Cybersecurity Interviews: Recap
Plus: A tool for your Interview Prep
Hate them or love them, interviews are part of the game.
As I’ve mentioned in the past, there isn’t really a LeetCode, or HackerRank equivalent for Cybersecurity Interviews. Now of course, some questions or exercises you face in a Cybersecurity interview could be taken from these sites, but there is always more nuance than that.
Stay till the end, for an interview guide that will help in your journey.
Overview of Cybersecurity Interviews
As a recap of previous discussion, a full loop interview could look like the following in its entirety.
Recruiter Screen
Hiring Manager Screen
Technical Round
Scenario Exercises
On-site (Multiple rounds)
I know this can be a lot. But hopefully through the collection of resources in aggregate, we can come together and make progress on the task at hand: Understanding Cybersecurity Interviews.
Let’s go over these interviews that make up the gauntlet.
The first interview is usually with the Recruiter. This is to go over the main responsibilities of the role and to learn about your work experience. The objective here is to see if it’s is a good fit to move forward or not.
In any of the first 2 interviews, whether it be the Hiring Manager interview or another one, you could face general Security questions to gauge your experience. This could be rapid fire questions to weed out unqualified interviewees or going over concepts to see where you’re at. For example, explaining AuthN vs AuthZ, or what is the MITRE ATT&CK framework and how would you use it.
See this post for more on this type of interview.
Scenario based questions will attempt to test your knowledge, and its depth as well as your thought process. Seeing how you would work through a problem you could face on the job.
An example could be How would you attack <the company you’re interviewing for>, going through each phase of the attack cycle?
For more on Scenario Exercises, see this post
Cybersecurity Interviews: Scenario Exercises
This is the second part of the Cybersecurity Interview Series.
In a Technical Interview, you’re usually tested on a specific domain. Such as Operating System domain knowledge, coding/scripting, or something else specific to the role. You will either be screen sharing your work, or working in an IDE type of tool where progress is shown to the interviewer.
An exercise could be parsing a large dataset or log file, and extracting specific values indicated by the interviewer.
For the full post on the Technical Round, see this.
Cybersecurity Interviews: Technical Round
In a previous post in the Interview Series, we discussed scenario questions that interviewers use to gauge problem-solving skills and thought process.
Cybersecurity Interview Guide
Now we all know the interview process can be daunting and at times overly long, we could use resources to help us along the way.
As I mentioned last week, I am happy to announce that I’ve been working on an Interview Guide, for Cybersecurity professionals by Cybersecurity professionals.
To navigate the uphill battle that is interviews.
It’s a collection of interview questions and scenarios that you could face, and have annotated over the years. The goal of this collection is to guide you through the process and to understand the concepts behind the questions.
This will be geared towards Blue Team roles, but I believe anyone in Security can benefit from its contents.
This is available here
For just what a few cups of coffee ☕ would be, the Cybersecurity Interview Guide is yours.
I hope it helps and I would like to hear your thoughts on it.
See you in the next one.