tiero - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

What should candidates expect in interviews for CISO jobs?

When candidates prepare for a CISO job interview, they should know the answer to 12 specific questions. Expert Mike O. Villegas reviews the questions.

I've been applying for CISO jobs and am concerned about the interviews I'll potentially face. Assuming my resume...

and other requirements check out, how should I be prepared for a CISO job interview? What types of questions will I be asked?

The fact that there are CISO jobs to apply for is a good sign that organizations are supportive of information security programs. The hiring organization will have every expectation that you will succeed. Additionally, the hiring organization will fully expect you to bring a skill level that is worthy of an executive position. If you meet those expectations, the interview is the next step.

Before the interview, be sure to do some homework on the hiring company. What industry is it in? Is it subject to regulations and laws that  impact the information security program? Has the company experienced any breaches or cybercrime that you can talk through to demonstrate your ability to handle these issues competently?

During the CISO job interview, the hiring company will look at your resume, including educational background, background checks, certifications, accomplishments and work experience. The questions above are hard and deliberate, but they will be looking at how you answer them. They will look at your temperament, demeanor, confidence and resolve. Are you a good listener? Do you stay on topic? Do you have a good presence? Are you a good communicator? Do not try to impress the interviewer with your technical prowess. Answer questions at the level expected by the interviewer.

12 questions to expect during interviews for CISO jobs:

  1. How would you communicate cybersecurity issues to a C-level executive?
  2. What do you know about our organization and what makes you the right candidate for our CISO position?
  3. What is the first thing you would do to get an understanding the business culture and objectives in building your information security program?
  4. What framework would you use to build the information security program?
  5. How would you determine if you have the right staff with skill sets needed to meet corporate protection objectives?
  6. How would you determine if you have the right tools and resources needed to meet corporate protection objectives?
  7. What are your greatest strengths and weaknesses in filling the CISO role?
  8. How would you interact with the IT department and convince them of your authority as CISO?
  9. Have you published, lectured or held a prominent office in CISO-related professional organizations?
  10. Who would you prefer reporting to and why?
  11. How do you stay up-to-date on cybersecurity laws, protection schemes, attack vectors, and threats?
  12. Why do you want to be CISO for our organization?

Share, when appropriate, what outside activities you are involved with, such as coaching a youth soccer team, working with non-profit service organizations or being a youth counselor. Talk about your family life and values, but not too much. The interviewers need to see you are a professional, have a good work ethic and have a good home life.

Above all, show that you are glad to be there, that you truly believe you would be a great asset to the organization and that you believe in what you do.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

This was last published in April 2016

Dig Deeper on Information security certifications, training and jobs