# Interview Panel Packets and Scoring Sheets ![Product Security Management and Director Handbook](/files/CSeYKIaiRDUf2CPltjx9) ## Interview Panel Packets and Scoring Sheets > **Purpose:** This page gives a ready-to-use **panel packet** for Product Security hiring loops: who should interview, what each person should test, how to write notes, how to score consistently, and how to debrief without turning the panel into a popularity contest. ### Packet structure Companion workbook: [`../assets/workbooks/product-security-interview-scorecards-v6.6.xlsx`](https://github.com/D3One/Product-Security-Gitbook/blob/main/assets/workbooks/product-security-interview-scorecards-v6.6.xlsx) A strong interview packet usually has: 1. role summary and level target; 2. must-have signals; 3. no-hire conditions; 4. interviewer assignments; 5. scoring sheet; 6. debrief template; 7. hiring-manager synthesis note. *** ### Example interviewer lanes | Lane | What it tests | Common mistake | | ----------------------- | ------------------------------------------------- | -------------------------------------------------- | | Technical drill | root cause, trust boundaries, exploitability | turning it into trivia | | Design / architecture | system thinking, trade-offs, integration patterns | asking for a perfect greenfield design | | Delivery / operations | rollout realism, incidents, telemetry, ownership | over-indexing on tool names | | Manager / collaboration | conflict handling, prioritization, influence | vague culture-fit only | | Leadership / strategy | roadmaps, exceptions, metrics, stakeholder trust | asking abstract philosophy with no execution angle | ### Standard scoring dimensions Use the same five dimensions on every loop where possible: | Dimension | 1 | 3 | 5 | | ---------------------- | -------------------- | ------------------------------ | ------------------------------------------------- | | Technical judgment | misses core risk | catches most meaningful issues | prioritizes root cause and systemic fix clearly | | Communication | rambling or unclear | understandable with some gaps | concise, structured, audience-aware | | Scope handling | only local fixes | some system thinking | clear multi-team or org-level framing when needed | | Practicality | unrealistic controls | mostly workable | strong balance of security and delivery reality | | Ownership / leadership | reactive only | handles clear responsibilities | shapes ambiguous situations and drives decisions | *** ### Sample packet - AppSec Engineer #### Interviewer goals * test code review ability; * verify authn/authz and business-logic reasoning; * test communication quality under time pressure. #### Strong-hire notes usually mention * fast identification of the real exploit path; * clear distinction between vulnerability class and business impact; * layered remediation: code fix + framework fix + SDLC guardrail. #### Common no-hire notes * scanner-driven thinking only; * cannot prioritize risk; * speaks confidently but never explains mechanism. *** ### Sample packet - DevSecOps Engineer #### Interviewer goals * test trust-boundary thinking around CI/CD, cloud, runtime, identities, and Kubernetes; * verify runner, secret, provenance, and release-governance understanding; * test whether the candidate can secure a delivery path without freezing delivery. #### Strong-hire notes usually mention * sees control-plane risk, not only job YAML mistakes; * thinks about persistence, token scope, artifact trust, rollout, and rollback; * recommends durable controls, not one-off fixes. *** ### Sample packet - Manager / Director #### Interviewer goals * triage judgment; * stakeholder handling; * roadmap realism; * clarity on metrics, exceptions, backlog, and team boundaries. #### Strong-hire notes usually mention * the candidate protects focus while still handling urgent work; * metrics are tied to decisions, not vanity; * knows when to escalate and when not to; * communicates credibly to engineering and executives. *** ### Debrief rules A good debrief: * starts from written notes, not memory; * asks each interviewer for **evidence** first; * separates **signal** from **style preference**; * distinguishes **coachability gap** from **hard no-hire gap**; * records the final rationale explicitly. Good debrief prompts: * **"What evidence moved you toward strong hire or no hire?"** * **"What did the candidate do that showed repeatable judgment, not luck?"** * **"Would this person raise the bar at the level we are hiring for?"** * **"What risk would we knowingly accept if we hired them?"** ### Scoring-sheet skeleton ``` Candidate: Role / level target: Interviewer: Lane: Dimension scores (1-5): - Technical judgment: - Communication: - Scope handling: - Practicality: - Ownership / leadership: Top positive evidence: 1. 2. 3. Top concern: 1. 2. Hire recommendation: - Strong hire - Hire - Lean hire - Lean no hire - No hire - Strong no hire Confidence level: - Low - Medium - High ``` ### What weak scoring looks like Weak scorecards say: * **"seems smart"** * **"good vibe"** * **"not my style"** * **"probably fine"** Strong scorecards say: * **"missed the trust boundary between untrusted PR code and production secrets"** * **"identified BOLA quickly and proposed ownership-aware authorization design"** * **"used metrics language well but failed to explain how those metrics would alter prioritization"** ### Cross-links * [Staff / Principal Calibration Rubric and Signal Ladder](/strategy-governance-and-leadership/index-1/staff-principal-calibration-rubric-and-signal-ladder.md) * [Take-Home Assignments and Evaluation Guide](https://github.com/D3One/Product-Security-Gitbook/blob/main/14-interview-labs/take-home-assignments-and-evaluation-guide.md) * [Product Security Manager Interview Pack (2026)](/strategy-governance-and-leadership/index/product-security-manager-interview-pack-2026.md) * [Product Security Director / VP / Principal Interview Pack (2026)](/strategy-governance-and-leadership/index/product-security-director-vp-principal-interview-pack-2026.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/strategy-governance-and-leadership/index/interview-panel-packets-and-scoring-sheets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.