Breaching the Interview in Cybersecurity | Hacking into Cybersecurity

Posted on March 28, 2019 by JustinMitchellJustinMitchell

Welcome back to our Hacking into Cybersecurity series. In our first installment, we discussed how certifications could help you land your dream position. Those certifications will only get your foot in the door, though. You still have to nail the job interview to land that perfect position. So, what should you do to prepare for the interview?

There’s a long list of items that go into being prepared for an interview:

  • Arrive on time.
  • Dress appropriately.
  • Review the job listing.
  • Be ready to discuss your resume.

But what are some things you can do to set yourself apart? These tips apply to any job interview — but the way we approach an interview in cybersecurity does have some quirks, as there’s such a broad range of domains you can enter (We’ll discuss all of those in a later blog post. So, what are some of the things we should do to prepare?

Step 1: Research the Company

This is important for anyone interviewing, not just cybersecurity professionals, but there’s a unique twist for security personnel. We want to understand the industry the organization is a part of, as well as what regulations and legislation the company must meet. For instance, we need to know if the company is publicly traded to know whether they have to maintain SOX compliance. Do they deal with protected health information (PHI)? If so, they must meet HIPAA requirements. All of these go a long way in understanding the security controls the organization must have in place — plus, it gives you, the potential employee, a roadmap of where your knowledge needs to grow to realize your potential within that organization.

Something else people often do not pay attention to is that sometimes other interviewees post the types of questions they receive during the interview process to sites such as Glassdoor. This gives you a leg up as you can then prepare your answers to those types of questions ahead of time. Of course, this is going to vary according to the hiring manager and the position you are interviewing for, but most organizations have some basic idea of what a typical interview is going to look like. This should give you a good baseline for the question types to expect.

Step 2: Research the Hiring Manager

If the recruiter for the position tells you beforehand who the hiring manager is, find them on social media. LinkedIn is especially useful for this. Find out where they have spent the majority of their career, whether it was at a certain company or in a certain industry. Look for any clues about their experience. Did they work their way up through the ranks as a technical security expert? Did they come from an audit or compliance background? Or did they come from a separate department and just kind of land in security? How long have they worked in security? How long have they been at the organization itself? These are all going to give you a basic idea of how to help answer interview questions and what kind of questions you might be asked.

Personal anecdote time! When I interviewed for a previous position, I researched the hiring manager ahead of time. I was interviewing for a security engineering position, but the hiring manager had a background in audit and compliance. I researched the company well and learned what compliance standards were required for their industry and organization size (remember, size plays a part in what controls are applicable in some cases). So, I studied some of those controls, knew what the job listing was asking, and knew she had an audit and compliance background. During the interview, much of our discussion centered around how the position would help the organization maintain regulatory compliance, as well as their security posture. Within 20 minutes of leaving the interview, I was contacted by the recruiter with a job offer. She loved that I was able to discuss how to move the company forward not just from a compliance or security standpoint, but how the position moved both forward simultaneously.

Step 3: Ask Questions 

During an interview, I’ve found hiring managers appreciate when the interviewee says, “I don’t know much about that — do you care to share more about it?” It’s that simple. Remember that cybersecurity is a broad field, and many of us slide from one domain to others or have overlap between them. If the position requires knowledge or experience in multiple domains, demonstrating that you have knowledge in the majority of them while you have needs (not weaknesses) in others helps the hiring manager see you are willing to learn those to perform the job functions. It is important to remember the interview is a two-way street and should be an open discussion.

Here are some of the questions I like to ask during interviews that are more specific to our career field than some other fields:

  • How does the organization’s overall culture contribute to the success of the cybersecurity program?
    • This may differ for you and your own beliefs, but I want to hear specific examples of how other departments and security have worked together in the past. Was it contentious? Was there a mutually beneficial solution? Is funding an issue?
  • For the position I’m interviewing for, what are the short-term (over the next year) and long-term (three years, five years) goals?
    • Of course, this is going to depend on the position, but a short-term goal may look like “Implement xyz….” Long-term goals should line up with your own professional development needs and goals. If you want to branch out from your own area of expertise, now is the time to bring that up and ask how the company and manager will facilitate that over the long term.
  • If the hiring manager has been with the company for more than a few years: What has kept them there?
    • Feel free to ask follow-ups on this one. For instance “I really like the company culture…” should probably be followed up with, “How would you describe the company culture?” Remember that cybersecurity experts are in high demand, so long-tenured employees usually mean the company is doing something right.
  • This is the big one: If you have identified a need (remember, we don’t say weakness) during the interview process, ask the hiring manager what you can do on your own to address it, and, once you start, what you can do together to further address it.
    • First, it demonstrates you’re willing to recognize your own needs and work on them independently. You don’t need someone to hold your hand. This means in the future they can count on your own initiative, and they won’t have to babysit you.
    • The second part of the question makes them paint a mental picture of you already in the position and answer the question, “How would we do this?” It’s a simple trick but makes the hiring manager think about the two of you working together in that partnership.

Conclusion

So there you have it — my three simple steps to helping you nail the interview! Of course, these are not foolproof, and following these steps alone will not help you land the job, but they’re a good starting point for what you have to do to nail the interview. Landing the position will require you to have the prerequisite knowledge and/or experience, but these tips will help you demonstrate and connect with the hiring manager. Oftentimes, demonstrating you are a “culture fit” for the organization is more important than having an exact amount of experience

Other Resources

If I can help you in any way during this journey, please reach out to me via LinkedInemail, join our Community Slack (search for the #security channel), or leave a comment below!

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *