Cybersecurity Interview Series: Technical Round
In the previous post, we went over Scenario based interviews. Now, for the Technical Round.
This varies on order, so this may be towards the end of the interview loop or towards the beginning to serve as a screener for candidates. Basically, a company wanting to make sure a candidate can perform x , before moving them onto anymore rounds.
Note: Although this is geared towards mid-level roles, you could see a Technical Round in an entry level role.
Example Technical Exercise
If a Scenario based interview is something like “Walk me through a time you had to run a malware investigation, what steps did you take, and why?” …
Then a technical interview will be you actually performing the malware investigation.
Here’s an example of what this could look like.
You’re handed a laptop and told there is reason to believe there is malware on it.
You are then given a lead, (maybe user thinks this started from a phishing link or attachment)
You could…
Investigate local logs
Pull local browser history in suspected time range
Look at recent downloads
Investigate running processes
Form a timeline of events
As a reminder, this is not meant to be exhaustive and does not replace individual research. Just enough to get you going.
In the above exercise, you are being tested for your technical knowledge, domain expertise, and your thought process. Walking through anything the interviewer follows up on.
If you get to a conclusion that is a little different than what the interviewer had in mind, but you explain clearly and methodically why you chose those actions, this will be better than gunning for a specific approach and rushing through it.
Scripting Exercise
Another example Technical Exercise is a coding or scripting exercise.
Let’s say the coding exercise consists of the following.
You have an apache log file, you are tasked with finding relevant data from the log file to support an investigation.
For purposes of this post, we’ll be going through this with Python.
You must extract the following:
IP addresses
IP with the most entries
Requests being made
The top request being made
I laid it out in this order as you need to extract the IP’s, in order to get the IP with the most entries, and same thing with the requests.
Now, depending on the interview, you may or may not be allowed to use the internet for resources. Here are some things you could do to get started if Google is not allowed.
import a module you are familiar with
run help(module)
run dir(module)
ask clarifying questions
This will get you get going and get some of the interview jitters out of the way.
For this exercise, you will have to read the file, extract all IP addresses, sort, count, then output the one with the most frequency.
Now for a couple approaches for extracting the IP addresses. You could use regex, something previously discussed.
ip_rex = "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"This would match the IPv4 addresses in the log file.
Another approach here could be utilizing the ipaddress module. For more information on the module, check out the documentation
This will allow you to interact with the IP addresses, and then validate them. You would then do something similar with the previous approach of sort (split the lines), count, then output the one with the highest frequency.
Wrapping Up
In the end, technical exercises are part of the interview process for any mid-level or senior role, and occasionally entry level roles.
A Security interview loop in its entirety could look like the following
Recruiter Screen
Hiring Manager Screen
Technical Round
On-site (This varies)
Scenario Exercises
Security Domain Knowledge
Another Technical Round
Again, the on-site can vary from company to company, but expect 3 or more interviews as part of this round. This means that from the Recruiter screen to the final interview, you could see 6+ interviews.
I have thoughts on the current interview process, but will dive into this in a future post.
Remember, the goal of the technical exercises is to test how you think and work through solutions to problems. It's more important to showcase your problem-solving approach rather than only coming up with the perfect solution.
I hope this helps.