Blog | Level Effect

How to Ace Your Cybersecurity Job Interview

Written by Will Nissler | July 27, 2022

You did it—after applications (and rejections), you’ve finally landed that interview you’ve been hoping for.

Whether this is your first time interviewing for a technical position, or you've been out of practice, you may be feeling anxious going into the interview process. Don’t worry—we’ve all been there and have a few tips on how to best prepare and crush your interviews!

Before you start though I recommend taking a moment to evaluate why you’re looking for a cybersecurity job in the first place.

What Is Motivating You to Get Into Cybersecurity?

This is an often-overlooked question. You may have looked at Hollywood hackers or have seen the breaches in the news and wanted to explore more!

And truthfully, those are perfectly acceptable reasons to want to get into cyber. There are a few more things you should consider, though:

  • Are you interested in protecting people’s data?
  • Are you a privacy advocate?
  • Are you looking to move into a career that excites you?
  • Are you in it for the money?

Whatever your reason, write it down. Make it your mantra. When burnout, imposter syndrome, and rejection letters rear their ugly heads, having a personal mission statement or your “why” will help you weather that adversity.

This is helpful not only for your own sanity, but it is a question that tells an interviewer and potential employer a TON about you and what motivates you to help them secure their data.

How Well Do You Know Yourself?

At first glance, this may seem like a simple question. However, you’d be surprised how many people don’t take the time to explore not only what motivates them, but also check in with their own preferences and how they work best.

  • Are you a lone wolf who prefers to work on tasks in your own space?
  • Do you prefer to collaborate and bounce ideas off your team members?
  • What types of leadership and management styles do you respond best to?
  • Can you work in a fast-paced and constantly changing environment with competing priorities?
  • Or are you someone who needs structure and established protocols to lean on when you don’t have the answers handy?
  • What is a dealbreaker for you?

These can also be telling—not only for your potential employer’s benefit but also to determine if this position is a good fit for YOU! Remember, as you’re going in to be interviewed, you’re simultaneously interviewing the company to make sure it’s a good fit for you.

For example, if you’re someone who needs routine, established protocols, and prefers working as part of a team with its own established roles, you may want to stay away from startups where you may have to “build the plane as you’re flying it,” so to speak.  

If you enjoy the opposite—preferring to carve your own role and potentially wear multiple hats and stand up your own program—you may in fact enjoy the startup culture!

It all comes back to where you work best, and it’s okay if you don’t know all your preferences. I’ve found it helps to start with a list of things you’ve enjoyed about your previous jobs and keep them as general as possible. You may even start with a table like I have pictured below:

Remember, YOU are interviewing your potential EMPLOYER as much as THEY are interviewing YOU.

Open-Source Intelligence (OSINT) Is Your Friend!

At this point, you should have a loose idea of what you may be looking for. Are there any questions that came up while you were thinking about your ideal work environment? How then can we gather the information we need to do some initial reconnaissance (see what I did there?) about the company, culture, benefits, expectations, and all sorts of other useful info?

Just as if we were penetration testing a network, we’d first want to start with some Open-Source Intelligence (OSINT).

Your Toolkit:

  • https://www.glassdoor.com/ - This is a great way to not only search for companies that are hiring, but also get an idea into the company culture straight from the people who work there! You can get ideas into salary expectations for that specific company, what people enjoy and dislike about working there, and start to build questions to assess the company’s culture as well.

  • https://www.linkedin.com/ - Love it or hate it, LinkedIn is a great way to network with people in the industry and do some reconnaissance on the company itself. Know who’s conducting your interview? Check out their background and other projects that they’ve worked on. Interviewers notice when you take the time to ask them questions about their own background and the company itself versus asking more generic questions. I also highly suggest reaching out to people that work for the company you’re interviewing with! Let them know you have an interview coming up and take the time to ask what their experience is with the company as well! You may get a much better idea into whether this is the position or company for you!

  • https://www.onetonline.org/ - Unsure of what the industry space looks like? O*NET Online is another great resource to see some of the skills, work styles, and employment trends (including average salary) for these different positions. It’s a great way to start preparing for the salary and benefits negotiation talk. Armed with the average salary and expectations, where does your potential employer fall?  

  • https://www.bls.gov/ ­- Another resource, the Bureau of Labor Statistics is like O*NET Online where you can break out overall industry statistics, calculate where inflation factors into your salary ask, and even filter down to geographic region to get a good idea of what’s reasonable to ask in your area.

Take some time to review all these resources—once you’ve formulated your questions and have a good idea of where you fall, you’ll feel much more prepared for that initial interview.

The First Interview: Are You a Good Fit? Reasonable? Potentially Crazy?

This is an initial screening call most likely done over the phone or a virtual call with an initial HR person depending on how the company’s hiring pipeline works. You can expect some general questions about yourself, what your expectations are, and if all goes well, what steps will look like moving forward. That said, it never hurts to over-prepare and be ready for technical questions if they arise!

Questions they’ll ask you:

What does your work availability look like?

  • When can you start? What hours are you looking for?

Tell me about your job history…

  • This is where you can rule the conversation. Have an anecdote that highlights a particular skill? You can bring those into play here. This opens the door to more of a conversation than Q&A session and can highlight some of what you bring to the table!

Tell me about yourself…

  • Another open-ended invitation to really showcase who you are and what you’re looking to accomplish. I find it helps to practice a 30-second “elevator pitch” to talk about your background, motivations, and goals. How do you summarize how you got to this point? Practicing this is helpful not only in the interview but in networking situations as well.

What are your salary expectations?

  • The elephant in the room: How much do you want to make? It’s important to do your research here and look for what’s standard in your area, industry, etc. Give a range instead of a set number—this tells employers that you’re open to discussion and not closed to further negotiation.

Questions to ask them:

Why is the <XYZ> company filling this position?

  • This can give you a snapshot into where the current company is at. Are they expanding? Did someone leave or get promoted? These are all things that may help in your final decision.

What is the turnover rate like?

  • Another snapshot into the company culture. Are they struggling to keep people working there? Why do most people leave? This may be a good opportunity to look for red flags and patterns.

What are my expected working hours?

  • Depending on the role such as a SOC Analyst position or otherwise, are you open to a 24/7 shift schedule? Are there surge hours in case of a security incident? This can help you prepare for what you might be signing up for from a time commitment standpoint.

Is there an advancement pipeline for training/career development?

  • Training and self-improvement are staples in a dynamic industry like cybersecurity. Is the company amenable to supporting your growth and development?

What <XYZ> company’s culture like? What do YOU as an employee enjoy about working at <XYZ>?

  • What better place to get an idea for how the company works than from an employee themselves? This isn’t a bad question to hold onto for each step of the process to get different perspectives from different departments. Do you see any trends?

What should I expect for next steps in the interview process? When can I expect to hear something back?

  • This not only shows a potential employer that you’re interested in following up but also gives you expectations for when to expect more information. This isn’t middle school dating—an employer won’t snub you for asking for a follow-up!

The Dreaded Technical Interview…

This tends to be the most anxiety-inducing piece for most people looking to get into cybersecurity: “How do I prepare for the technical interview?” Just as we did before with our initial call, we need to use OSINT to help us out.

It’s always good to get the names and titles of people that are going to conduct the interview with you—especially the technical ones. Do some background investigation on them using LinkedIn! What is their background like? What other jobs did they hold? Where does their expertise lie? These are all things that can help. Who cares if they know you’re looking at their profile? Showing some initiative and research shows them how serious you are about this position.

The Position

How familiar are you with the work that the position you’re applying for? Do you know what a “day in the life” may look like? If you have friends or contacts in those types of positions already, it may be worth giving them a call to ask if they can help you prepare.

The Questions

How well can you speak to your experience? Can you explain an IDOR vulnerability to your grandmother? Where would you start building a security program from the ground up? What’s the difference between a security incident and a security event? There can be a lot of anxiety here from a battery of questions—instead of rattling off a list of potentials, let’s work with some strategies:

Experience: It always leaves much more of an impression if you can take the question and tie it to practical hands-on experience that you’ve done. This is where your power is. You can turn a Q&A session into like-minded professionals talking shop quickly!

For example...

Q: Talk to me about the OSI model.

A: It’s a conceptual model to categories the different protocols and encapsulation from the physical layer to application layer. You can see some of this in how Wireshark traffic when you’re looking at a specific packet, which I’ve done extensively in my course where we did XYZ….

A word of caution:

This technique can easily backfire if you use it to dodge questions or begin to overuse it. With great power comes great responsibility: be sure to use this technique responsibly on one or two questions if you start to feel the interview turn into a Q&A session.

What if I don’t know? The best advice I can give here is this: do not be afraid to say, “I don’t know, but I would do <XYZ> to research and find out.” These interviews are meant to test your knowledge base, including where it ends! The last thing you want to do here is fib your way through, throw out buzzwords and talk around things if you genuinely don’t know the answer.

It’s okay to not have all the answers – talk through your processes of finding things out if you don’t know! How do you conduct research? Where would you look? By taking the initiative and ownership of what you don’t know here can turn a knowledge gap into a win in the interviewer’s eyes.

The Team Interview: Can We Work Together?

At this point, you’ve received the stamp of approval from the technical squad and are ready to meet your potential coworkers. This is likely to be a lighter conversation whether with the team you’d be working with on a day-to-day basis, other departments you may have to coordinate with to get a feeling for how you fit in to the team environment.

Nothing more for you to do here than be yourself and engage! Relax—you’ve made it through the hardest part of the process and are ready to meet some potential future teammates and begin thinking about if this is a step that you’re ready to take!

What If They Say No?

Rejection sucks—there’s no doubt about it and it can become all too easy to take it personally after making your way into the interview pipeline. Maybe it’s just not a good fit or there are some other circumstances at play. Whatever the reason, it doesn’t have to be a negative. Practice makes perfect in the job hunt, and it is ALWAYS okay to ask for feedback or ways to improve. Take some of the lessons learned to refine and improve your process before getting back out there and finding that job!

The job hunt is never easy. Whether you’re breaking into the field or an experienced professional, it can be daunting to enter that arena! We’ve all experienced it. However, by taking a proactive and engaged approach to the process, you can never go wrong. Arm yourself with the proper intelligence and use it to your advantage. The more you prepare, the more you can dominate the interview process and showcase just how skilled you are as a cyber professional. Good luck, candidate!