Contents | Previous | 2.3 Questions for the Interviews | Next
From the Miro board created by the Master Class participants.
Describe the process if everything worked perfectly, with no errors
what is the problem we are trying to solve? What is the pain point?
Why is this a problem?
Why is this a problem?
Why is this important to your company to change?
Why is it important to prevent phishing?
What are the impacts of clicking on Phishing emails?
Is there a pattern to security breaches?
Trends in what types of phishing e-mails people click on?
Do you notice any trends in the types of phishing e-mails that tend to get clicked on?
Do you notice any trends in the types of phishing e-mails that get clicked on over others?
Where do you see most of the attempts coming from, i.e. department, internal, external, etc.
Is phishing greater in certain areas of the country or are certain countries more vulnerable?
Where are the problems most concentrated? Why do you think that is?
What are [the top] three negative outcomes resulting from successful phishing attacks?
Can you share some real life examples? (To create scenarios)
what was worst of losing the data
How did you identify the breach?
What specifically happened to determine there was a breach?
What do you do when you realize this may have happened to you?
Have you put a security audit in place?
Are you able to narrow the source of the breach?
Are there identifiable individuals who were responsible for the breach?
what caused the problem?
Is this new? Has this being "happening" for a while?
Have [there] been similar problems in the past?
Is this the first data breach? If no, how many [times] in the past?
How many times has this happened?
Was it different in the past versus what is happening now?
What is the frequency of the incidents?
How many emails do users typically get a day?
How many emails do employees get per day?
How many emails do employees get a day/respond to in a day
Do you multitask while opening emails...are employees focused?
Do you ever open emails from your phone?
How old is your software? What programs are being used?
Who is your audience
Tell me about the target audience?
Tell me about your team members?
Do your employees think this is a problem?
What frustrates you about the way you currently work?
What complaints do the employees have?
Do results change at different shifts or times of day
To what age people is more frequent?
Are there particular departments that have been more affected?
What are the basics of data security your employees need to know?
What is the current attitude about data privacy?
Do your employees know how to recognize a security threat?
Have you assessed your employees' knowledge of phishing?
Have you evaluated employee knowledge/understanding of data security?
Do you know the actual level of relevant skills of the staff?
What are the most frequent failures that people get wrong most often
what is the more frequent phishing that fool the employees?
what do staff need to be aware of?
What's your biggest challenge in keeping your data safe?
What would [help] YOU do better with this problem?
what have you tried?
What training has occurred?
What training or documentation is already available
did you ever have a similar training before?
What training have employees already received in the area?
What training has already been done?
What kind of training do you currently have in place?
What current training exists?
Have employees had general trainings about data security?
Is there general IT/tech training on a regular basis?
Have you made attempts at educating them [about phishing]? How? Was your attempt successful? If not, why?
what kind of measures [do] you already have to prevent phishing?
What are your current IT security measures to mitigate phishing?
Do you have a policy in place? What is it?
What are your security measures?
What are the physical security measures?
What are the [non-physical] security measures?
Which employees have access to sensitive system?
What do you expect employees and volunteers to be able do and to access within organizational systems?
Do you have ways to restrict access to personal information?
What security measures do you currently have in place?
What additional security measures do you have aside from employee education?
Why do you think background checks are a solution?
How can data security good practices be made regular habits?
What is your budget?
What is your time line for the training?
What is the deadline
Who are the project stakeholders?
What barriers do you think will get in the way of training?
How would you like the training deployed?
Do you have the capacity to deliver training to 275,000 people [...]?
Is there a frequency upon which the employees should train? Annually, quarterly, etc?
Has a needs analysis already been done on this?
[What] do yo think that the training will solve?
What would the ideal outcome be and how would you measure it?
How do [the stakeholders] define success?
how would the company measure success?
What are [the stakeholders] prepared to do if it is or isn't considered a success?
what will the end goal look like?
What happens if an employee doesn't receive the training?
[...] how will you know [275,000 people] have done it and learned?
How do you best support your team in learning the [new] technical [information] they need?
As a manager, what do you need to do to support your team's new skills?
As a manager, what do you need to do to support the new skills of your team?
Contents | Previous | 2.3 Questions for the Interviews | Next