S.T.A.R [Situation - Task - Action - Result]


  • This document contains unedited notes and has not been formally proofread.
  • The information provided in this document is intended to provide a basic understanding of certain technologies.
  • Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
  • Some websites and software may be flagged as malware by antivirus programs.
  • The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
  • The document is not a substitute for professional advice or expert analysis and should not be used as such.
  • The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
  • The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
  • The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
  • The author reserve the right to update or change the information contained in this document at any time without prior notice.
  • Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
  • It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
  • Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
  • It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
  • It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
  • It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.


S.T.A.R [Situation - Task - Action - Result]


Describe a specific eventor a situation that you were in. The who, what, where, when etc. 


Explain the task you had to complete, highlighting any specific challenges or constraints. 


Describe the specific actions you took to complete the task, highlighting desirable traits the interviewer is after


Close with the result of your efforts, including figures to quantify the result if possible.


Rationale for Dashboard

  • Region Wise data
    • Showcasing the overall - SLA or RAG [Red Amber, Green] status under two categories, to have a better holistic picture.
    • Status - Done, next Status - Failed, Outstanding, canceled and suppressed
    • Breaking down the status on which are - Critical, Important and Non-critical, throws light on Severity.
  • Resource wise data
    • Understanding the cost involved as per resource type.
    • Getting info on Mean time to repair MTTR- per resource involved and number of tickets status as per resource group.
  • Statutory Wise Data
    • The data sets are previewed through the statutory buckets, along with the calendar timeline and asset types involved.
  • PIndex Wise Status
    • The various categories of PIndex were listed by status, then by quarterly and finally their importance to understand the severity.

What is :

  • Governance 

    • Combinations of Rules, processes and policies, that are used to achieve business goals. 

  • RISK

    • Foreseeing the negative outcomes. Manage the risk using risk treatment. 
    • the possibility of something negative happening. It's the chance of harm, loss, or damage occurring.

  • Compliance

    • meeting the requirement set by internal or external sources, like meeting national regulatory laws - GDPR, PCI DSS and board requirements. 

  • Quality:

    •  The requirements that are accepted by the customer, end user. 
      • Fitness for purpose
      • Value for money
      • Meeting expectations

  • Quality/ Governance/ Compliance:

    • The successful implementation of Quality, Governance, and Compliance (QGC) frameworks requires a collaborative effort driven by the board of directors, but also actively supported and executed by management and all employees.

Say About yourself

I recently finished my Master's degree in Cybersecurity from NTU, and I did a placement year at HM Land Registry. With 16 years of experience in quality and security assurance, I also completed a Master's in Business Law focusing on contract and corporate law. My background includes a Bachelor's degree in Electronics and Communication Engineering. I've dedicated a lot of time to learning through my home lab setup and practice. You can find details about the projects I've worked on in my blog.

What Do you Bring to this role? / Why would we regret not hiring you?

  • Strong Experience and Expertise:
    • I bring over 16 years of experience in software quality and security assurance to the table, encompassing areas like risk management, project facilitation, auditing, and process improvement. My certifications and academic background solidify my expertise in various quality standards and frameworks.
  • Leadership and Communication Skills:I've 
    • developed my leadership and communication skills through leading and managing teams, developing and implementing processes, and facilitating training programs. This experience demonstrates my ability to connect effectively with individuals and groups.
  • Data-driven Approach:
    • I utilise data-driven methods to achieve results. My past projects involved using statistical analysis to improve goals and building regression and logistic models. This reflects my analytical approach to problem-solving.
  • Passion for Knowledge Sharing:
    • Sharing knowledge and empowering others is a passion of mine. This is evident in my blogging and internal training experience, where I've enjoyed fostering a culture of continuous learning and development.
  • Adaptability and Diverse Skill Sets:
    • My adaptability and ability to learn new skills quickly are demonstrated by my experience across diverse industries and roles, including my time as a receptionist at Travelodge. This broad range of experience allows me to bring a unique perspective and skillset to any challenge.

Risk, Threat and Vulnerability

  • Vulnerability is a weakness or flaw in a system, application, or network.
  • Threat is anything that could potentially exploit a vulnerability and cause harm.
  • Risk -the possibility of something negative happening. It's the chance of harm, loss, or damage occurring.

Managing Org Risk: 
Risk = Threats * Vulnerabilities 

Zero-Day Attack
Vulnerabilities found in wild -> Unaware = Public + Vendor 

Then after the period Vendor is aware -> Unaware = Public

Vendor  released patches -> aware = Public


Breaking down technical security concepts for non-technical users

  • Use Analogies: 
    • Compare technical security concepts to everyday situations. 
    • For example, you could compare encryption to a locked safe where only the intended recipient has the key.
  • Visual Aids: Use diagrams, charts, and other visual aids to illustrate concepts.
Internal Audit: 



what is Quality

  • The requirements needed by the customer, end user. 
  • Preventing Problems Before They Occur. 

When defects are found internally and not passed on to customer or end user, the quality of the product or service meets the requirements of the customer.

  • E.g when defects are passed on to end user, Boeing fights crashed due to design in flaw and using an automatic control, the same not communicated properly in manual or pilots training.
    • The Boeing 737 MAX crashes are a stark example of how design flaws and inadequate communication can lead to disastrous consequences. Here are some sources you can explore for more information:
    • Official Reports:
    • National Transportation Safety Board (NTSB): The NTSB investigated both the Lion Air Flight 610 and Ethiopian Airlines Flight 302 crashes and published detailed final reports. These reports provide comprehensive analyses of the accident sequences, including the role of MCAS and the lack of pilot training on its functionality.

    • Ethiopian Accident Investigation Bureau (AAIB): The AAIB also investigated the Ethiopian Airlines crash and published its own final report. While broadly agreeing with the NTSB findings, it placed additional emphasis on the role of Boeing's communication and training practices.The Seattle Times: This article provides a comprehensive overview of the crashes and their aftermath, including the role of MCAS, pilot training, and Boeing's response.

  • E.g. UK post office software bugs, which allowed to prosecute innocent post masters approx 800 nos.
    • BBC Panorama investigation: In 2019, BBC Panorama broadcast a documentary titled "The Great Post Office Scandal," which explored the problems with the Horizon system and their impact on postmasters. You can watch the documentary or read transcripts online.Independent Inquiry: In 2021, the UK government announced an independent inquiry into the Horizon scandal. The inquiry is ongoing, and you can find updates on its website


Quality Policy: 

Quality policy is like high level mission statement and sets the overall direction. 

Example : We will meet customer requirements on time and defect free.

Definition: In a corporate context, a policy is a high-level statement that outlines the organization's goals, values, and expectations.

  • Example (IT context):
    • Policy: "All employees must use strong passwords and avoid sharing them with anyone."
    • Standard: "Passwords must be at least 8 characters long and include a combination of uppercase and lowercase letters, numbers, and symbols."
    • Procedure: "To change your password, log in to the company portal, go to 'Account Settings,' click 'Change Password,' and follow the on-screen instructions."
    • Guidelines: "Consider using a password manager to generate and store strong passwords securely. Change your password regularly, especially after suspicious activity."

Quality Objective

These are the measurable, actionable steps to translate the quality policy into reality.

On time delivery.
Reduce customer complaints by 20% within the next 6 months.
Customer satisfaction 
Achieve a 99.5% on-time delivery rate for all orders by Q3.


        Quality Management System 

        QMS contains following details

        • Quality Manual
        • Processes, templates, checklists, procedures, process flowcharts.
        • PDCA- Plan, Do, Check, Act - Entry, task, verify, Exit
        • Project Life cycles : Contract, Proj startup, Proj Planning, Proj monitor & control, Proj Closure, Proj retrospection. 
        • Life cycle models: Development, Testing, Maintenance, Production support, Staff augmentation, Agile
        • Common process for entire org and specific process for each department/ business.  
        • Stakeholders: Human resources, Administration, LAB

        • What Motivated to apply for this role?
        • What will you bring to this role?
        • Any questions?

        • Framework : Logical structure - like
        • Standards: Method to Implementation & meetings the requirements.
        • Policy:
        • Procedure:
        • Guidance/ Guidelines:


        About The Company
        • Gas : Our Values
          • Enter an environment where you’ll give and
          • take Ownership,
          • to make Progress
          • with Simplicity
        • Gas comprises two businesses,
        • Gas Transmission and
        • Gas Metering.
        • Company's history
          • Gas and Metering business (now  Gas Transmission).
        • Key Projects
          • Future grid is an ambitious programme which seeks to build a hydrogen test facility in Northern England.

        S.T.A.R., #STAR,  Interview, 


        Popular Posts

        Chennai :MTC complaint cell Customer Care No.:+91-9445030516 /Toll Free : 18005991500

        Marriage Registration Online steps [Tamil Nadu]

        HOME LAB