Master 47 Cyber Security interview questions covering threat analysis, incident response, and security frameworks.
Question 5 of 47
How to Answer
Example Answer
Example Answer 2
Why the Interviewer Asks This Question
Community Answers

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
You can answer this question by describing your actions after discovering that a breach has occurred within your organization. The first thing should always be to notify your customers immediately. By law, you are required to inform customers whose data has been compromised. Every company should have a contingency and communication plan in case this happens. This is a very common question that almost always comes up in an interview. There are several ways to respond to this question. The responses that will get you points in the interview highlight your steps when such an incident occurs. It will help to mention that you are an important part of this process and that you oversee each step to make sure you are following the law and company policy.

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
"If a breach were to happen, we have strict rules, processes, and procedures that we have to follow in order to comply with state and federal laws. My role includes making sure that a written notification was sent to all our customers with signature confirmation informing our customers of a breach. This letter clearly states that a breach occurred and to notify them what information was compromised. Additionally, a letter is also sent to a few governing bodies such as the State Attorney General's Office, HIPPA, and the SEC (if applicable) informing them that a breach has occurred, and what we intend to do to remedy this problem and when it will be resolved."

Tom Dushaj is a business and technology executive and the author of 'Resumes That Work.' Tom has vast experience providing solutions to Fortune 500 companies in the areas of Information Technology Consulting, ERP Software, Personnel Management, and Intern
"My current company has a documented internal incident response plan that we follow in case of a breach. It maps out the current setup of our systems, who is to be contacted, and a list of onsite and offsite employees, cloud providers, and/or networks of other companies we have acquired. This same practice and notification procedure is also done for our vendors that may have been affected by a breach as well.
Here's a breakdown of protocols that are performed after an attack:
o Notify Incident Response Team
o Review all steps in our contingency plan
o Call in a forensics cyber security team (External Consultants)
o Notify state & local governing bodies - (if it applies)
o Find out where the attack came from
o Check back-ups in the cloud
o Disconnect all computers from the network and start documentation of the infection
o Document and investigate where the attack came from
o After the attack is remedied, conduct employee training and education on how to avoid future attacks."

William Swansen has worked in the employment assistance realm since 2007. He is an author, job search strategist, and career advisor who helps individuals worldwide and in various professions to find their ideal careers.
One of the key functions of a cyber security professional is to respond to incidents in which the company's information and security are threatened. The interviewer expects you to have a definitive plan you can use if this occurs. They may also be interested in whether your plan is similar to the one their company uses or if there are additional steps you include that help mediate the situation more efficiently. Being able to describe the plan and the steps you take will help the interviewer determine if you're qualified for this role.

Interview Coach
Jaymie
A real coach, not AI. I read every answer myself and write back with personalized feedback.
Typically responds within 24 hours.
0 - Character Count
Prepare for technical scenarios and security assessments that interviewers prioritize.
Get StartedJump to Question

Written by William Swansen
47 Questions & Answers • Cyber Security

By William

By William