6 questions candidates should ask at every security job interview

Flip the tables and ask these questions to avoid toxic security culture.

Two business people shake hands with a third at a meeting, surrounded by question marks.
Getty Images / Thinkstock

"Off with their heads!" the Red Queen cried in Alice in Wonderland, but you could be forgiven for thinking that's how some enterprises treat security folk after a data breach.

Risk management reduces risk but does not eliminate it. Smart enterprises don't scapegoat their security leaders. Hiring a CSO or CISO so there's a head to roll when the inevitable happens is a sign of a toxic work environment, and a place to avoid.

Security folk aren't blameless, either. The "security jerk" culture is beginning to fade but is still common. A culture of "no" where security folk exist to make everyone else's life difficult is not a great work environment, either — especially considering the shadow IT problem that's going to come back to bite you.

Given the extreme cybersecurity skills shortage, security pros can be picky about where they work. So how do you suss out work environments to avoid? Here are some interview questions to ask potential employers.

1. Tell me about a time when the CEO had security’s back

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)