Hiring security professionals can be difficult, and the skills needed and interview questions asked will vary greatly depending on the position and an organization’s needs, said Charles Gaughf, security lead at ISC(2).
“Most likely the need is for a competent professional who is well versed in a variety of technology, who is driven, inquisitive and honest,” he said. “That is why it is a good idea to cater your questions to ascertain these qualities. It is also a good idea to throw out some questions that make the candidate think and that you know hasn’t been practiced prior to the interview.”
For entry and early career roles, more technical questions should be expected, said Forrester analyst Jeff Pollard. As you move up the ranks, the questions may become more about leadership, running a program, conflict resolution, and budgeting.
Candidates can expect a phone screen with more technical, standardized questions first, Pollard said. “The key is to see if the candidate understands things in enough detail to proceed,” he added.
After an initial interview, candidates often move forward to a simulated exercise of doing the job, which may be simple or complex, depending on the role. Employers are usually looking for candidates who can explain their decision making process, rather than those who complete the task perfectly, Pollard said.
“I might hand them some log data and ask questions about the contents of the data. I might hand them a forensic capture from a system and ask them to perform light investigative work and answer details about the attacker,” Pollard said. “If the person was going to be a developer I might ask them to write some code that could parse through data. If the person was going to be a penetration tester, I might hand them a basic web application and ask them to attack it.”
After that point, the candidate may have a final interview to explain their solution, reasoning, and methodology.
Here are 10 questions a cybersecurity job applicant might see in a phone screen or an in-person interview, according to Gaughf, Pollard, and Shalom Berkowitz, a lead technical recruiter at Mondo.
1. What policies and procedures do you engineer or architect against (NIST, HIPAA, etc.)? Did you also design those policies and procedures?
2. What type of anomalies would you look for in order to identify a compromised system?
3. What is the difference between threat, vulnerability, and risk? What is more important for cybersecurity employees to think about, threats or vulnerabilities?
4. Do you have a home lab? What was the project you had the most fun with?
5. What are some ways malware can evade detection by antivirus products?
6. What is a cross site scripting attack and how does it work?
SEE: Cybersecurity spotlight: The critical labor shortage (Tech Pro Research)
7. Outside of cross site scripting (XSS) what are a few other examples of web application attacks?
8. What is a man-in-the-middle attack and how can it be prevented?
9. What is the difference between TCP and UDP? What kind of use cases are better for UDP?
10. How do you keep up with cybersecurity news?
“All security professionals must have a passion for learning,” Gaughf said. “This field like others requires professionals to always be up to date, and have the current lay of the land in regards to threats and our ever-changing landscape.”