Open in app

Sign in

Write

Sign in

Cybersecurity Interview Explained: Technical Round

Danny
4 min readDec 21, 2023

--

In the previous post, we went over Scenario based interviews. Now, for the Technical Round.

This varies on order, so this may be towards the end of the interview loop or towards the beginning to serve as a screener for candidates. Basically, a company wanting to make sure a candidate can perform x , before moving them onto anymore rounds.

Note: Although this is geared towards mid-level roles, you could see a Technical Round in an entry level role.

Example Technical Exercise

If a Scenario based interview is something like “Walk me through a time you had to run a malware investigation, what steps did you take, and why?” …

Malware Investigation Scenario

Then a technical interview will be you actually performing the malware investigation.

Here’s an example of what this could look like.

As a reminder, this is not meant to be exhaustive and does not replace your individual research. It’s just enough to get you going.

You’re handed a laptop and told there is reason to believe there is malware on it.

You are then given a lead, (maybe user thinks this started from a phishing link or attachment)

You could…

  • Investigate local logs
  • Pull local browser history in suspected time range
  • Look at recent downloads
  • Investigate running processes
  • Form a timeline of events

In the above exercise, you are being tested for your technical knowledge, domain expertise, and your thought process. Walking through anything the interviewer follows up on.

If you get to a conclusion that is a little different than what the interviewer had in mind, but you explain clearly and methodically why you chose those actions, this will be better than gunning for a specific approach and rushing through it.

Refer a friend

Scripting Exercise

Another example Technical Exercise is a coding or scripting exercise.

Let’s say the coding exercise consists of the following.

You have an apache log file, you are tasked with finding relevant data from the log file to support an investigation.

For purposes of this post, we’ll be going through this with Python.

You must extract the following:

  • IP addresses
  • IP with the most entries
  • Requests being made
  • The top request being made

I laid it out in this order as you need to extract the IP’s, in order to get the IP with the most entries, and same thing with the requests.

Now, depending on the interview, you may or may not be allowed to use the internet for resources. Here are some things you could do to get started if Google is not allowed.

  • import a module you are familiar with
  • run help(module)
  • run dir(module)
  • ask clarifying questions

This will get you get going and get some of the interview jitters out of the way.

For this exercise, you will have to read the file, extract all IP addresses, sort, count, then output the one with the most frequency.

Now for a couple approaches for extracting the IP addresses. You could use regex, something previously discussed.

ip_rex = "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"

This would match the IPv4 addresses in the log file.

Another approach here could be utilizing the ipaddress module. For more information on the module, check out the documentation

This will allow you to interact with the IP addresses, and then validate them. You would then do something similar with the previous approach of sort (split the lines), count, then output the one with the highest frequency.

Wrapping Up

In the end, technical exercises are part of the interview process for any mid-level or senior role, and occasionally entry level roles.

A Security interview loop in its entirety could look like the following

  • Recruiter Screen
  • Hiring Manager Screen
  • Technical Round
  • On-site (This varies) could include the following:
  • Scenario Exercises
  • Security Domain Knowledge
  • Another Technical Round

Again, the on-site can vary from company to company, but expect 3 or more interviews as part of this round. This means that from the Recruiter screen to the final interview, you could see 6+ interviews.

I have opinions on the current interview process, but will dive into this in a future post.

Remember, the goal of the technical exercises is to test how you think and work through solutions to problems. It’s more important to showcase your problem-solving approach rather than only coming up with the perfect solution.

I hope this helps.

Cybersecurity
Interview
Interview Questions

--

--

Danny

Written by Danny

168 Followers

Learnings about Cybersecurity and how to get into tech. Making cybersecurity accessible.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams