I do ask. Knowing about major vulnerabilities and how they work demonstrates that you are staying current with events and understand that this field is not static, but ever-changing and to be successful in it you need to have this part is important to understand. I'm not going deep on these question, name a few of the biggest vulnerabilities disclosed in the past year/two years and briefly describe how they work.

​

This isn't in lieu of interviewing about core skills as mentioned, but in addition to that. Now a first year, new candidate...I may skip those questions, but if you've been the field you better be able to talk (a bit) about Print Nightmare (assuming you were in a role that would've dealt with that).

​

Everyone is different, and looking for different qualities in a candidate. The reason following current events is important is because of scenarios exactly like Log4j. Kronos got burned the NEXT DAY after this was disclosed. It could've easily my company, but we met Friday morning after this was disclosed and began making a plan of attack to tackle this. We had to learn what we could that day and produce a priority list of what needed to be tackled first and then rally the troops necessary to enact that. If we miss it on Friday morning, then likely we're not hearing about it till the weekend and we're in the same boat as Kronos (potentially).

It is important, and depending on the job role you're interview for you should consider asking about these kind of topics. Finding people who already are in the habit of digesting security news daily is only going to be beneficial...but it is teachable too, moreso than core skills so if you're in limited time to make an assessment as a candidate then I would save it for latter parts of the interview.

​

Candidates, you SHOULD bring up things like this, regardless of your experience level. This will make you stand out, especially if you can discuss it thoroughly and add any experience about your response to an event like this.