Introduction

The Information Assurance Analyst position is an exciting information security position that comes with many responsibilities. Chief among these responsibilities are planning, designing and implementing changes to an organization’s software architecture, determining how hardware and software changes will impact an organization’s data — all through the lens of information security and risk assessment. This opportunity-laden position is a milestone for any information security professional that can land one.

Of course, to land this position you will have to make it through the job interview.

This article will detail the questions you can expect on the information assurance analyst interview followed by tips on how to masterfully craft your answers to suit the interviewer’s ears. These questions are divided into three levels — entry-level, mid-level and advanced.

Job interviews can be stressful, but don’t worry. Review this article before your interview, plan at least some semblance of an answer to these questions and you will be in a strong position to be their top candidate.

Level 1 — Entry-Level

One of the best ways to get something done successfully is to know how something is going to begin. After the initial open-ended questions such as “why do you work in information security?”, you may not know what to expect. The questions considered entry-level are advanced tech questions related to the information assurance analyst position. The questions below will show you what to expect.

1. Where do you see yourself in five years?

Yes, I did say we were through with the “overly open-ended” questions but this one has a specific point. When an organization hires an analyst in any department, including information security, they expect their candidates to have a bright, optimistic outlook on the position and they will want good employees to stick around for years. In five years, an analyst is expected to want to move into either a role with more responsibility or a manager role.

2. What do you have on your home network?

The organization wants to know not only your prowess level with information security but also your self-driven desire to learn. Asking about what is on your home network is a good way to find out exactly how seriously you take information security. If you are not looking after your home network, how well will you look after theirs? Even if your home network budget is not high, you can show that you are learning and tinkering with your own network to better understand information security.

3. What encryption technologies do you have experience with?

Information assurance analysts place the highest priority of the responsibilities on the security of their organization’s data. All organizations should encrypt their data, and if this is not your first information assurance interview then you should have experience with at least one major encryption solution. This should be a softball question. It’s a good idea to mention more than one encryption solution (if possible) to show a well-rounded understanding of encryption technology in general.

4. Generally, why should most organization users use SSH?

Be fully prepared to address some basic data assurance questions, especially of the functionality sort. Although this should never be the case, using questions like these help to seriously weed out those candidates that actually possess the skills they say that they do. For this question, SSH (or port 22) is a secure connection port that allows connection for both secure and unsecure devices. Although some associate SSH with Linux, it actually can be used in conjunction with many other systems, including Windows. Most enterprise/organization employees work on Windows systems, making this a good choice to harden information security.

5. A specific system or device is unreachable on your network and you cannot ping to it. What is an example of a command prompt that can help you determine where the communication breakdown is occurring?

This question may seem overly basic but remember, this position is technically an analyst position. This means that you may have to occasionally perform basic analytical tasks that feed into the bigger information assurance picture. In this case, you would want to use the tracert command. With tracert, you can see what routers the data is moving through and where the issue has occurred, allowing you to alert the right people and resolve the issue quickly. If the issue does have to do with information assurance, the ball is in your court for resolution.

6. Do you have any ethical hacking skills?

Hacking can be used for good (as we all know), and ethical hacking skills will definitely help you out in this position. Knowing how a hacker thinks will also help you determine information assurance issues before and as they arise. It is no surprise that many former hackers become information assurance analysts. If you want to prove you have these skills beyond most, it is a good idea to earn a Certified Ethical Hacker (CEH) certification before applying for this position.

7. How strong are your writing skills?

Being a good information security analyst requires certain soft skills that are not specifically information security-related but will be useful on a daily basis. Writing is one of the soft skills that you will need to have. Information security analysts write documentation and emails where you will be explaining technical concepts to information security laymen, making solid writing skills of the utmost importance.

8. How are your people skills?

Many positions that deal extensively with data do not get the best press when it comes to people skills. Do not let this stereotype (nasty as it may be) dissuade you from thinking you will just be locked in cave, coldly analyzing data all day. Information assurance analysts typically spend a good portion of their day communicating with their information security team members, team head and the heads of other organization departments. Long story short, let the interviewer know that you are good with people and that your oral communication skills are well-developed, and this will be no big deal.

9. What are your documentation habits like? Is there anything about it that you want to improve?

Relating back to the last question, information assurance analysts are required to produce documentation of different forms. One common type is periodic reporting related to information assurance operations in the organization. To tackle this question, give the interviewer a few examples of documentation you have produced and show that you are always open to improving your methods when necessary.

10. What is the difference between data protection at rest and data protection in transit?

When data is at rest, it’s just sitting in its respective hard drive or database. Data is in transit when, for instance, it is traveling from its server to a client. The important thing to mention about protecting these different states of data is that many servers only protect one or the other. Despite slowing down the process a little, it is preferable to protect data in both states.

Level 2 — Mid-Level

You survived the entry-level questions, and from here the only place to go is up to the mid-level questions. These questions are more basic information assurance analyst-focused than the advanced tech-type questions of the entry-level variety. So brush off the dust of the entry-level questions you smashed and get ready for the next ten information assurance analyst interview questions.

11. What was the subject matter of the documentation you previously produced (aside from reports)?

Many positions produce documentation; the important thing here is that you say you have experience in the type of documentation that information assurance analysts normally have. Information assurance analysts typically document information assurance policies and strategy, emergency security measures, information security awareness training documentation and documentation of information assurance procedure. The interviewer is looking for what specific experience you have, so detail will carry the day here.

12. Describe a time when you managed your time efficiently in a related position

At times, you will be inundated with several high-priority responsibilities or tasks occurring simultaneously. Many organizations have one information assurance professional only, which will only compound this challenge. Convey to the interviewer that you are well aware of the challenges of, and more than capable of, handling multiple high-priority issues at the same time. This is generally accomplished by using solid prioritizing and multitasking skills concurrently.

13. Tell me about a time when you had to check an entire network for security issues or necessary improvements

On either a regular or routine basis, information assurance analysts have to check entire networks for current security issues and necessary improvements. How do you do this? You perform an audit on the organization’s servers, computers, routers, switches and other systems residing on the network. This is a common information assurance analyst responsibility. If this is the first time you will be working a position like this, then fall back on any network device audit experience that you may have and elaborate.

14. Do you have experience file archiving? What solutions did you use?

A typical responsibility of information assurance analysts is file archiving. This file archiving is based on the business need, but generally you will want to archive all organization files (especially if the organization is subject to regulation such as HIPAA). Make sure to mention the solution you have used in the past, such as Barracuda’s Yosemite, and the interviewer will be satisfied.

15. Can you describe a complex information assurance issue that you had to communicate to a manager? How was it resolved?

This question should be prefaced with the fact that this is a relative assessment of complexity. Many interviewing for this position are coming from a less-complex role, such as that of a help desk analyst, so they may be limited to less-complex issues. This is no big deal. Simply tell the interviewer that you have broken down a problem before into digestible language (if the interviewer is a layman in terms of information security) or in a more condensed form that you presented to an information security manager for quickest resolution.

16. Do you have any certifications that will help you as an information assurance analyst?

As with many information security positions, certifications will help demonstrate to the interviewer how your knowledge and skills compare to others. There are several certifications that can help you land this job, from the more generally-applicable (such as Network+) to the more advanced (Advanced Ethical Hacking). A good combination to take into the interview is Security+ and Certified Ethical Hacker (CEH) certifications. If you do not have any certifications, don’t sweat it — this is not required, but it will definitely make you stand apart from the crowd.

17. Let’s say a data backup job that was supposed to be run last night did not run. What is the first thing you do?

Don’t let the seemingly concerned tone of this question throw you off. Sometimes backup jobs don’t run for one reason or another. The first thing you will want to do is to check the application log — this will let you know the reason for the backup failure. Your next steps will all depend on the reason for the failure.

18. How important is automation to you?

Without a doubt, automation is at the heart of information assurance analyst work. Back in the day, manual data auditing was a possibility; today, this is simply not the case. Bring up some tools you have previously used that take advantage of all that automation has to offer, and you will be in a good spot.

19. Aside from functionality, what is the biggest concern for you when setting up an information security system?

Assuming this work is being performed during normal business hours, the biggest concern is whether the organization’s employees will be impacted by the implementation of the information security system. With proper planning, however, this should not be a problem.

20. How can an information assurance analyst benefit from using penetration testing?

Penetration testing, or ethical hacking, is a good way to test the security of a system or app on an organization’s network. While pentesting is normally left to, well, pentesters, it can benefit information assurance analysts too. It would be hard to say that information assurance has been established if an organization is riddled with vulnerabilities.

Level 3 — Advanced

The information assurance analyst interview is not limited to softball questions by any stretch. This level of interview questions is the most advanced in terms of technical skill and know-how and will truly separate the information assurance professionals from the weekend hobbyists. Despite this warning, these questions are not as daunting as they seem. A little review on your part will allow you to win the day.

21. Tell me about a time when you anticipated a future issue and successfully rectified it by notifying management

One of the most important responsibilities of an information assurance analyst is to spot a future information assurance issue and report it to management. This can be any information assurance issue, but the important thing is that your reporting to management was what got the issue to resolution. Be sure to highlight that your above-average communication skill was what helped save the day.

22. Malware is a pressing topic in today’s information assurance landscape — what can this position do to help fight this modern plague?

The first step is to make sure that your information security environment is free from vulnerabilities — this should take care of most of the risk associated with malware. However, sometimes malware still finds its way into a network to threaten the information within. When this happens, information assurance analysts can use reverse-malware engineering to get a better idea of how the malware behaves and then use the information gathered to prevent its entry in the future.

23. When working in conjunction with IT, what is the most important thing an information assurance analyst must establish?

Without a doubt, information assurance analysts work with the IT team of their organization; sometimes they are even embedded within the IT team. Despite this, information assurance is not a traditional responsibility of IT per se. Information assurance analysts need to coordinate with IT staff to establish the appropriate information assurance procedures and processes to detect and prevent system intrusions. These procedures and processes become the information assurance standards of the organization when implemented.

24. What is non-repudiation?

With reference to information assurance, non-repudiation means that a user cannot deny the validity of data. This means that you cannot deny that something regarding organization data has occurred. Of course, this would only be reliable in an information security environment with strong information assurance policies and procedures in place.

25. Let’s say that it appears that a user at the organization has sent an abusive email from their organization email address and they deny that they did. How can you prove whether it actually happened?

This is a clear example of how non-repudiation could come into play on the job. The user is saying they did not send the email, but this can be proven with the non-repudiation technique of email tracking. Email tracking will establish whether the email was indeed sent by the user and they will not be able to deny the validity of the data proof.

26. What is your view on hacktivist groups?

Hacking skills can definitely come into play as an information assurance analyst. However, these skills are more of the “white hat” or ethical variety. Although there is not that much separating “white hat” from “black hat” skills-wise, the intent is quite different. Where information assurance analysts will use ethical hacking skills to improve the information assurance of the organization, hacktivist groups use their hacking skills to steal government and trade secrets, with the ultimate goal of causing a kind of chaos to achieve another goal. With this said, hacktivist groups will not be thought of in the best light by an information assurance analyst.

27. What is the biggest advantage of RAID technology from an information assurance perspective?

The biggest advantage to using RAID technology is the inherent variety of configurations available to you. You can customize the configurations to suit your information security environment and all that is within the environment. This makes the job of information assurance analyst easier because they can customize a RAID to meet the organization’s needs.

28. What considerations do you need to keep in mind with regard to remote users?

While most information moving within the organization is intranetwork, remote users that work from home need to be able to access and modify organization data. This is normally done through VPN, SSL and related tunneling technologies. Information assurance analysts should keep this in mind when a remote employee is onboarded, and there should be information assurance testing performed on the technology the remote user will use to connect to the office.

29. Information assurance can be impacted by users. What is the best way of reaching organization users about these concerns?

The easiest way of reaching organization users is by incorporating information assurance into the organization’s information security awareness training. Information security awareness training sessions are the time when users are most saturated with information security concepts, so they will be most likely to remember information assurance issues mentioned when it is presented as part of the training. While information assurance analysts will not be the leaders of this training, they can easily step in and break down information assurance concepts into an easily digestible presentation of current and anticipated issues and concerns.

30. Let’s say that the current backup strategy is incremental, and a user has reported a commonly-used file as being corrupted as of this morning. What do you do?

The first thing I would do is go back in the data archive and pull the file for the employee to use. The file is commonly used, so it will need to be available on the network for all to use. After retrieving the last usable version of the file, I would check the backup application logs to see what caused the corruption/failure to save. This will probably be all the legwork required to resolve the issue.

Conclusion

The hardest thing about many job interviews is how stressed it can make people — especially if the interview is for a sought-after, competitive position like this one. The best way to put yourself at ease is to study, complete practice exam questions and review tip sheets like this article.  After reviewing these questions before the interview, you can guarantee that you will perform better, get a better night’s sleep before the interview and be in a better spot to land this great position.

 

Sources

  1. What it takes to become an information assurance analyst, CSO Online
  2. Information Assurance Analyst Interview Questions, Job Interview Questions
  3. Harold, Rebecca and Rogers, Marcus K., Encyclopedia of Information Assurance, CRC Press, 2010