Skip Links

10 ways to prep for -- and ace -- a security job interview

By George V. Hulme, CSO
January 15, 2014 11:06 AM ET

CSO - IT security pros with the right skills are in big demand. Last year, the employment rate for information security managers averaged .9%, as we reported in High CISO employment rates means shortage for security industry. That's as close to actual full employment as one can get.

But this doesn't mean getting hired is a given. In interview after interview, CISOs and others in the industry express frustration over how difficult it is to find security pros with the right skills. And by right skills we're not just talking technical acumen, but also the ability to work with the business, generate creative ways to help drive the business forward in a secure way.

[5 tips to retain great security talent]

To get some answers on the best ways to prep for an interview and show that you're the right fit, we set out to ask quite a few security hiring managers, CISOs, IT security recruiters, and others who often find themselves in the interviewing process what they believe it takes to ace the interview.

Here's what they had to say:

Put a Shine on Your Soft Skills

When it comes to interviewing well: personality matters. "You can be the greatest pen tester on earth. You could write flawless code in your sleep. You could be god's gift to mankind when it comes to fuzzing. In most cases, that's a plus but if you can't articulate yourself or work with other people, you are not going to make it," says Ian Amit, director of services at IOActive, Inc. Amit recalls candidates who looked quite well on paper, but in person just didn't have what he felt it took to build solid relationships. "They were too uptight, wound-up, or blah personality," he says.

Don't just answer questions intelligently, ask intelligent questions

Eve Adams, senior talent acquisition expert at Halock Security Labs, who also helps to staff positions for Halock clients, says it's just as important to ask intelligent questions of the person who first contacted you about the job, be that a recruiter or hiring manager. "What are the major security challenges the organization is facing? What's the next problem you're trying to solve in the security sphere: compliance, secure coding, or infrastructural issues? Does the organization plan to expand or streamline its security team," she says. Questions like these not only display keen interest in the role for which you're interviewing, but will help you to suss out whether this position truly makes sense for you, she adds.

Prepare to interview for attitude as well as aptitude

Most of the experts we spoke with agreed that no one is expected, as a new hire, to know everything about everything: both nuances about the business and specialized technical skills can be learned over time. And this advice holds for both senior and entry level positions.

[How employers can fight back against fake job references]

"The candidate should avoid cramming for knowledge, and focus on interviewing to demonstrate attitude, not as much infosec aptitude. Infosec is baked into nearly every business and tech process, so the candidate should be prepared to identify the infosec activities within their existing strengths, and explain how they can be improved or exploited," says K. C. Yerrid, senior security consultant at FishNet Security, regarding entry level positions.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News