Interviewing for a job in information security can be daunting. There are so many topics candidates are expected to know: DNS monitoring, distributed denial-of-service attacks and data leakage are some of the basics. Job applicants should also be familiar with terms such as encryption, decryption, firewalls and penetration testers — the security pros who work on red teams.
But, according to experts we interviewed, memorizing hundreds of terms is not the ticket to a successful interview for a cybersecurity job. The best candidates have a sense of what they want to accomplish in the security field and can demonstrate a sincere interest in and concern for how cybersecurity has become a front-burner issue for businesses.
Simone Petrella, founder and CEO at CyberVista, said she can tell in a matter of minutes if there’s a serious candidate in front of her. “If they say they are interested in security because it’s the hot field and they want to make money, I know they are not serious,” Petrella said. “Candidates need to show they’ve done some research and have some sense of what aspect of security interests them.”
David Wolpoff, CTO at Randori, pointed to similar telltale attributes of a successful security job candidate.
“A mantra I’ve picked up from previous teams is passion, capacity and smarts,” Wolpoff said. “You’re not going to stay current and grow if your only learning time is 9 to 5 — the security space is too big.” That’s especially true for aspiring red team applicants. “To become a really awesome hacker, you have to be willing to dig in and learn everything.”
In short, come to the interview ready to talk about yourself and why security matters. Newbies are expected to have a general sense of the field. Know terms like cryptography and show you understand the difference between a vulnerability and an exploit. On the other hand, midcareer professionals and people going for more advanced positions, such as CISO or chief security strategist, must demonstrate knowledge gained through certifications such as CISSP, Certified Information Security Manager and Offensive Security Certified Professional (OSCP) — or show that they are working on those certifications.
So-called soft skills,…