Whether you’re looking to grow your cyber security team with a new hire or are searching for your next cyber security role, the interview process can be daunting. After all, it’s all about preparation.
We’ve come up with some tips and tricks to help you both win over the top IT talent and nail the interview. Check it out!
For the Employer
With cyber security experts in short supply yet in high demand, it’s important to carry out the interview process carefully. You’ll want to know exactly what you’re looking for sooner rather than later and understand how to conduct the interview.
Not an IT expert? Speak to the tech team
If you’re not a cyber security expert, that’s ok. That may just mean you need to do a little bit more legwork prior to conducting interviews for your new cybersecurity role. You’ll need the candidate to have experience with a specific set of tools, and have a strong understanding of IT infrastructure, cloud security, firewalls, software, and more…but what else? Speak to your organisation’s current cyber security team to get a better grasp on what they believe would make for a successful candidate.
Are there any challenges the current cyber security team are struggling to overcome? If so, what are they and how can a new hire help? What skill set would the current team benefit from in a new hire to help them meet their goals?
When you, the interviewer, have a better understanding of where the department’s currently at, you’ll then have a better idea of what the ideal candidate will look like.
Decide how you want to conduct the interview
When it comes to cyber security interviews, it’s important to note that there are different methods of conducting the interview.
Let’s have a look at the 3 main types…
Behavioral
This type of interview focuses on a candidate’s previous experience and how they’ve handled specific situations.
Sample question: Tell us about a time that you detected an oncoming cyber attack. How did you manage the situation, what were some challenges, and what was the outcome?
Technical
Technical interviews focus more on assessing a candidate’s technical ability to perform in the role. This type can sometimes include a ‘test’ which serves as an opportunity for the candidate to show, not tell.
Sample question: What tools do you use? What is a data encryption and why is it important in securing a network?
Case-based
Case-based interviews are similar to behavioural interviews, where the interviewer creates a hypothetical scenario. The candidate then describes how they would manage the particular situation, making it a great way to test a cyber expert’s ability to problem solve.
Sample question: Out of nowhere, your computer’s mouse starts suddenly moving. What do you do?
For the Job Seeker
With cyber security experts quickly becoming one of the most sought-after professionals, differentiating yourself from other candidates is the key to landing that job. Let’s find out how you can do just that…
Research, research, research
This step is so important, yet unfortunately often overlooked. Conducting extensive research on the organisation, cyber security role and overall cyber security landscape demonstrates your interest and shows you’ve already invested yourself. Researching prior to an interview also gives you a better grasp of the company’s culture, values, and whether or not they would meet your own career needs.
Use the following to help guide your research:
- What the company does
- The company’s mission statement or values
- How long they’ve been established
- What type of products or services do they offer
- What sort of clients/industries do they work with
- Reason for them hiring for a cyber security role (Eg. Was there a recent data breach?)
- Current cyber security team (size, history, vulnerabilities, tech stack, plans)
Aside from researching the company if you haven’t already, you’ll also want to brush up on what’s currently happening in the cyber security world. With the IT industry evolving at a rapid pace, it’s extremely important to keep on top of trends, patterns, recent news, the latest threats, and predictions.
Keep in mind that your interviewer may not come from a cyber security background, so if you do end up discussing what you’ve found, be sure to speak in layman’s terms. The recent high-profile cyber breaches with Medibank, Telstra, Optus and Uber are all great examples of attacks that your interviewer may be familiar with.
Practice answers to common questions
We can’t stress enough when we say that practice makes perfect. Research some common cyber security interview questions and practice answering these questions with a friend. The interviewer’s questions may be scenario-based, step-by-step, behavioural questions, performance-based or something else, so it’s a good idea to prepare for different types.
We’ve come up with some of our practice questions:
What are some common cyber-attacks?
Common cyber attacks include Malware, Phishing Scams, Ransomware, DDos, Drive-by downloads, MITM, SQL injection, Denial-of-service attacks, and more. It’s important to note that cyber-attacks are maturing at a rapid pace, so today’s current list can be longer tomorrow.
What is MFA and when would you enable it?
MFA, or Multi-factor authentication, is an additional layer of security that can be added to an account sign-in process. This tool is used to authenticate a user’s identity prior to granting access. It should be enabled at all times where possible, especially with an increase in remote working conditions.
What are the steps to configuring a firewall?
First, you’ll want to secure your firewall.
Next, you’ll need to define the firewall and IP addresses by creating different zones.
Then, you’ll configure access control to permit traffic.
The next step is to configure other firewall services and loggings.
Lastly, proceed to test the firewall and continue to manage it.
Cyber security recruitment made simple
Whether you’re a cyber security specialist or an employer looking to hire one, the interview process can be difficult. By now we hope you’re feeling more confident and have a better understanding of what to expect.
If you’re looking for more support, expert IT recruitment consultants are here to help. With 20+ years working in cyber security recruitment, we know what it takes to find top talent and land that dream job. Get in touch with one of our expert cybersecurity recruitment consultants today!