New Software Feature | Risk

How to Get the Most from Your Security Assessment Interview

February 20, 2020 | 3 min read
Boring security interviews scaled
When you’re conducting a security assessment, one of the most important aspects of that assessment is the face-to-face interview. The interview is a conversation between a security consultant and the person responsible for a site’s security, and that dialogue is vital to the assessment — ideally, the consultant gets a detailed and nuanced understanding of an organization’s security measures, processes and procedures directly from the person responsible for them. Unfortunately, it doesn’t always work out that way. The interview might be hours long, the wrong people might be in the room, and some important information might be missed. What if, however, there was a way to make the interview shorter, more relevant, and tightly focused on the most important facets of an organization’s security? Do you need an industry-specific template for risk assessments? Learn more here

A typical interview process

Traditionally, a security consultant will have a face-to-face meeting with one point of contact at an organization or an individual site, and ask that person a series of questions about the site’s security measures, processes and procedures. While the interview is an important part of a security assessment, there are several problems with it. For one thing, most consultants don’t have a structured, standardized interview process. Instead the interview is a free-flowing conversation; the consultant asks follow-up questions based on the responses they got to the previous questions. It’s highly subjective, and the same questions aren’t always asked at every site so if the the consultant is assessing several sites, they’re not getting consistent information from each. Another challenge is that this free format allows the interviewee to control the interview. If the site manager gives a confident, but wrong, answer to one question, the consultant might accept that answer at face value and not ask a follow-up. The interview can also be a challenge from the interviewee’s perspective — they might feel like they’re being interrogated rather than interviewed, like the security consultant is trying to catch them in a mistake. They also might not be able to answer some questions without reaching out to a colleague — a physical security professional might need to check with the director of IT for any questions about cybersecurity, and that person might not be in the room. They may also dread an hours-long interview and feel that their time might be better spent doing something else. Sometimes interviewees might even ask if a consultant can send a questionnaire ahead of time. Our product allows consultants to do just that. What would you like to change about the security assessment process? Contact us and let us know.

How Circadian Risk can help

We find that sending a standardized form before the interview goes a long way toward making the interview itself more useful. Our solution allows you to create an interview questionnaire that will go to your point of contacts in advance. You send the questionnaire through our product, and they can log in securely and answer from their own computer at their own convenience. This has several benefits: you have the answer to basic security questions before you even set foot in the facility. Your interviewee can assign questions to their colleagues, and invite them to answer those questions via email. We also find that because they’ve been given time to answer, their answers are more accurate on the questionnaire than they are in person. Lastly, having answers before the interview itself means you can ask targeted security questions based on what you already know from the questionnaire. In our experience, that means the interview is less tense, more productive, and — to everyone’s relief — much shorter. Want more important security information and news delivered straight to your inbox? Subscribe to our blog.

Are you ready to improve your organization’s risk resiliency?

See Circadian Risk In Action Now
Create an Account