Get startedGet started for free

Patrick and Pedro: Interview role play

1. Patrick and Pedro: Interview role play

Hi, I am Patrick. Hi, I am Pedro. It's time for another chance to join an interview that's in progress. In this interview, topics will cover cloud cybersecurity questions related to detecting, responding, and recovering from attacks. We hope this will help you prepare for your next interview. Hey, Pedro, what interests you in a career in cloud cybersecurity, and what are you looking for in a new role? Well, my background is in computer science, and I'm really interested in dealing with problems that have to do with scale. And all cloud does is centralize your infrastructure for your customer, for your project in one place. And that lets you focus on problems that are actually interesting instead of physical, for instance, like where is the data? Who's protecting the data center? And what I want out of a career in cloud cybersecurity is to grow. I wanna learn, I wanna find new problems and solve interesting challenges. Tell me about a time you faced a challenge and how you responded. When I started in sophomore year and I asked my professor whether or not I wanted to do research, he asked me, "Do you even know what that entails?" And I said, "Absolutely not." And he was like, "Well, pick a topic. Go figure out what a problem is that you think you can solve and would be interesting and go solve it." It turns out that solving that is way more involved than you think, and it involves having and developing a variety of skills that you might never even have thought were relevant. How long did it take you to find the topic? About six months. We were dealing with IoT devices and cryptography, and I was trying to find some way of mixing those together. And we ended up measuring basically the performance efficiency of a YES on hardware in IoT. And just digging into that whole space, I realized that my interests lie in performance efficiency and cryptography, and those kind of mix the two together. Pedro, can you gimme an example of an incident that a cloud-based organization might have on their infrastructure? How could a cloud cybersecurity analyst detect such an incident? So in the case of Log4j, there's a few ways that you might go about it. Number one, you might go for what's called static analysis. You might use Google Cloud's managed infrastructure to determine which packages are running the vulnerable versions of Log4j. Another way is you might look for indicators of compromise, IOCs, in the logs themselves, and you might use something like Google Logging and the Chronicle SIEM to go and identify the places where the vulnerability was carried out successfully. And finally, you probably wanna spin up a generic incident response team that handles any edge cases that you haven't thought of in advance because the chaos always happens. So from the Log4j example that you gave, what is a positive takeaway that you got from, you know, detecting such an incident? One thing the world learned about as a result of the Log4j thing is to be scared of strings. I think the entire world is much more familiar with the concepts of string interpolation and the implications that that might have. And as a result, it brings kind of these high like complexity, hard computer science topics like what is string interpolation and it makes you realize, maybe I should learn about that. Let's suppose you're gonna use cloud data security controls to detect data disk storage related incidents. What are some examples of tools they would use and what do they detect? So the very first thing I would do for my own managed infrastructure on cloud is look at the severity of the data. Are we talking PII, private information, or are we talking machine to machine transactions? And for this, I would rely heavily on cloud logging. I need to know exactly what information was being stored and who accessed it and at what time, and start correlating some of the activity around the access of the data to see exactly what happened. Okay. So let's say you start doing that and you start seeing some of the logs and such, but you're not really sure what's going on. What would you do if you had concerns about the people that access the logs? Like who accessed the logs and why did they access it? Yeah, no, this is a big problem and it's actually solved at least in part by cloud, but this concept called audit logging. So you might have process logging that tells you what's happening on a system, which port is talking to which port, that kind of thing. But access logging is more like who touched the data with what justification, was that a valid access? Did someone else authenticate them on their behalf saying that they could perform such an action? And so we definitely, in addition to the analysis around what happened for the incident, would want to go and look at any data accesses both during the incident and afterwards. Right? We have to make sure that our responders are also following the rules. So imagine the scenario where you're responsible for writing an incident report. What are some critical pieces of information that must be included in the report? The report is super important and it's very multifaceted too. So there's a part about the incident itself, right? How severe was it? What were the effect that assets? What are the indicators of compromise? And ideally you share those out broadly and contribute back to the community. So there's that kind of the incident itself and the outcomes and the learnings. But then there's also the organizational side, right? Where did we succeed? What were some misses? What are some opportunities for improvement? And it's always really important to include those two sections because you have to focus in on the fact that you are doing a good job and you are improving on catching these incidents. Pedro, thank you. That's the end of the interview and now it's your turn to ask me any questions you might have. From your perspective, what keeps you up at night about information security? The one that I feel like I'm thinking about a lot that I don't hear very often is that the ever increasing layers of abstraction that we put onto all of the world's infrastructure have made it impossible for a person to actually reason about the risks of that infrastructure. And therefore it's really hard to secure it or solve it. Yeah. And that problem is not gonna get easier to solve over time, especially as the cloud infrastructure scales. Thanks for watching. In this scenario, Pedro demonstrated how to end responses with positive takeaways when answering questions. During an interview, you can demonstrate your ability to learn from your experiences and recover from difficult situations by sharing positive takeaways when relevant.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.