Skip to content

eugk/ciso-interview-questions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CISO Interview Questions

This is a collection of questions to ask about the team and the company when you're interviewing for a CISO position. I think most of them are also relevant for other security leadership roles. Please feel free to submit additions!

Company

  • Does the company tolerate brilliant jerks?
  • Is the company sometimes willing to make culture or engineering tradeoffs in favor of security?
  • What is the company's risk management strategy?
  • How are decisions made and communicated?
  • How are priorities decided between teams?
  • Does the company support community engagement, like speaking at conferences or contributing back to open source projects?
  • Is the company willing to spend as needed, or is a lot of justification required?
  • If there's a set security budget, what is it and what's the budget management process?

Team

  • What is the team’s current make up in terms of seniority and expertise?
  • Do they seem happy? Is anyone on the team likely to leave? Looking for growth that they can’t get here? Possibly upset by hiring externally for this role?
  • What are the major projects you foresee for the security team?
  • Is the team likely to grow and require hiring? Any missing skills that you can think of?
  • Does the CISO have authority to fire poor performers as a last resort?
  • How is security viewed by other teams?
  • How would you describe the team's work/life balance?
  • What is the ratio of reactive to proactive work?
  • Is there an on-call rotation or is everyone on-call all the time?

Role

  • Who does the CISO report to? Why?
  • What is the envisioned scope of this role?
  • Are priorities and incentives aligned between the CISO and upper management?
  • If you could focus on the CISO role full-time yourself, what would you do? (Ask the hiring manager.)
  • How do you gauge or measure success for this role?

Technical

  • How important are firewalls to your security model? (Where are you on the spectrum between a hardend perimeter/soft middle and full zero trust?)
  • What is the company’s approach to technical debt?
  • What is the cloud strategy, assuming there is one?
  • What does the tech stack look like at a high level? (Programming languages, operating systems, open source vs. commercial.)

Tactical

  • How are IT support and operational responsibilities handled?
  • What’s the travel policy? Do employees fly business class on longer trips?
  • Do people get offices or is it an open space environment?
  • What’s the vacation policy?
  • How close to the office do most people live?
  • Is working from home once in a while practical? What about fully remote work?

About

Questions to ask about the team and company when you're interviewing for a CISO position

Resources

Readme

License

CC0-1.0 license
Activity

Stars

12 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published