Cyber Security Interview Questions
Planning for the possible questions you’ll be asked when interviewing for a job in cyber security depends largely on the organisation you’re hoping to work for and the area of cyber security you’re experienced in.
Most university graduates, coming from a degree in computer science, cyber security or similar should be focusing their job search on those entry level roles that will furnish them with the practical experience that will ultimately elevate their career. These are typically the technical roles; tech support, SecOps network engineering, security engineering, security architecture/design, anything that is hands-on.
Tell me about your experience
It sounds banal but your interviewer genuinely wants to know what you have done in cyber security. They’re looking for examples of your practical experience, any vendor certifications you’ve achieved (e.g. Cisco, Fortinet, Checkpoint), and whether you’ve worked in a Linux, Windows or Mac environment. What an employer is looking for in hiring for a technical cyber security role is proficiency in a particular technology. At this point, they may not be that concerned with university degrees, rather, they may be more interested in any industry certifications, like CompTIA.
What projects have you set up?
This is your opportunity to talk about projects you’ve worked on, both from the set-up phase to the design element and then maintenance. This last aspect is possibly the most important for an interviewer to hear as you will need to have had some experience around maintaining solutions.
Use this time to reassure them of your cultural suitability too. Talk about how much you enjoyed working on this project with your team and how well you all pulled it off. The candidate that highlights the ‘we’ will impress more than the one who is all about ‘I’.
This question also invites candidates to discuss their home network and projects they’ve volunteered on at university, which reveals their drive and enthusiasm for the work. So even without lots of experience your interviewer may still be suitably impressed by your commitment and passion.
What type of Cisco experience do you have?
It’s important to know that in terms of the more technically specific questions, there won’t be those that are uniform to all interviews as different companies run different vendors, tools and solutions. However, a common question in terms of networking could be around your Cisco experience due to the fact that it commands 70% of the world’s networks. Ultimately though this type of questioning will come down to what a particular organisation is using or planning to use.
Those preparing for pen testing roles can expect a similar line of questioning to those targeted at tech roles. Additionally, the expectation would be for them to have some level of certification around ethical hacking, e.g. OSCP/OSCE.
Governance, Risk and Compliance Cyber Security Roles
Moving onto the governance, risk and compliance type cyber security roles, there will be questions around your experience similar to that asked of someone interviewing for a technical role. Specifically, you can expect questions regarding the type of work you’ve done around writing information security management strategies, writing policies and procedures and any planning you’ve done. During and following the current COVID-19 pandemic, questions around your experience with business continuity planning and disaster recovery planning can be expected.
What is your education history?
Candidates will likely hold a degree in computer science or cyber security, but your interviewer is also wanting to know about industry certifications. This is where a qualification like the CISSP or ISO 27001 is critical because it highlights your technical graft and that you have accrued some good experience in a relevant environment.
Explain to me the kind of work you’ve done in organisations where you’ve had to liaise and work with management – how effective has that been?
Here is your opportunity to highlight your wins. One of the biggest values a person working in this space can offer is to be able to explain to the organisation in business terms what they’re doing and what they’re trying to achieve for the organisation. Demonstrate your ability to think broadly and laterally regarding your approach to cyber security. For example, more than focusing on basic network security, you should be looking at it from a ‘we need to make sure our people are trained, our network is secure, we have the right back-ups, and we have the right business continuity plan in case we all have to work from home due to a global pandemic’ approach.
What sort of work have you done in the community to expand people’s knowledge around cyber security?
There is much mystique that surrounds cyber security so it is the responsibility of cyber professionals to decrypt it for lay people so they can understand what will help them. This means having the emotional intelligence and capability to understand what a person needs and giving them the information to help them reach a solution.
The main point for candidates is to overcome the cyber security talent deficit by setting their expectations accordingly and applying for the lower level roles rather than thinking they’ll stroll straight from university into a CISO role. There is rapid career progression in cyber security, but you have to be prepared to put in the hard yards to get there.