Home » Security Leadership » Career/Staffing

10 Tough Job Interview Questions, and How to Answer Them

Recently hired CSOs share what hiring execs want to know in interviews.

The CSO's role at IBM or GE and that same position at Google or Yahoo are worlds apart. Every company that you interview with wants to know whether you can work comfortably with its corporate personality. Before your interview, talk to employees and, if possible, walk the halls. Is this a straitlaced crew, or will you need reserves of flexibility in order to fit in?

When Champion took a walk through the facility after his interview, he compared what he saw with what he had heard during his conversations with executives. "I was able to get a sense of the level of energy, the diversity picture and the material condition of the facilities," he says. "A little attention to detail will also tell you about the security culture. Do people wear their IDs? Are doors propped open? Do strangers get challenged? Can unattended PCs be accessed?" The answers will help you make a career judgment.

3. Do you work well with others?

Hopefully the answer is "Yes!" During the interview process, it's likely that you'll meet with a variety of line-of-business executives from HR, legal, finance, IT and so on. Each will want to assess whether you are going to be a partner or a stumbling block to his goals. They're not looking for a pushover (hopefully), but if the company is a collaborative environment, they want to know that you can play in that sandbox. Have examples ready of projects where you have successfully partnered in the past. And talk to these folks about their responsibilities and security concerns in their own language rather than using technical jargon. "They don't have experience in information security, and these executives are tired of talking to security people that can't talk in business terms," says Sharon O'Bryan, former CISO at ABN Amro and now president of O'Bryan Advisory Services.

O'Bryan also suggests that candidates underscore their business fluency by asking non-IT executives questions about business operations during the interview, such as: What business transactions and processes are key profit generators? How has the company used technology risk management capabilities to reduce operational risk management costs?

4. What do you think about security convergence and its effect on our company?

Executives may not use the word convergence, but you can bet they have heard about or have thought about the movement that security is making toward being part of a larger risk management strategy. It is likely that they will try to suss out your perspective and experience in this area at some point during the interview. "You need to be prepared to discuss convergence, what the pros and cons are, and what your vision is for how to get there," says Champion.