25 Tanium Interview Questions & Answers

1. Tell me what your favorite security assessment tools are, and why you prefer them over others?

How to Answer

There are several good software security assessment tools in the market that can get the job done very efficiently. Here are just a few that are among the more popular in the market: Metasploit, Wireshark, Nikto, Retina CS, and Aircraft.

The goal of the hiring manager is to get you to talk about your favorites so they can accurately assess your knowledge and competency with these tools. When you talk about your favorites, start from the one you like most, and try to limit it to no more than three. Ideally, you should have used all three extensively and can talk at a detailed level about what these tools can do better than others in the market. If you enjoyed working with these tools, and are passionate, let the manager know how excited you are about these tools, and why they are your favorites.

1st Answer Example

"Since there are so many good software security assessment tools in the market, it's hard to pick from the bunch. I do however have some favorites that I will talk about and why I like them so much. Let's start with Metasploit; in my eyes, it's considered one of the best tools for penetration testing. It helps identify vulnerabilities, it manages security assessments and improves security awareness. The next one is Wireshark; this is one I've been using for a while, and one of the reasons I like it so much is that it also serves as a network analyzer, and troubleshooter. It's flexible and operates across multiple platforms like MasOS, Windows, Linux, etc. Lastly, we have Nikto; this one I use quite a bit to scan websites for potential vulnerabilities. It has a really nice feature that allows you to find loopholes like cross-scripting, improper cookie handling, etc."

2nd Answer Example

"Even though I have used several software security assessment tools, I'm certainly not discounting others that are not on my favorites list. Here are a couple I have used and I have a high comfort level with. Retina CS; is an open source product that handles vulnerability management very well. Aircrack is another worth mentioning. It can be used to recover lost keys by capturing data packets, and it also supports multiple platforms like Windows, Linux, Solaris, etc. It's important to keep in mind that when selecting a software security assessment tool, you need to first look at whether it's a fit for how a business model is set up. If an IT security department uses a lot of open source software and its part of how they work, you might tend to navigate towards open source software. The advantage here is that's it's free. The downside might be limited support and limited features. Something to ponder."

2. At Tanium we take pride in our ability to stay one step ahead of our competitors. How will you contribute to this trend?

How to Answer

It is critical that you research Tanium and their most vigorous competitors, before your interview. What does Tanium do best, and who is trying to do it better? Speak openly with the interviewer about your ability to work competitively and how you plan to contribute to their continued success.

1st Answer Example

"I believe the best way to stay ahead of your competitors is to pay a big amount of attention to the fine details. When you put out a great product, others will try to mimic your work, but they will cut corners because they will feel rushed to get it out on the marketplace first. I will contribute to the success of Tanium by committing my most attentive work to you every day."

2nd Answer Example

"I think that the best way to stay ahead of competitors is to keep your projects as simple as possible while remaining innovative. People want simple, easy products, which they can understand. What I've seen from my competitors lately is that they overcomplicate their products. I offer clean and consistent work that your buyers would relate to."

3. In today's environment, the majority of devices accessing either a private or public network are mobile, including laptops, tablets and cell phones. How should a company protect its IT network from mobile threats and risks?

How to Answer

This is a direct question, in which the interviewer is looking to learn more about your understanding of mobile security and best practices used to protect a client's IT infrastructure from both malicious attacks and unintentional breaches due to lapses in user behavior. Direct questions should be answered with a direct response which quickly addresses the topic.

1st Answer Example

"The key to protecting a company's data from exposure, theft or manipulation is quickly identifying that a data breach has occurred and taking immediate action to counter it. This involves blocking malicious applications and terminating malicious processes as soon as they are detected. It also requires that compromised devices must be blocked from accessing the network until they are secured or replaced. Finally, machine learning should be implemented so that the threats and intrusions like them can't recur. All this is done while still ensuring users have access to the resources they need and their privacy is respected."

2nd Answer Example

"Protecting a company's IT assets against mobile threats involves balancing user productivity and privacy against the overall security of the organization's data. The key to this is having a system in place which quickly detects malicious intrusions and takes immediate access to isolate them. The software should stop the malicious process and block the device used to gain access to the network. All other processes and devices should not be impacted, thereby maintaining the overall productivity of the organization and protecting the privacy of the individual users. If done correctly, only the impacted user and the system administrators will be aware that a malicious intrusion had occurred. "

4. If you could start your career over again, what direction would you take?

How to Answer

A hiring manager will be able to tell a lot about your personality by learning about your other career interests. If you could do anything over, what would you do, and why?

1st Answer Example

"I certainly do not regret the direction I have taken my career; however, if I had to start over in a new direction completely I would likely pursue my Degree in Education and become a teacher. Both of my parents were teachers, and they seemed to have a very fulfilling career. I enjoy coaching and leading others so, any tasks in my current career that related to these skills, are very welcome."

2nd Answer Example

"I cannot even think of another career than the one that I have! If I had to choose, I would pursue a career in the arts so that I could continue to exercise my creative side."

5. What do you think is the most important information security concern with most organizations right now?

How to Answer

One of the biggest concerns a company might have is securing their networks and systems to prevent a cyber attack. Given the increased level of security threats over the past five years, companies have made the protection of their data a very high priority. As this continues to become an area of importance for most companies, hiring managers will spend more time qualifying and interviewing candidates that share the same common goals and responsibility of protecting their IT security organization.

This question helps the hiring manager identify the level of importance this question has to you, and if you share the same values and sentiment that the company possesses. More than likely the hiring manger will want to know what you think those concerns are, and where you place them on a list of priorities. You may want to start with some of the most important concerns that matter to you, then talk about what IT security concerns they may have, or their clients, and what's important in their eyes. Once you have an idea of where their thinking is, you can discuss the areas that you are responsible for overseeing in your current role.

1st Answer Example

"My role with past companies has been two-fold. One is to be an effective leader, to lead by example, to conduct myself in a professional manner, and to be an innovative technologist that solves problems. Being in an IT security environment, you learn two things very quickly, technology changes and evolves in a very short time, and threats are always on the rise. In my past role, I had the opportunity to try new methods and technologies to see which worked best. I found that not every technology works for every company. While assessing a number of technologies, I was able to select a few that fit our business model. This was based on a consensus from my team and management approval. As a result, this has decreased the number of attacks on our network over the past 2 years."

2nd Answer Example

"I can say for certain that there are a number of concerns that most companies have when it comes to their IT security organization. As I led a team of IT security professionals, it became apparent to me that as a leader, I needed to show that I was able to take on difficult challenges, make difficult choices, and most importantly to implement a fail-safe IT security strategy that everyone could easily follow in order to secure all aspects of our IT security systems. A valuable lesson that I learned was to be prepared for surprises before they came up. As part of my fail-safe strategy, I put together a checklist of items that is followed in case of a power failure or cyber attack. I also built a backup system to combat the following occurrences:

1. Power outage from weather
2. Utility interruption from gas or electrical outage
3. System crashes from network, systems or telecom provider
4. Data breach or cyber attack, and how to apply contingency plan
5. Unplanned disruptions."

6. This role with Tanium is highly technical. What is your understanding of this position and the responsibilities that come with it?

How to Answer

Assure the interviewer that you bring a full understanding of the technical requirements attached to this particular job. It is essential that you research the role and thoroughly consume the information provided in the company's job posting/job description. Keep your answer to the point.

1st Answer Example

"From our previous conversation, understanding the job description, and researching the role online I feel that the job is best described as a project leader focused on X, Y, and Z. The technical requirements that you would like to see are A, B, and C. I am well versed in the tasks and programs you are asking for and am confident that I meet the strict requirements to perform in this role successfully."

2nd Answer Example

"My understanding is that you seek a candidate with expert level skills in X, Y, and Z, who can train junior employees. I am an expert user in all three of these areas. Do you have any questions about my technical expertise?"

7. Can you tell me what the difference is between stored and reflected XSS, and the common defenses against XSS?

How to Answer

To better understand why an interviewer would ask a question about an XXS script, let's examine what it is, and how you might be positioned to best answer this question. XSS, also known as Cross Site Scripting is a script that is used to attack a network or system with a malicious virus. There are two versions of this script, the first one is a stored XSS, and the other is a reflected XSS. The stored XSS is an attack that permanently injects a script on a server or database that allows the attacker to access confidential information. The reflected XSS is similar in that it also injects a malicious script into a web server or email in the form of an error. The attacker can then access confidential information after an unsuspecting victim clicks or opens up that link.

The reason the interviewer is asking this question is to see how familiar you are with XSS scripts. Many organizations make it a policy to train their employees on how to spot malicious or harmful viruses that come in the form of an email or web browser errors. Your answer to this question should address your level of expertise in this area, and what you have done to combat these attacks in the past. Mentioning that you were a part of a training program that educated employees on how to spot malicious emails and fake links will help give the interviewer a higher level of confidence in your technical abilities in this area. It also doesn't hurt if you mention some before and after improvements of how the company is doing as a result of your training initiative. This will also show that you are pro-active as well.

1st Answer Example

"When I address Cross-Site Scripting (XSS), or more specifically Stored XSS attacks, my first thought is how can I prevent future attacks from happening. Since Stored XSS attacks happen without the victim knowing they've been compromised, it's important for me to look at ways that we can inform our personnel about the various methods that attackers use to make you think that an email or browser plug-in, for example, is safe. I set up periodic informational training sessions to educate our personnel on how to spot these malicious attacks, and what to do if they come across any suspicious messages or errors. Another important part of my role is to cleanse Input validation and output sanitation."

2nd Answer Example

"Reflected XSS attacks can occur at any time, so it's important for me to educate our employees, so they don't become a victim of these unsuspecting attacks. I always take a pro-active approach to these things, and have designed a series of educational classes to educate all employees on new attacks that have been discovered, and how to respond in case they may be targeted as an unsuspecting victim. One of the many things I cover in our training sessions is to show examples of what these emails and errors look like, and how to report them as soon as you notice them. In my role, I also have to make sure that I sanitize requests from the server side scripts to further reduce or eliminate vulnerabilities."

8. At Tanium we take privacy and confidentiality very seriously. Are you willing to sign a non-disclosure agreement, if hired?

How to Answer

Signing a non-disclosure agreement is quite common in the software and technology industry. If hired, you will likely become privy to trade secrets, pending patents, and other innovative projects that must remain confidential. Talk to the interviewer about your willingness to sign an agreement. If you are currently under non-disclosure or non-compete agreement with your present employer, now is the time to discuss that.

1st Answer Example

"I have signed non-disclosure agreements in the past; although I am not currently under one. I see the importance of agreements such as this and am most willing to comply."

2nd Answer Example

"I am happy to review any privacy and confidentiality agreements that you have."

9. What's the difference between a threat, vulnerability, and a risk, and how do you assess the severity of a threat for example?

How to Answer

If you're a (CISSP) Certified Information Systems Security Professional, then you should know the difference between a threat, a vulnerability, and a risk. When you're starting a new job, you don't know the new environment, so you need to gather some basic information about where everything is, and how things were operating before you came along.

One of the first things you'll need to do is assess the landscape. You'll probably need to locate where the data resides, who is or was managing the data, and what the network diagram looks like. The hiring manager wants to see if you are experienced enough to ask these questions so that they know they're not dealing with a junior level candidate with limited experience in these areas.

After you have outlined what you would do when you start, they will dig a little deeper and ask you to explain the differences between threat, vulnerability and risk, and how you assess threats. As a general rule, you should talk about the differentiators among the three first, and then the process you follow to assess a threat. The interviewer's attention will be focused on how you assess a threat.

Here are a few items you may want to research further regarding assessments. Visibility touch points, Ingress and Egress filtering, and Vulnerability Assessments.

1st Answer Example

"My answer is that vulnerabilities should usually be the main focus of an organization since there is little control over the volume and consistency of threats that come in daily. In past roles when I started with a new company, the first thing that was on my task list was to perform a vulnerability assessment. This revealed a lot about the current state of risks and vulnerabilities to the network, and what needed to be done to close those gaps and secure all entry ports into the network. After doing a full assessment, I recorded visibility touch points to monitor where threats came from, and the strength and weakness of our vulnerabilities which helped me map out a long-term IT Security strategy plan."

2nd Answer Example

"I've always been a strong believer that the best defense is a good offense. Companies are always under network security attacks, and if you leave yourself vulnerable, it's almost like playing whack-a-mole. You're constantly on the defensive when you should be pro-actively offensive. One of the methods I implemented in my last company was a Defense Threat Modeling method. This method takes monitoring to a new level by pro-actively seeking out methods that hackers use to infiltrate systems while being undetected. At the same time, I keep up to date with online periodicals from IT Security sources to learn about new threats and the risks they represent. Another way that I combat threats is by using Ingress and Egress Filtering. The Ingress method is used to prevent suspicious traffic from entering a network, and the Egress method is used to monitor or restrict data by means of a firewall that blocks packets that fail to meet the established security requirements."

10. What's the difference between Diffie-Hellman and RSA, and how do they apply to cryptography and encryption?

How to Answer

Any cryptographic currency transaction will have a level of encryption to protect the sender and receiver of currency or data. This is called the Diffie-Hellman. The other currency encryption method is RSA, which stands for Rivest, Shamir, and Adelman.

A hiring manger is looking for candidates that have a deep understanding of Diffie-Hellman and RSA. For example, someone that can articulate and define both methods, and explain what they mean and how they apply to cryptography and encryption. It's best to share your knowledge of best practices using both methods, and how you gained that knowledge. It would also help to add how you have developed and fine-tuned those skills which have made you an expert in the field.

1st Answer Example

"In my experience, I have found that Diffie-Hellman is a key-exchange protocol, while RSA is an encryption/signing protocol. Both work in different ways. Diffie-Hellman does not require you to have key material, while RSA does require you to have key material. A project I was working on required me to set up an RSA cryptography key which involved using the Rabin-Miller test algorithm to provide a link between the P and Q numbers. The way I was able to explain this to my team was that if Dan wanted to send Mary an encrypted message, he would have to obtain a public key which is encrypted into a Ciphertext, then Mary receives Dan's message, then decrypts it by using her RSA private key."

2nd Answer Example

"Cryptographically speaking, Diffie-Hellman is the main method of building a shared secret over a public domain. I know that when I am faced with a Diffie-Hellman attack, the method I use is called Man-in-the-middle because neither side is authenticated. Our corporate IT security operation is finicky about what data or messaging is shared with people within the company who are not in a role to share or manage data, which is why we apply Diffie-Hellman in cases like these. One example was when I had to give permissions to one of my colleges to encrypt their data before sending it to another party. I had to make sure they both had encryption and decryption keys so they could read each other's message."

11. Most threats initiated from endpoint devices are stealthy and difficult to detect. How do you help your clients understand this and what do you recommend they do to expose and quickly resolve the attacks?

How to Answer

The interviewer is trying to determine if you can make a recommendation for a solution which addresses the issue, meets the client requirements and uses Tanium's products or services to solve the problem.

1st Answer Example

"Threats originating on endpoint devices are often caused by bad behavior (usually unintentional) by the users and are generally not immediately reported. System administrators need to have measures in place to automatically detect and respond to the threats. I believe Tanium's suite of products and services offer remote analytics, threat intelligence and always-on services which respond to the threat. The software provides higher visibility into endpoint devices and stronger detection analytics than other products. It also employs technologies such as sandboxing, security information and event management (SIEM) and orchestration. All of these are critical to effective endpoint security. When selecting a security management product, you need to make sure that it has these features and a high degree of automation."

2nd Answer Example

"The problem with intrusions which originate from endpoint devices is that they are hard to detect and respond to. It is important to select a security management product suite which is highly automated, so it detects threats from endpoint devices quickly and takes immediate action to resolve the issue. I believe Tanium's products and services accomplish this by employing remote analytics, threat intelligence and always-on services which respond to the threat. The software provides higher visibility into endpoint devices and stronger detection analytics than other products. It also employs technologies such as sandboxing, security information and event management (SIEM) and orchestration. All of these are critical to effective endpoint security. "

12. Tell me about the most interesting project you have worked on this year and the biggest thing you learned from it.

How to Answer

Discuss with the interviewer one of your recent projects that particularly piqued your interest. Did it stretch you professionally? What was the biggest takeaway for you from that particular project?

1st Answer Example

"In my previous role we were working on a variety of projects with fingerprint recognition software. One of the most interesting projects was a fingerprint-based ATM system. It was a test project for a large banking institution. In addition to learning a great deal about fingerprint recognition, I was also able to learn a lot about the critical relationship between software and security."

2nd Answer Example

"I find the majority of the projects that I have been working on this past year to be very interesting. If I had to choose one, I would choose to work on the Uber app. Since I am still in my internship, I didn't have any major contributions; however, I learned a lot about on-demand apps and building a friendly user interface."

13. Give me your opinion on Blockchain technology, and how do you think it will revolutionize cyber security?

How to Answer

Ever since Blockchain was introduced to the market, security technologists have been busy trying to keep Blockchain transactions secure through distributed networks so people can use bitcoin or crypto-currency as a payment gateway. Hiring managers, especially in the finance/banking industries, are well aware of this technology, so when they ask this question, they are looking for your opinion on how it applies to cyber security. If you have experience working in an environment that uses Blockchain, showcase that experience in a way that makes you stand out from the crowd. For example, use a scenario (without giving away sensitive company information) where you used it, and how you were able to protect web servers and ID systems so the transactions were safe and secure. If you have limited knowledge in Blockchain, show your eagerness to learn the technology, and how your skills would apply in those situations.

1st Answer Example

"Anytime I see the introduction of a new technology or payment gateway, I take it upon myself to research that technology to see where it is relevant in the world of Cyber Security. When Blockchain came out, I did extensive research on where it might have vulnerabilities, and susceptible to attacks. According to my research, Blockchain has around for about a decade and was initially introduced to store and/or send crypto-currency like Bitcoin. Blockchains are distributed networks with millions of users all over the world. Since Blockchain uses cryptology, it's easier for businesses to authenticate devices and users without the need for a password. This definitely eliminates manual intervention in the process of authentication, thereby avoiding potential attacks."

2nd Answer Example

"The way I view Blockchain revolutionizing Cyber Security is through decentralized storage, record keeping, and peer-to-peer sharing. Furthermore, Blockchain users will be able to store all their data on their network or computer if they choose to do so. Basically, a blockchain is a decentralized, digitized, public ledger of all cryptocurrency transactions known as Distributed Ledger Technology. One of the big reasons why I think blockchain is going to be an integral part of Cyber Security is (Distributed Denial of Service. In a nutshell, Blockchain transactions can be denied easily if the send-receive participants are impeded from sending transactions. Blockchains provide a non 'hackable' entrance point, thereby, provide more security when compared with database-driven transactional structures."

14. We seek to hire highly ambitious people. Where would you like your career with Tanium take you?

How to Answer

Have you researched Tanium enough to know how their internal hierarchy works? Do they have a variety of departments and management levels, offering you choices when it comes to carving out your career path? Talk to the interviewer about your career ambitions specifically related to this role and their organization.

1st Answer Example

"One of the reasons I was so excited to interview with Tanium is because of the endless growth opportunities you appear to offer your high performing employees. My biggest ambition is to be awarded a management role in the next 3-5 years."

2nd Answer Example

"What interests me most about your company is that there are so many options when it comes to career growth. Ideally, I would like to earn my way into a team lead role, then a division manager position in the digital management department. Eventually, a CDO (Chief Data Officer) level role would be ideal. Of course, I understand that this will take many years of dedication and hard work."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"I have a passion for taking something complicated and making it simple. I enjoy providing mentorship to people and have the leadership skills to do so. I could see myself being in a leadership position to some degree within the next 1-5 years."

Rachelle's Feedback

This is a good start! You do a nice job explaining your strengths and describing your ideal timeline for a leadership opportunity. If you have a more specific idea of the type of leadership roles that interest you within Tanium, this would be an informative addition to your answer.

15. What experience do you have using team-based messaging applications?

How to Answer

There are many options for communication software and messaging applications. Give the interviewer a brief overview of the apps you are experienced in and assure them that you can learn their internal system, should it be new to you.

1st Answer Example

"I have used a variety of team-based messaging applications. I am best versed in Brosix, AOL Instant Messenger, and Freedcamp. No matter which system you use I am sure that I can pick it up very quickly."

2nd Answer Example

"Although I have not worked with a team based messaging application, I am confident that I would learn very quickly. Which team based messaging apps do you use at Tanium? I would love to get a head start and begin learning."

16. At Tanium we prefer to hire those with an education in computer science or another related field. Walk me through your post-secondary education and training.

How to Answer

The interviewer will likely have an idea of your education background from your resume. What they are asking is for you to take a few minutes to bring the experience to life for them! What was your major? Did you receive any special academic recognition? Discuss the strengths gained during your post-secondary training and how those skills will be used in your new position with Tanium.

1st Answer Example

"I completed my Bachelor of Applied Technology from Carnegie Mellon University in 2004. During that time I specialized in Data Management and Analysis. I graduated with a 3.99 GPA, one of the top in my class."

2nd Answer Example

"I recently completed my Diploma in Information Technology. I also have a great deal of on the job training and certifications, all listed on my resume. One of the biggest take-away's from my post-secondary experience was learning how to manage my time while working on multiple projects successfully. I perfected my multi-tasking skills and look forward to bringing those to work for Tanium."

17. Explain the difference between symmetric and public-key cryptography, and what their importance is to encryption technology?

How to Answer

This is a pretty basic question that most IT managers ask candidates when it comes to cryptology. If you have any level of expertise with encryption, you should be able to answer this question without too much difficulty.

The reason a hiring manager will ask this question is to get one or two easy questions out of the way, then proceed to more difficult questions. Keep in mind that some managers tend to drill down into this question pretty deep so if you get asked, be prepared to answer with a detailed response.

The basics here are going to be that symmetric uses a single key, and a public key uses two keys. Let's suppose that you took a document and placed it in a drawer, then locked it with a key. If anyone else wanted to access that document, they would need a key for that drawer. This is how Symmetric key encryption works. A public key, on the other hand, would require two keys to open up a drawer.

1st Answer Example

"As a cryptology professional, it's important to know the differences between symmetric and public-key encryption. I have used both, and know that each has its own unique values. Symmetric key encryption generally speaking is fast and secure. If you're sending encrypted packets to be decrypted, they must use a key which means you must send along a key to enable them to have access. A risky problem that might come up is if you're sending a physical medium, then the packet becomes insecure. Another risk might be is if someone is monitoring the network, they could steal the encrypted packets and key and decrypt them."

2nd Answer Example

"In my honest and humble opinion, public key encryption has equal importance to symmetric key. Actually, it's more secure because it has two keys, and work together to encrypt and decrypt packets. I like this one because of the extra security measure built into it. Because the private key is never sent across the network, it remains secure which gives it an extra measure of encryption. The only down side that I see is it tends to be quite slow, which makes it difficult to send larger amounts of data using a public key encryption."

18. Looking at our products and services, what do you think we do better at Tanium than any of our competitors?

How to Answer

Before your interview, be sure to research Tanium and any awards or recognition they have recently received. In their industry, and competitive space, where do they stand out? Be sure to speak positively about the organization's recent achievements to show that you are interested and engaged in their work.

1st Answer Example

"When I was preparing for this interview I noticed that Tanium was recently recognized for innovation in XYZ. You are a trailblazer in this particular arena which is amazing."

2nd Answer Example

"After reading reviews on your company, I believe that your reputation is the most solid and sincere of all your competitors. Amazing service is always the best way to stand out."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"I think linear chain client communication makes a big difference. Organizations can get visibility into their environment rapidly, scale it, and secure it without a massive budget and staff. That's worth its weight in gold."

Rachelle's Feedback

You have clearly done your research on Tanium! The enthusiasm you provide is great as well :)

19. Tell me about your greatest work related accomplishment.

How to Answer

Talking about your most significant accomplishment will give the interviewer a firm idea of where you place your values. It will also show the interviewer more about your personality, how you like to be motivated, and how to coach you in the future. It is okay to brag a little bit when answering this question. Show that you are proud of yourself and your career accomplishments!

1st Answer Example

"The greatest accomplishment in my career was graduating University as an honors student while still working full time in a related field. I was top of my class, and working full time. This accomplishment showed me that I could dedicate myself to my career, and reach the goals that I set for myself. It felt great to accomplish so much and be recognized for my dedication."

2nd Answer Example

"My greatest work-related accomplishment was the management promotion I received at Company X after just one year. I worked very hard for that promotion and was so happy when my work and dedication was rewarded. It kick-started my career."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"I took an extremely complicated and unsupportable backup process and simplified it. The existing code to set up and run backups was a group of KSH scripts that were about 30,000 lines long. My language of choice at the time was Perl and I gave each backup type its own script in less than 100 lines apiece. I also wrote a tool to orchestrate the installation of the TSM client and set up the backup for every DB and OS type we had in the environment. The backup success rate went from 92% to 99% in 3 months. It solved the biggest problem the company had at the time."

Rachelle's Feedback

Excellent work! You must have felt very accomplished :) The measurable result that you include is a wonderful addition to your answer.

20. Our clients know a great deal about cloud and network security, but they generally aren't familiar with Endpoint security and their vulnerabilities in this area. How would you describe Endpoint security to a customer so they understand the threat?

How to Answer

The interviewer is seeking to determine your knowledge of Endpoint security relative to IT security in general. They also are looking for a demonstration of your presentation skills and how you can position products and services in relation to client needs.

1st Answer Example

"The most vulnerable part of your IT infrastructure is the end devices. These are the systems, laptops and mobile devices people use to access the network, their applications, and data. Securing these are a challenge to organizations due to the high number of devices, their locations and the activities users engage in. The best way to secure these devices is to use a software approach which identifies and manages the user devices across the network. Components of the software approach are virtual private networks (VPNs,) antivirus software and secure operating systems. Endpoint devices are then provisioned with the correct access to corporate assets in accordance with the user's needs and company policies."

2nd Answer Example

"Endpoint security involves securing the most vulnerable part of the network, the end user devices. These include desktop systems, laptops, and mobile devices. The challenge of securing these devices stems from their high number, the fact that they are widely dispersed and mobile, and that end users behave badly and unintentionally create security vulnerabilities. The endpoint devices can be secured if a comprehensive software-based management system is developed and deployed. The components of an effective software management system are secure operating systems, antivirus software applications, and virtual private networks (VPNs.) I believe Tanium offers an integrated solution to endpoint security which employs each of these solutions."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"The data on the endpoints is the most valuable resource a company has. There are many points of risks that can exist at an endpoint. Two common examples would be malware and phishing attacks. If that endpoint isn't secured so that anomalies can be detected, malware could allow access to critical company data on that endpoint or by gaining access to other endpoints."

Rachelle's Feedback

Nice, in-depth response. Your knowledge and understanding shine through in your responses because you seem to have a way to explain complicated concepts in a clear, easy to understand manner.

21. We consider research to be the backbone of what we do at Tanium. Do you think it's important to conduct research before beginning a project or would you rather jump right in?

How to Answer

Talk to the interviewer about your work habits and the way in which you prefer to approach a new project. If you have a sense of how Tanium prefers to approach their work you should discuss that method. For instance, if the interviewer tells you that they prefer extensive research before beginning a project, that is your queue to talk about your excellent research skills.

1st Answer Example

"I agree that research is the backbone of a strong project. Without it, important details are missed and much time is wasted. I like to research before starting a project so that I can lay out a plan and understand the potential hurdles as well."

2nd Answer Example

"Although there are some instances where jumping right it may be required, I always prefer to research before I being a project. Rest assured; I would always follow your preferred methods, should I be hired."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"I find research to be extremely important. While I would rather jump right in, I have adapted over time and remind myself of the "unread library effect". I may have a great idea, but there could always be something I haven't discovered, which is extremely likely in the technology world. Today, I tend to reach out to vendors, my network and search the internet to see if an existing solution exists. Tanium is a key example of this very thing and is why Tanium is being used for security and infrastructure today at ____."

Rachelle's Feedback

Oh - I really like the analogy of the 'unread library effect.' This is smart thinking and will show the interviewer that you are thoughtful in your work. Good job tying the mission of Tanium into your response. Well done!

22. At Tanium we value organization. Tell us about a time when you were particularly effective on prioritizing tasks and completing a project on schedule.

How to Answer

An interviewer needs to hear that you have a plan in place to keep yourself organized. Start off by mentioning that you are typically an organized person. From here, dive into a recent time-consuming project that you were involved with.

You might say, 'I recently was involved with a project that required 30 hours of my time in a two week period while I was also in the middle of several other projects.'

Tell the interviewer that you started off by ensuring you had your schedule mapped out before you dove into your workload. Discuss if you made a to-do list, updated your calendar, or created a color-coded agenda. Share whatever organization method worked for you! Next, tell the interviewer how you prioritized the work. You may share that each day you sat down to determine the urgent needs for that day and marked them with a letter A. Perhaps you identified anything that would be nice to get done that day with a letter B. And, maybe you just left everything else that could wait for another day unmarked. Tell the interviewer how you diligently stuck with this plan for the duration of the project and how it allowed you to complete the project on time without any stress successfully.

Answer Example

"Last week I was asked to lead our team while our manager was away. I created a checklist of things that needed to be completed to reach our deadlines. I gathered the team to discuss our goals and asked for input and ideas to get us there. It was a great experience for me because not only was I able to exercise my leadership capabilities; I was also able to learn more about prioritizing, from my team."

23. In your opinion, what's the ultimate goal of information security to an organization, and why is it important?

How to Answer

This is a simple one to answer, and you should have several good examples of why this is important to an organization. Before we go into the purpose and goal of an IT Security organization, let's examine what you might encounter in a typical IT environment, and why a hiring manager is asking this question.

Depending on the size of the IT organization, the hierarchy might look something like this: CIO/CTO, VP(s), Director(s), Manager(s), Analysts, Developers, Testers, Project Managers, Architects, etc. Keep in mind that there will likely be non-technical team members in the IT department whose roles are to be a conduit or liaison between the business and the technology/security departments. You might be in a panel interview with three or more people from the company you are interviewing at, and one or two of those people might be a Business Analyst or Project Manager who may or may not have a technical background. The reason for this is to get a mix of technology/security and business personnel to participate and ask questions that might be relevant to their role. At the core of your response, your answer should be something like; helping the organization succeed, prosper or grow, and that security is needed to ensure the company runs smoothly and efficiently.

1st Answer Example

"Being mindful that a company's goal is to be successful and run a business is something that I always keep in the back of my mind. Information security performs three critically important functions for an organization. They are:

1. Enable the safe operation of applications implemented on the organization's IT Networks and Systems.
2. Protect the data the organization collects and uses.
3. Safeguard the technology assets of an organization.

As a top priority in my role, I ensure that all company information is stored and kept secure. My number one priority is to protect our company data from threats and provide a virus-free work environment."

2nd Answer Example

"The goals of an Information security organization should align with the goals of the business organization. Knowing this, I can identify with what each is trying to achieve. The Information security organization wants to make sure that they have all the tools necessary to protect the interests of their company and ensure that they can conduct business as usual without interruption to their systems, networks, employees, products, services, and customers. At my last company, it was our policy to inform and train our employees to understand the importance of information security, and to keep confidential information private within the organization."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"For information to be available to the people who are authorized to see it and no one else. To stay current on the latest threats to different technologies and protect the perimeter in such a way that an attack would be incredibly difficult to perform."

Rachelle's Feedback

This is great! You are very clear about what you believe to be an organizations' most important security-related goals. If you have contributed to any of these factors in the past, I recommend providing some details for the interviewer.

24. Describe to me what encoding, encryption, and hashing are, how they work, and what the differences are between the three?

How to Answer

Let's walk through each of these, so there's a good understanding of the best way to respond to this question. You don't have to go into great detail on each and every one, but you do have to give a basic definition, and example of how they work in a security environment, and their distinct differences.

At the high level, encoding is designed to protect the integrity of data as it flows through networks and systems, while maintaining its primary security functions. It can be easily reversed by employing the same algorithm that encoded the content in the first place. Encryption is designed primarily for confidentiality and is also reversible only if you have the appropriate key/keys. The operation with hashing is one-way (non-reversible), and the output is a fixed length with a much smaller input.

It's easy to see why the hiring manager is asking this three-part question. They want to evaluate your mental processing capabilities, and how you compile and respond to information. Always respond with answers in the exact order the questions were asked. Example: Encoding, Encryption, then Hashing. This shows the interviewer that you listen carefully, and are detail oriented in your response.

1st Answer Example

"Being an accomplished IT Security professional, I understand that you can't take anything for granted, especially when it comes to applying security measures like encoding, encryption, and hashing. Having a deep understanding of encoding is extremely important since it transforms data into another format using a scheme so it can be easily reversed, and doesn't require a key. Some of the examples for encoding acronyms are Unicode, Base64, and ASCII. Encryption is equally important because the purpose of encryption is to transform data and keep it a secret from other entities within the network. It's like sending a secret letter to a friend who is the only one that should be reading that letter. When the recipient opens the letter, they can validate the signature of the sender."

2nd Answer Example

"I find that out of the three listed; encryption is probably one of the most important to a company's security and network infrastructure. Since encryption transforms data into another format using a private key, it's easy to maintain its integrity by keeping the key in a safe place outside of accessible means. To reverse the encryption operation, the ciphertext, algorithm and private key are required to return the status to plaintext. To go a bit deeper, there are three algorithms that are used for encryption. They are.....Blowfish, RSA, and AES. Hashing is also important because its purpose is to ensure integrity. Technically speaking, hashing takes inputs to produce a fixed-length string that has the following attributes:

1. Organized multiple disparate inputs that should not product the same outputs.
2. The same input should always produce the same output.
3. Any modification made to an output should reflect a change to the hash.
4. You cannot go from an output to an input."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"Encoding converts data using a specific type of publically available algorithm so it can be processed properly by whatever is trying to read the data. Encryption is used to keep data secret and only readable with the use of a private key. Hashing ensures integrity by using a one-way algorithm to produce a value based on a given input. SHA-3 is the latest to be used for hashing."

Rachelle's Feedback

Very good! It seems that you have a solid understanding of these topics. If this understanding is a critical part of your role, I recommend adding a qualifying statement regarding your level of experience/expertise in encoding, encryption, and hashing.

25. Can you explain what a public and private key is in the world of public-key cryptography, and which key is used for which function?

How to Answer

In an age where companies face breaches and intrusions on a daily basis, they need to make sure that their intellectual property and various confidential data is protected at every security level of the company. This is why private and public encryption and cryptography is implemented to safeguard that information.

Here's a great opportunity to craft a response that showcases your knowledge about public and private keys, and taking it a step further to give an example of how each key is used and for which function. Without going too deep, the hiring manager wants to hear you articulate the definitions of each, and how well you understand them. While you describe both keys, and what they represent, it would also be helpful to the hiring manager to explain the manner in which you use them in your current role. This helps the hiring manger gauge your level of expertise, and how involved you are with cryptography in your current role.

1st Answer Example

"My experience with private and public cryptographic keys goes very deep. I use private key cryptography where a single private key can encrypt and decrypt information. I'm very mindful that this key is only to be used with management's authority and approval since the data is very sensitive to the organization. If this key were leaked to the outside, this could potentially cause irreparable damage to the company. One of the responsibilities I had was to encrypt data so that the mobile devices used by our field consultants were secure. In addition to data encryption, I was also tasked with managing the security of our internal intranet websites that were used by everyone in the company to communicate and share data."

2nd Answer Example

"Understanding that encryption uses an algorithm to transform information (data) into an unreadable format is one of the most important cryptographic elements of public and private keys. I believe that it's important to designate where private and public keys are used. Every company has safeguards in place to monitor and manage these keys so that they don't fall into the wrong hands. Anyone given this responsibility should have extensive knowledge of encryption and cryptography, with the core elements being Secure Socket Layer (SSL) and Public Key Infrastructure ((PKI) for secure online purchase transactions as well."

Anonymous Interview Answers with Professional Feedback

Anonymous Answer

"A public and private key are generated using two random prime numbers. The sender and receiver then exchange their public keys only. The data send from the sender is encrypted with the public key. The only way the data can be decrypted is with the private key, which only the sender has. In short, the public is used for encrypting data, and the private key is used to decrypt the data."

Rachelle's Feedback

You explain this in a way that is easy to understand, which is terrific! Good, straightforward response.