Get startedGet started for free

Patrick and Danielle: Interview role play

1. Patrick and Danielle: Interview role play

Hi, I am Patrick. And I'm Danielle. Let's step into an interview that's in progress. In this interview, questions will cover cloud cybersecurity topics related to cloud risk management frameworks. We hope this will help you as you prepare for your next interview. Hey, Danielle, what interests you in a career in cloud security? Good question, I've always been someone that likes to go deep in order to understand something. I like to get to the nuts and bolts, the nitty gritty. If this is chemistry, I like to get to the atom. As I was learning about products and solutions, I found that I was diving into security compliance because security is a part of everything. It's a foundational aspect, and it's a crucial aspect. It affects an organization. It can affect your personal life. It can make or break a sale. And so I found that in my quest to learn something and dive deep, I dove into security compliance and I love it. Why is cybersecurity compliance important and what are some examples of risks that it addresses? Cybersecurity compliance is important for a number of reasons. And the first thing that comes to mind is to do right by your customers. When I think of privacy laws like GDPR and CCPA, they're protecting the rights of individuals, and they require business to be upfront about how they're using customer's data, their personal data, name, social security number, addresses. And so it's in a business's best interest to gain the trust of their customers and lay that foundation. Another reason is penalties. A business can be fined and they can be found legally liable if they're not compliant. And then the last thing I would add is it opens up doors and opportunities to new sales, basically provide growth for your business. So I would say trust of your customers, penalties and new revenue. What is the difference between preventative, detective and corrective controls, and what are some examples of each? The difference between preventative, detective and corrective controls is the purpose of each of them. I like to think of this as going to the doctor. So preventative care, going to your annual visit, you get your blood work done, you get your blood pressure, they ask you whether you're taking your vitamins. So preventative is making sure that you have the security controls in place to prevent a cyber attack from ever happening. Some examples of these are firewalls for networking, encryption for your data, and a last example would be identity and access management, which is often forgotten about, and it's making sure the right people have access to the right resources. So that's preventative. Detective is you're going to the doctor because you actually have symptoms. You have a cough, you have a headache, and you're trying to figure out what's going on. So detective is security controls that evaluate a security incident that has already happened or happening right now. And a great example of that are logging and monitoring tools and being alerted when there's suspicious activity, so using a SIM tool, for example. And the last one is corrective. So you've gone to the doctor, you have these symptoms and they've diagnosed you, so how do we fix it? What medication do we give you? Do you need to have an operation? And so these are the remediation techniques that you can use. So do you have a disaster and recovery plan? Do you have a communication plan in place to go out to outbound customers and internal employees if there's a breach? Are you able to leverage a SOAR tool to have an automatic response? So I would say that is the difference between those three. You might be asked to use tools to identify intermediate security risks in your role as a security professional. Why is that important, and can you gimme some examples? Yeah, we've been talking a lot about cybersecurity and the domain as a whole, compliance, but a big part of being a professional is being able to implement that knowledge through the use of tools. Tools are gonna be what allows you to actually go in and identify the risk, mitigate it and streamline and automate. One example that comes to mind, specifically within Google Cloud, is called Security Command Center. I like to think of it as a central hub for any security engineer to go in, have a single pane of glass of everything to do security-wise within their environment. Some of the things they can do are DLP, which is data loss prevention. So if there's sensitive data, they can mask it to make sure it doesn't get leaked. Another thing that you can leverage in Security Command Center is scanning for vulnerabilities within your web applications and so much more. That's all the questions I have for today. Now it's your turn to ask me any questions you might have. Yeah, one question I would love to ask is, you know, you're looking to find someone on your team that's a good fit. And I would love to know, when you think about your team for this year and you think about your priorities, what is a top priority for your team? Well, this year, one of our main goals is that we have a portfolio of products that we are trying to get FedRAMP high in compliance, and it's a huge effort. Yeah, that's something I'd love to be a part of. In this interview, Danielle demonstrated how to provide examples when answering questions. During the interview, you, too, can differentiate yourself by providing specific examples that show what you know and how you've used those different skills in different situations. Watch for more interview tips later on in this certificate.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.