• Preparing for an Infosec Job Interview

    August 24, 2020 | Joe Sullivan
  • I’ve interviewed a lot of job candidates for various roles in IT and Infosec. What I’ve seen lately is candidates that have resumes stuffed full of buzz words, terminology, and tools, but can’t articulate how they use any of this in context.

    It’s important to stick to what you are a subject matter expert in when you prepare your resume. It’s better to list 3-4 subjects or tools you can can explain in great detail then to add fluff just to catch someone’s attention. This also helps you avoid awkward moments of having to say “I don’t know”, or “that’s not actually what I do”.

    Some of the key area of a resume that I look at are:

    • Job History
    • Education
    • Accomplishments
    • Certifications
    • Community Involvement
    • Publications
    • References

    You should prepare to answer questions on your resume topics that show practical application and context in your day to day role. For example, if you list forensics on your resume, I’m going to ask questions such as:

    • What would I find in the Master File Table?
    • What kind of information can I get from the SRUM?
    • If there was a box of 10 USB drives, how could I tell which ones were plugged into a particular system using forensics?

    I want to make sure you know your material and speak in great detail to your experiences. Generalized answers won’t get you far. For example:

    • Q: Tell me about your forensics or incident response experience.
    • A: I perform forensics on mobile devices, laptops, and respond to malware incidents as they happen.

    The STAR Approach

    That response doesn’t really tell me anything. Consider responding to interview questions using the STAR approach:

    • Situation
    • Task
    • Actions
    • Results

    Your answer to the question is more impressive when you frame it this way:

    • Q: Tell me about your forensics or incident response experience.
    • A: I worked on an intellectual property case recently where I tracked down data exfiltration of corporate documents. I used registry forensics to show that the suspect used a cloud service to upload the documents to their personal account. The results of my findings saved the company thousands of dollars in intellectual property loss. I handled all this by working with the incident response team, human resources, and the legal department.

    That response provides context and builds my confidence in their abilities.

    Education, Versus Experience, Versus Certifications

    Although I look at education, it’s the least important part of the equation from my perspective. I’ll hire a seasoned professional with a GED and a few certifications over a candidate with a MS and a few years experience and certifications. Community involvement is important as well. I look for a candidate that is making active contributions to the community and has a few presentations to hi-light their work.

    I’ll also look at social media involvement. What I’m looking for here is how the candidate interacts with others. This provides some clues and how they will fit into the organizational culture.

    Current Events

    I like to ask questions about infosec related current events. Be ready to answer questions about recent incidents, breaches, APTs, and legal proceedings. The executives are paying attention to these stories and so should you. They are more than likely going to approach you with questions and you need to be ready to answer.

    The Infosec landscape is currently changing and we have to stay current with the latest trends, attacks, and impact to organizations. This field requires more continuing education than any other field.

    Executive Communications

    Equally important is the ability to communicate Infosec related topics in executive terms. This means keeping it simple and avoid using acronyms. A FBI forensic investigator once told me that when talking to executives, try to keep it at an 8th grade level. Executives do not have the technical acumen that you might have.

    You should also consider how to present to board members, as this might come up as well. They key here is to present a message in terms that board members can understand while doing it in a time efficient manner. You typically have approximately 15 minutes when presenting to board members.

    Hire an Interview Coach

    There’s a lot of competition for Infosec jobs due to reason such as skills shortage, training, and a lack of understanding of infosec by human resources. Consider hiring an interview coach that understand infosec and can assist with a mock interview. This will help you fine tune your resume and prepare you to answer those difficult technical questions that may come up.

    We also provide an infosec resume review and mock interview service – just reach out to us!