Interview Prep Flashcards
What is the RMF process
Step 1: Categorize System
Step 2: Select Controls
Step 3: Implement Controls
Step 4: Assess Controls
Step 5: Authorize System
Step 6: Continuous Monitoring
What is Agile
An iterative and incremental (small sprints) approach to development and project management
Points of emphasis for Agile
- Customer focus
- Responding to change
- Individuals and interaction
- Working software over documentation
- Customer satisfaction
- Embracing change
STIG Implementation
Use scan-patch-scan on security center (ACAS) to verify and check for STIGs.
STIG viewer allows to view SITG content and checklists.
before implementing ensure the STIG changes won’t negatively effect the system. Maybe through sandboxing or ensuring there is a known good image on standby.
If the STIG requires system downtime, make sure it is scheduled appropriately.
Tell me about yourself.
- Grew up here in Winter Garden Florida
- After some college I enlisted in the Navy
- When I joined the Navy I completed the IT technical schools and then moved out to San Diego
- My first role in the Navy was as an ISSO where I took part in Incident response, Vulnerability management, continuous monitoring, and managed the PKI program.
- Coming near the end of that tour, I screened for a position at an elite command in naval special warfare where I could provide technical services based on my knowledge from all my training and experience.
- During a competitive screening process I was chosen among 15 sailors to fulfill one of the challenging roles
- In this role I used tagging, tracking, and locating devices / tactical audio and video systems / and non-standard communications methods to enable special operations.
This all brings me to now. I have decided to exit the Navy so that my wife and I can be closer to our families and allow my kids to be closer to them also. Right now I am completing my Skillbridge with Onward to Opportunity to complete my CISSP certification and finishing my degree in cybersecurity to give my self the best chance at providing the best I can for them.
Why are you interested in working at Lockheed Martin?
- I am interested to work at Lockheed Martin because of their impact on veteran hiring. According to the PDF I was sent Lockheed’s workforce is roughly 20% veteran hires. Becoming a veteran and understanding many of the struggles faced during the separation process that statistic is important to me. If I do get hired I look forward to joining the veterans BRG.
- Another reason Lockheed interests me is how much I relate to the core values.
○ “Doing what’s right” to me means to have basic integrity. Growing up I was taught early the importance of integrity and I have carried that with me my whole life.
○ “Respect others” is just plan common sense to me. You can’t accomplish many things unless you respect others and receive that same respect in return. Creating good relationships is foundational to achieve that last core value of excellence.
When I think of Lockheed Martin I simply think of the smartest, hardest working, and talented teams accomplishing the most technologically difficult tasks. I aim to be a part of high achieving and advanced teams.
- Another reason Lockheed interests me is how much I relate to the core values.
How do you prioritize your work when facing multiple deadlines. (Lists based on time and importance. Deployment task tracking)
*I like to keep lists of all my ongoing tasks. As the list changes I reassess assess the difficulty and importance of each task and tackle them one at a time. I also keep in mind the deadlines given to me.
* If I I’m having trouble I look for a quick win to get me going.
* No matter the importance of a task I prefer to get things done as quickly as possible or at least make progress where I can.
* I can flex to new responsibilities as they come.
For example, On deployment in my current role I was responsible for my job, but also in charge of tracking the travel for all of our guys coming in and out of the area constantly. If I was working on a PowerPoint that didn’t need to be completed right then and my chief came to me with an update on a person flying in the next day I would have no issue with finding a stopping point and making sure that person was good to go with all the flight coordination and getting them a room. I typically crush my responsibilities way ahead of time
How do you handle feedback and criticism?
- I like to seek it often. I believe that the two best ways to learn is by failing forward and listening to others.
- A time I had to take feedback from failure is when I was completing the required school for my current role. During the final training scenario I was tasked with emplacing a tracking device. To do it, needed a specific set of tools that I basically didn’t know I needed at the time. In short, during the evolution I didn’t bring the needed tools and caused my team tobe on target passed the allotted time limit so we could work up a solution. On the whole ride back to the shop I was grilled by my teammates. When we arrived I was pulled aside by course cadre and grilled by them also. My initial reaction was to shut down.
- I realized if I wanted to be there that can’t be my attitude. The next day I pulled my team aside and apologized. After that we established a procedure where each of us had a buddy that would check each others gear for the next iteration. I learned the importance of two is one, and one is none.
When I got back from the training I told my chief the story and he sat me down to give me some of his advice on how he handles gear prep.
Can you provide an example of a project where you took the initiative or showed leadership?
- One specific example that comes to mind was a project where I was in the right place at the right time.
- During one of my trips to an outstation in Somalia I was completing routine maintenance on a concealed audio/video system. A phone call came through in the middle of the day that a vehicle was on its way that was in an accident to have all the equipment stripped from it that was placed previously.
○ The concern here is that someone would find the tech during repairs. To get started, myself and the human intelligence chief had to devise a plan for access to the car and retrieval of the tech.
○ My part was to drop everything I was doing, hunt down the data card with all the install information on it, pull together a team of people I had never worked with, and give everyone a plan of attack for pulling all evidence of tech we had in the car. This included one person popping dashboard panels, another under the hood pulling cameras and wire, another in the trunk pulling more tech, and the 4th on standby. The plan was to have 30 minutes or more on the car.
With careful planning and reviewing of the data card it took only 13 minutes all while leaving no evidence we had been in the vehicle.
- During one of my trips to an outstation in Somalia I was completing routine maintenance on a concealed audio/video system. A phone call came through in the middle of the day that a vehicle was on its way that was in an accident to have all the equipment stripped from it that was placed previously.
What technical skills or knowledge do you bring to this role?
- I bring prior experience with ACAS for patch management, maintaining STIGs, managing identity and access, passing external audits, maintaining IDS, running cyber awareness, and continuous monitoring.
- I have become familiar with the importance of compliance and maintaining strict documented policies and procedures for account processes and reviewing logs among other things.
- I am familiar with the 6 step RMF process of categorization, selection, assessment, authorization, and continuous monitoring.
- I am close to completing my bachelors degree in cybersecurity where I am learning new security concepts, maintaining past knowledge, and touching on programming. Also, I am completing the CISSP study track with O2O
- one thing about me is my desire to continuously improve. I may never be the smartest person in the room, but I will always be the hardest working and most driven to succeed. I have an unordinary work ethic.
- one small example is the day I arrived at Camp Lemonierre in Djibouti. My SEAL chief tasked me with a small but painstaking task of finding all the important things around base and creating a map, briefing all ineffective direct fire shelters around base, and ready room TTPs after lunch. in total I spent 2 hours walking over 4 miles in over 100 degree desert weather all so I could create a PowerPoint for 12 people. But I did it with 100% effort.
Can you describe a situation where you faced a significant challenge at work and how you handled it?
A large exercise was looming where hundreds of reservists and civilians coming to the command to fill roles during the exercise. I was tasked by my Chief to create a plan of action for issuing, managing, and maintaining tokens and certificates for all incoming members. This included an appointment process, a 24/7 watchbill availability for constant coverage of a an LRA and LRA Admin, and revocation process once the exercise ended. The planned schedule worked well because I took into account every persons personal life, hours with most work traffic, and the consideration that someone E5 or above had to be on each shift. To bite the bullet I took the overnight LRA shift for just about every exercise because I hadn’t had any kids. As a result I received a FLOC at the end of the exercise for managing that program while still fulfilling ISSO responsibilities during the exercise.
Can you describe a time when you had to deal with a difficult coworker or team member? (Zac during ULT phases)
The first instance that comes to mind is in my current role. The other IT1 in my deployment group had some personality and professionalism issues. Most specifically regarding his communication. The SOP in the troop was to communicate early and often.
* He lacked this awareness and thought he was somewhat above having to communicate until the last minute.
* The solution to this issue, I took it upon myself to track what the three of us were supposed to be doing or where we were supposed by keeping a white board up in the JOC with our tasking and whereabouts.
This may sound as micromanaging, but I made it so we basically each had a job similar to this. My Chiefs job was to keep log of all deployed tech and its whereabouts. Zac had the job of specifically maintaining all issued cell phones and BFTs. I kept track of people and overall tasks.
