Hacking a Cyber Security Interview

I recently had the privilege of interviewing a handful of young future cyber security professionals for a security internship at my present employer. It is exciting to get to meet the next generation of engineers who will take the things that we have made into the future and combat threats that we cannot even begin to understand in terms of complexity and scale. Their journey starts now and with us, the existing cyber security community.

However even with all of their promise and excitement there are some troubling things that I have experienced sitting across the table from these hopeful interns. I wanted to share some of my thoughts with the hope that an aspiring cyber security professional will read this, learn, and DOMINATE their next interview. There are elements that I tie to the Cyber Kill Chain. Only some of the steps correspond with the actual interview process, but I hope to expand upon this thought in the future. With that said here we go.

Recon

Have you noticed that all cyber attacks begin with reconnaissance? Why aren’t you doing the same when preparing for a job interview? Here are some tips:

  1. Cruise through the company’s website. Lookup things like core values, ethics, etc… Anything to give you some strong talking points. If you look up a company’s core values and it uses the word safety over and over again then maybe you should consider slipping safety into the discussion.
  2. Look at other employees of the organization (LinkedIn is a good tool for this) to see who you would work with, what they are experts on, and how you may fit in. See if you can glean some information about why kinds of technology they use. Is there a guy on the Security Team with a Palo Alto Networks certification? You may want to know somethings about Palo Alto Networks equipment.
  3. Use other open source information repositories. Read about the target company in the news. Know what kind of initiatives they are up to and think about how you could help them.

Delivery

If you have gotten to the interview process you have a real shot. What hiring managers look for (especially with new hires / junior analysts) is will this person be a good cultural fit and what is the likelihood of their success considering work ethic and train-ability. The following are some options that may help push the needle in your favor when it comes down to you and the last few applicants:

  1. Guaranteed you will have a combination of personality and technical questions. For entry level positions don’t get too hung up on technical questions, we will get to these soon. Prep harder for personality based questions. You will be taught technical stuff, but culture match isn’t something that is necessarily learned.
  2. If you don’t yet have canned answers to some basic questions start doing this immediately. Practice them. Focus on telling a story with your answers. A good example is “Tell me about your biggest weakness”. Truth is I don’t care what your weakness is… I’m more interested in how self-aware are you. Avoid cliche answers as much as you can. An eye-rolling answer will seriously derail any interview. Your weakness isn’t that you work too hard… Your weakness is that you think you work to hard, which to be honest, is a far more interesting answer. Other staple questions include examples of good / bad team experiences, where do you see yourself in ten years, and how do you handle stress.
  3. Now for the technical questions. I have never found an entry level candidate that excels with technical questions so don’t sweat this as hard as you think. Here is what I expect out of entry level people. You have a general level of understanding of how most things work. I expect you to know basics of networking, but not how to tear apart a PCAP and identify problematic network traffic. I expect you to be able to speak intelligently about various security tools or equipment. It also looks very good if you have built your own virtual lab and tried to teach yourself how some of these tools work. It shows that you are interested beyond just getting a job which helps. Don’t be afraid to say you don’t know, but be prepared to answer how you would get the answer. If you have a good answer beyond “Google it” that’s a win.

Recap

None of the tips here are revolutionary. It’s all about preparation. Think through the kinds of questions you will be asked. Practice in front of a mirror. Practice in front of your friends. Hit up faculty, people on social media, other cyber security professionals and ask them to put you through a mock interview. The difference between a prepared candidate and an unprepared candidate is night and day. Be the prepared kind and win the day.