Hogfly recently posted a typical scenario and gave a few interview tips. It really got me thinking about how important interviewing can be to our job. Whenever we receive an engagement, the first thing we start with is information gathering. After all, you can't do your job if you're not even sure what it is.
Depending on the type of work and situation you find yourself in, one potential roadblock I often see is that the people you need to get information from might feel their job is at stake. If the main source of info is a sysadmin that feels he will be held responsible for a data breach, he is likely to be in damage control mode and not as forthcoming. An effort will probably be made to mitigate responsibility surrounding the steps he took before or after the incident.
So how do you get all the information you need? First let’s talk about some training.
In my previous life I conducted criminal interviews for several years and went to numerous interview and interrogation classes. The methods varied from reading body language clusters to written statement analysis. I found every class very interesting, but didn’t incorporate some of the methods into my interviews. I found that I could read major body language indicators, but I wasn’t very good at catching the “clustering”. If a blink, finger tap on the table, shift in the seat, turn head to the left meant one thing, but a blink, finger tap on the table, shift in the seat, turn head to the right meant another thing, I just wasn’t going to catch it.
The two classes I got the most out of were the WZ Method of Interview and Interrogation and SCAN (Statement Analysis). I found that I was much more suited to picking up the different nuances of spoken word indicators and could use those to my advantage. However, if you like body language, check out Stan Walters’ Kinesic class. The Reid Method of Interview and Interrogation has been around for years and is quite good as well.
A couple of books worth taking a look at are You Can Read Anyone and No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing. I think social engineering is really a skill most people should learn. One of the hardest things for me to pick up and start doing was lying, but you can make friends quickly if you present yourself in a certain way – even if it isn’t true.
There’s another good source of information, and I’m somewhat embarrassed to admit this in an open forum, but I am a closet fan of some of the “how to pick up women” websites that are out there. I’m married so I don’t care about the end goal these sites have, it’s just that every now and then there is a great tidbit that can be applied to interviewing, sales or general conversation. More on one of these tips later.
Ok, so now you know a little bit about the training. Let’s go use it.
In all of the criminal interviews I have done, I found that your reaction can make a world a difference. The minute a subject feels like they are being judged or scrutinized they will either stop talking or completely change the subject or story. So first, get yourself in the right state of mind. Make sure you are ready for the interview and whatever might be said during it.
After you’re prepared, how do you actually start the interview? I think this can be situational, but a great thing to consider is one of the “pick up artist" concepts of frame control. You need to set the frame of the conversation and not let the interviewee control it. A quick and easy example is to start a conversation by saying something like, “I’ve always enjoyed working with everyone here at the bank. They’re always so nice and helpful.” You’ve set the frame with the bank employee that they should also be nice and helpful so as not to ruin your opinion of the other bank employees. I find this to be a very interesting concept.
You can also see how it’s applied with the WZ Method of Interview. Part of this method is to start by saying something like, “Hi, I’m really interested in getting to know what you do here and the steps you’ve taken, but first let me start by introducing myself and let you know a little bit about me.” During your introduction you basically let them know about your qualifications and what you are able to accomplish. You are framing yourself as the expert and they should treat you as such. The theory is that if you do this right, they feel that they’re not in a position to put up much resistance. For instance, if they ran a virus scan they might as well tell you now, because you’re going to find out later anyway.
Now ask the other person to introduce themselves. When I was doing a suspect interview, I always let them tell me the complete story first and then go back through and asked very detailed questions. I often found that the subject’s sticking points either included way too many details compared to the other parts of the story or vice versa.
Once you’ve started and are getting through some basic questions, I think Hogfly’s tips bear repeating:
1) Never accuse.
2) Keep your cool. Emotions play a larger role in system compromises than people believe.
3) Be aware of your body language. You must always be aware that your face, posture and hand play, are a huge role in gaining the trust of the interviewee.
4) Ask leading questions.
5) Listen. You can't learn anything if you're talking.
6) Be nice.
7) Get them talking and keep them talking until you have enough information to proceed appropriately.
Listening is key. I comically found that if you are given a short answer to a question that requires more detail, a silent blank stare will often indicate to the subject that their answer wasn’t good enough. If there is more than a few seconds silence, I would ask another question. Silence isn't necessarily a bad thing, but you do want to keep the conversation flowing.
Let’s list some more bullet points:
- Get yourself prepared and in the right of state of mind
- Have a plan ahead of time
- Introduce yourself and your qualifications, set your own frame
-Be nice, courteous, nonjudgmental, and mostly un-reactive to bombshell statements
-Get as many details as you can
-Make them your friend and ally so they will help you later
-End the interview on good terms, you never know when you will have to talk to them again
Hopefully some of this information is helpful. Anyone have any other tips or experiences to share?
1 comments:
Matt,
I'd like to know more about this subject. I could see these skills being highly useful in a corporate, non-investigative situation. These could be useful tools for being successful in the workplace!
Post a Comment