The digital age has not only sparked an expectation for efficiency and interconnectedness from business to personal matters, it has opened Pandora’s Box in its solution to assemble intellectual property in one space. As hackers and cyber criminals find ways of deceiving companies and the public into leaking personal and sensitive information, the need for cyber security professionals steps up.
Interviewing for an information security or cyber security job requires a basic knowledge of the industry’s terms; from phishing to password salting, it’s critical that you have a clear grasp of what they are and how they relate to business. Rainbow tables, WEP cracking and traceroute could all be fed into interview questions and are terms most cyber security analysts should already have in their arsenal of expertise, but if not, that’s what interview preparation is for. See our glossary at the end of this article.
At entry level, your interviewer is primarily interested in your skill set and how you will add immediate value to both the role and the company. Their questions will also be shaped around understanding your personality and motivation behind your career choice and how you intend to improve upon your expertise. Senior positions will likely evoke specific questions from prior experience and projects worked on to your particular brand of cyber security application.
A mix of standard questions are likely to be thrown into conversation, such as asking your personal vision for the company’s cyber security organisation, how you’ll fit in with their corporate culture and whether you work well as part of a team. Do your research in regards these areas. The easiest thing to do is to look at the company’s website and stalk their social media outlets; you will learn a great deal about how they do business, their people and their culture by reading their Twitter feed, their Facebook page and scrolling through their Instagram. If they use those platforms, use it to your advantage.
Specific questions tailored to an interview for cyber security jobs are designed to dig beneath the surface of your character and your experience. As a candidate your potential employer wants to know you undertake your work with integrity and passion and that you are invested in the company itself and protecting it from data breaches. Look out for questions such as, ‘Are you willing to be accountable for security?’, ‘Are you a risk-taker?’, and ‘What does this role mean to you?’ Addressing the real threat to enterprise data security, your interviewer will more than likely ask: ‘How will you confront the breach reality?’ They want to understand your approach and trust that your vision for their security aligns with their own, but there is room for innovative thinking so here might be the opportune moment to mention examples of how you’ve dealt with breaches previously either in a previous role or just on your own home network.
Which news sites do you check regularly?
This question intends to uncover that you are keeping yourself informed and up to date of the latest cyber security issues, attacks and breaches, as well as developments and strategies to combat them. This is imperative for anyone wanting to work in information security as well as members of the public, as keeping attuned to the latest news will better help you arm yourself against attacks and know what to look out for.
Following this subject, your interviewer may also ask how your approach to information security will be applied to their business in regards to new initiatives and technologies either on the market or soon to be available. This is where you can show your willingness to learn and grow your skillset as well as demonstrating a flexible work attitude and above all an awareness of the changing face of business and its vulnerabilities within the cyber security domain.
What do you have on your home network?
Your interviewer is simply looking for an answer that demonstrates your passion for deconstructing and fixing things in your own test environment.
What project that you’ve built are you most proud of?
Whether your project is as personal as the first time you modified a games console or built your first computer or as significant as writing a program, the aim of this question is to show your passion, determination and thought process when it comes to your cyber security skills.
What is the difference between encoding, encryption and hashing?
The main difference between these three lies in their reversibility. Encoding is the most easily reversed as it is not primarily a security function. It is designed to safeguard the integrity of data, while encryption is purely there for confidentiality and can only be reversed with the aid of a specific key. Hashing is irreversible, it comprises a fixed length output that is typically much smaller than the input.
What is salting and what is it used for?
Your interviewer is referring to password salting (see glossary for definition) but is trying to catch you out by only using half the term. It is a more secure form of encrypting passwords and is a term you will be expected to know and understand.
How do you change your DNS settings in Linux/Windows?
These are two of the most popular systems so all that’s required in answering this question is a brief explanation of any position involving system administration.
Watch out for trick questions, one or two are more than likely to be thrown in. For example, remember that SSL and HTTPS are not mutually exclusive so a question as to which is more secure is undoubtedly the interviewer’s attempt to catch you out.
From technical terms to personal points, cyber security jobs involve adding value to a business not only via the security expertise you bring but the relationships and communication skills you use to deliver your strategies. Your interviewer may ask how you foresee your working relationship with their CEO and board of directors, depending on the seniority of the role you’re interviewing for. They may also ask for examples of how you’ve interacted with key stakeholders to make security a strategic priority. All your interviewer wants to see here is that you can hold your own with those at the top of the company’s hierarchy and that you are confident communicating your ideas both to the head of the business and those who hold sway over important decisions to the company’s operations.
Finally, you may be asked what measures you’ll take to ensure no one individual in the company can cause a data leakage as a common factor for breaches is human error or copying intellectual property to a less secure system. This is where you can let your expertise shine and reinforce why you should be hired by listing the strategies you are experienced in that you’ll implement in their organisation to prevent this very thing from happening.
Glossary of Terms
Phishing: A technique used to scam people out of their data by impersonating a genuine website such as Hotmail or Facebook to lure the user into entering their personal account and password information.
Salting: A form of password encryption that involves appending a password to a given username and then hashing the new string of characters.
Traceroute or tracert: Allows you to determine where the breakdown in connection has occurred by showing you the exact chain of connection from router to router through to the final destination.
WEP cracking: Used to exploit security weaknesses in wireless networks in order to gain unauthorised access.
Rainbow table: A precomputed table for reversing cryptographic hash functions – typically for cracking password hashes.