Were their exchanges based on respect, or simply getting an outcome? Did they continue the effort? Did they only do so to get a result, or do they show a pattern of always working at relationships? 2. Describe a situation when you have successfully managed multiple projects or tasks simultaneously. a. What planning or scheduling did they do to address the workload? Did they simply react to changes, or did they proactively stay on top of issues? Did they communicate reactively, or did they see this as normal professional responsibility and handle it well? 3. Tell me about a time when you needed to follow instructions accurately. How did you ensure that your work was correct? a. What did the candidate do to ensure they understood the instructions? Did they write them down, or ask questions? What steps did they take to ensure that the work didn’t get off track? Did they do anything to make sure the final product was what was expected? 4. Other: build out or expand on the softer interview questions; the non-technical questions

5. This job requires constant learning to solve new problems. Tell me what your problem solving approach is. How have you communicated that to your team? a. Ask about knowledge and skill areas below. Do they have a standard approach? Are they able to communicate to allow others what they have learned? Do they define each situation before running off to research? What rules do they always apply, if any? Can they learn in a group/team? 6. Tell me about your methods to advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. How do you measure your success in this area? a. How did they Evaluate cost/benefit, economic, and risk analysis in decision-making process? How many details were there? Did they have a clear way of keeping track of the details? What was their approach to managing multiple, conflicting priorities and projects…did other work slide during an incident? 7. Tell me about your methods to collect metrics and validate cyber workforce readiness including analysis of the status of positions identified, filled, and filled with qualified personnel… How do you measure your success in this area? a. How was the training program integrated or rolled out? How many details were there? Did they have a clear way of keeping track of the details? What was their approach to managing multiple, conflicting training needs across the org?

Cyber Workforce Developer and Manager < Strategic Planning and Policy < Oversee and Govern Develops cyberspace workforce plans, strategies, and guidance to support cyberspace workforce manpower, personnel, training and education requirements and to address changes to cyberspace policy, doctrine, materiel, force structure, and education and training requirements.

Task Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk. Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, systems, and elements. Develop policy, programs, and guidelines for implementation. Evaluate cost/benefit, economic, and risk analysis in decision-making process. Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials. Conduct learning needs assessments and identify requirements. Coordinate with internal and external subject matter experts to ensure existing qualification standards reflect organizational functional requirements and meet industry standards. Develop and implement standardized position descriptions based on established cyber work roles. Develop or assist in the development of training policies and protocols for cyber training. Establish and collect metrics to monitor and validate cyber workforce readiness including analysis of cyber workforce data to assess the status of positions identified, filled, and filled with qualified personnel. Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals. Support integration of qualified cyber workforce personnel into information systems life cycle development processes. Analyze organizational cyber policy. Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities. Draft, staff, and publish cyber policy. Review, conduct, or participate in audits of cyber programs and projects. Support the CIO in the formulation of cyber-related policies.

Knowledge Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. Knowledge of cybersecurity and privacy principles. Knowledge of cyber threats and vulnerabilities. Knowledge of specific operational impacts of cybersecurity lapses. Knowledge of resource management principles and techniques. Knowledge of emerging security issues, risks, and vulnerabilities. Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes). Knowledge of organizational human resource policies, processes, and procedures. Knowledge of emerging technologies that have potential for exploitation. Knowledge of industry indicators useful for identifying technology trends. Knowledge of current and emerging cyber technologies.

Skills Skill in developing workforce and position qualification standards. Skill in using manpower and personnel IT systems.

Abilities Ability to design valid and reliable assessments. Ability to assess and forecast manpower requirements to meet organizational objectives. Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities. Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. Ability to develop career path opportunities. Ability to determine the validity of workforce trend data.