Cybersecurity Interviews: Technical Round
Cybersecurity Interview Series: Technical Round
In a previous post in the Interview Series, we discussed scenario questions that interviewers use to gauge problem-solving skills and thought process.
In this post, we’ll go over the Technical Round for a Security role.
Hands-on exercises or practical challenges test knowledge on specific subject matter and are typically used for mid-level or senior-level roles. You walk through a solution for a challenge and explain your thought process to the interviewer.
Technical interviews get a bad rap, often perceived as intimidating or not as applicable as they could be.
But we can talk about that another time.
We’re going to go over 3 example exercises you could face in a technical round interview.
Exercise 1: Malware Investigation
In this exercise, you will be performing a malware investigation.
Here’s an example of what this could look like.
You’re handed a laptop and told there is reason to believe there is malware on it.
You are then given some starting information, (maybe the user thinks this started from a phishing link or attachment)
Some open questions
When did this first start? (a time range)
What was the email in question?
What tools are available to use in this investigation?
This will help determine how you go about your investigation and analysis.
Some things you could do …
Investigate logs locally on the laptop
Pull local browser history in suspected time range
Look at recent downloads
Investigate running processes
Form a timeline of events
In the above exercise, you are being tested for your technical knowledge, (in this case Operating System domain knowledge), and your thought process. Walking through anything the interviewer follows up on.
If you get to a conclusion that is a little different than what the interviewer had in mind, but you explain clearly and methodically why you chose those actions, this will be better than gunning for a specific approach and rushing through it without explaining your approach.
As a reminder, this is not meant to be exhaustive and does not replace individual research for an interview. Just enough to get you going.
Exercise 2: Parse a Dataset and Extract Values
In this technical exercise, you might be given a large dataset and asked to extract all email addresses or another specific value.
You are asked to parse this, give suggestions as to how to do it, and then implement one.
One way this could be solved is by using a regex pattern to parse and match against the data using a script or the command line.
Take this example,
This assumes you’re utilizing the re library within Python.
Here’s another example pattern
This evaluates your ability to deal with large log files and shows specific knowledge of a technical skill, in this case Python or regex.
Whether it’s using regex, or another tool, being able to recognize what you need and apply the right tool for the job is a skill in itself. You can find several similar examples on HackerRank or similar interview prep sites.
Exercise 3: Scripting Exercise
Another example Technical Exercise is a coding or scripting exercise.
Let’s say the exercise consists of the following.
You have an apache log file, you are tasked with finding relevant data from the log file to support an investigation.
You must extract the following:
IP addresses
IP with the most entries
Requests being made
The top request being made
I laid it out in this order as you need to extract the IP’s, in order to get the IP with the most entries, and the same thing with the requests.
One way to do this is with Python.
Now depending on the interview, you may or may not be allowed to use the internet for resources.
Here are some things you could do to get started if internet search is not allowed.
import a module you are familiar with
run help(module)
run dir(module)
ask clarifying questions
This will get you get going or get the muscle memory churning and get some of the interview jitters out of the way.
For this exercise, you will have to read the file, extract all IP addresses, sort, count, and then output the one with the most frequency.
Now for extracting the IP addresses, you could use regex as previously discussed.
ip_rex = "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"This would match the IPv4 addresses in the log file.
Another idea here could be utilizing the ipaddress module. For more information on the module, check out the documentation
This will allow you to interact with the IP addresses, and then validate them.
You would then do something similar with the previous approach of sort, split the lines, count, then output the one with the highest frequency.
If not using Python, you could go with bash and leveraging awk, sort, and uniq. Keeping it native Unix tools, in this approach.
Either one can work.
Conclusion
This process can vary from company to company, but this is what Technical rounds could look like.
Remember, your thought process and explaining yourself will be just as important as any particular solution. As you have seen in the example exercises, there are different ways to solve a problem.
Given that the interview process can be tricky and at times overly long, we could use resources to help us along the way.
I am happy to announce that I’ve been working on an Interview Guide, for Cybersecurity professionals to navigate the uphill battle that is Interviews.
It’s a collection of interview questions and scenarios that you could face, and have annotated over the years. The goal of this collection is to guide you through the process and to understand the concepts behind the questions. This will be out next week.
Why am I doing this?
In my time, I’ve interviewed and have gotten offers from several companies, and didn’t make it through at others. Seeing the good, and the bad of the process.
I’ve also interviewed many candidates for roles as an interviewer. Being on both sides of the coin has allowed me to gain insight and want to share this to help others in the community.
Of course, opinions are mine & not those of my previous, current, or future employers. You get the idea.
See you in the next one.
Thanks for the information