| This thread has lot of good questions that can fit into any role. For InfoSec, I would ask following questions to team members: 1. How do you share knowledge about new vulnerabilities, detection techniques etc. 2. Did you attend any conference recently? Which one is your favorite security conference? 3. Does the management support presenting in conferences? 4. Have you (or any team member) presented in any security conference in the past? 5. How were the team dynamics when responding to critical vulnerabilities like Heartbleed, POODLE, Struts Vulns 6. Does the Chief Security Officer has any seat in the enterprise leadership 7. How often are you required to share metrics around state of security 8. Do you feel overwhelmed for crunching numbers as oppose to doing security review 9. Have you (or team) published and CVEs? 10. What do you think about developers and how much time do you spend in developer's security education? 11. How often the team members go for training and certification like SANS, Offensive Security, ISC2 etc. These questions will judge whether the team has empathy for developers, encourage research, environment for training and development, management backing for security etc. I have been in InfoSec for 9 years and have been taking interviews for last 3 years. |