- CISO Series Newsletter
- Posts
- Wrong Answers to Revealing Interview Questions
Wrong Answers to Revealing Interview Questions
Wrong Answers to Revealing Interview Questions
CISO Series Podcast
Wrong Answers to Revealing Interview Questions
On this week's episode, Andy Ellis, operating partner, YL Ventures and I welcome Quincy Castro, CISO, Redis to discuss these issues. Please weigh in on any and all:Can an interview question alone reveal a person's true behavior? Ask candidates if it's ever OK to lie, suggested Nick Ryan of RSM US LLP. If someone was to answer honestly, it's possible it would reveal something about their ethics. But Quincy argues people simply aren't going to reveal that in an interview. Probably more revealing is when people explain how they dealt with an incident or how they dealt with a mistake and learned from it, suggested Brian Gibbs of World Wide Technology.What parts of our cybersecurity program can we comfortably outsource? "The reason to outsource something is there’s somebody else who can deliver the capability to you better and more cost affectively than you can produce the capability yourself," said Andy Ellis. Quincy said it's purely about who is going to reduce your risk: "As a CISO at the end of the day if you could write a check and demonstrate that you’re reducing risk in a quantifiable way, that’s where you want to be. It doesn’t matter who is on the other end of where that money goes."How do you start a security program without being overwhelmed? This topic generates a ton of opinions, but we boiled it down to what do you need to do to actually be in business. Andy said you have to deal with complaince and get a SOC2 because you can't go to market without it. And while the reddit community was suggesting using a framework to just get your head on straight, Quincy said live the business for a while so you understand how they're making money. You want to know what the executives and customers are saying about the security of your products. Tackle those issues first.Are cybersecurity consultants set up for failure? An anonymous listener, who is also a cybersecurity consultant, is frustrated that companies who hire him say they want a partnership, but yet their behaviors negate any opportunity to form a partnership. Quincy suggests the consultant go into the engagement making it clear what the goals are, and what's expected from either side. Say upfront that if they experience any blockers that it will be incumbant on the company to remove those blockers so as to achieve their mutually agreed upon goals.Give us your thoughts and listen to the show for more insight on all these topics. And check out the blog post where you can hear the show and find a full transcript of this episode.
Thanks to our podcast sponsor, Okta
Highlights!
CISO Series: The Most Fun Way to Learn About Security
we produced from CISO Series’ 4th anniversary show. Just a little more proof to show why we’re the most fun media network in cybersecurity. Features CISO Series hosts Mike Johnson, Steve Zalewski, Geoff Belknap, Andy Ellis and reporter Steve Prentice. Plus, lots of quotes from our fans.
What’s a great approach from a security vendor?
"So, I really like somebody who knows my business and who’s able to say, “Hey, I know you sell B2B SaaS software. I have a solution that’s going to help you secure B2b SaaS software." --Quincy Castro, CISO, Redis
Do we need standardization of job titles?
"We definitely need standardization. Otherwise how am I going to hire the person I need for the role I need them to. They won’t know what I really want. I don’t know if they actually are a good fit. And yes, there’s resumes, and there’s interviews, and stuff. But we need shorthand, and that’s what job titles are for." - Hadas Cassorla, CISO, M1
Listen to full episode of
Subscribe to our LinkedIn newsletters!
We've got our bi-weekly and daily Cyber Security Headlines newsletters also available on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
In observance of Veteran's Day, there will be no "Week In Review" live show this Friday, November 11, 2022. But we will return Friday, November 18, 2022 for a short 20-minute discussion of the week's cyber news.
.
Thanks to our Cyber Security Headlines sponsor, AppOmni
Super Cyber Fridays!
Hacking Cybersecurity Budgets for 2023
In observance of Veteran's Day, there will be no Super Cyber Friday this week. But be sure to join us when we return next Friday, November 18, 2022 for
"Hacking Cybersecurity Budgets for 2023: An hour of critical thinking about how to invest in the right products to maximize your return."
It all begins at 1 PM ET/10 AM PT on next Friday, November 18, 2022 with guests Pankaj Goyal, Senior VP, Safe Security and Ngozi Eze, CISO, Levi Strauss. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Safe Security
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends & colleagues, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.