Always Bring Your Top Three

Years ago I applied and interviewed for the "VP, IT Risk Management" position at my company. The very first interview question was "What do you feel the top three IT risks to this organization are?"?

My answer was… "wow that's a great question -- awkward pause -- I really should have an answer for that."

I didn't get the job.

I still cringe at the experience years later, even though it gets a good laugh at happy hour. I mention it here to share two lessons I took away:

• Always walk into a room with a "top three." This is the intellectual equivalent of bringing a gun to a knife fight. Figure out three points to cover before you walk into any meeting - not just interviews. Write them down on your hand if you have to. How many times have you gone to a doctor with two complaints, only to be back in the parking lot realizing you only mentioned one? Remembering your three points during an active conversation can be hard, coming up with those three things on the spot can be impossible. ?
• Say anything. ?I realize now I could have said anything - literally anything. I froze because I thought there may be some list of top IT Risks that I should have memorized already. If we had the same top three we could have dove into the details of each risk. If we had a different top three, that would have been even better. We could have debated and I could have shown how well I can list pros and cons and defend my arguments. The person interviewing you wants to know what you bring to the party - tell them.

This week I was asked where a team should start when building out an IT Security Program. One of those "if you had a magic wand" questions. On my hand I had these three words written down:?

Visibility, Identity, Automation

In the next Airitos blog post I'll explain what we mean by each. I would love to hear how they compare to your top three, and if they differ I welcome some healthy debate :)

Thanks,

Bill