Tell me what your favorite security assessment tools are, and why you prefer them over others?

How to Answer
1st Answer Example
2nd Answer Example

There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.

The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.

"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."

"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."

Next Question

How to Answer: Tell me what your favorite security assessment tools are, and why you prefer them over others?

Advice and answer examples written specifically for a Tanium job interview.

1. Tell me what your favorite security assessment tools are, and why you prefer them over others?

How to Answer

There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.

The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.

1st Answer Example

"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."

2nd Answer Example

"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."

Next Question