How to prepare for an infosec interview

It's another solo episode! Next weekend I will be at BSides Nashville. Among the many other things I am slated to do, I am helping out with resume/interview workshop. As preparation for the workshop I put together a list of interview questions I intend to use.

I put out a tweet asking for interview questions from the Twitter community. I got back some really good questions. As I was putting the list together I decided this would make a great podcast. Preparing for an interview is very important. I increased my offer rate significantly once I started preparing for interviews. Prior to that I always tried to wing them. I spent 15 months looking for a job at one point. I would get interviews, but failed to get offers.

Interviews are a nerve-racking process. Preparation provides more confidence and the ability to anticipate curve balls in an interview. Being prepared allows you to have more brain power when there is a question you didn't anticipate. When you're prepared, it shows. People tend to like candidates who are prepared. They can tell by how direct and decisive answers are to questions. There is one caveat to this. If your interview with someone as part of a network, there is more leniency in the interview.

Preparation

There are multiple ways to prepare for an interview. Figure out what works best for you. What I have below and in the podcast are what I've used to be successful in interviews.

Look at the job posting

Review the companies job posting and your resume before going into an interview. If you're doing resumes write you should have a different one for each job you apply to. Remembering which resume you submitted is important. Tie your experience to the job posting. This will help with answering the question in a way that shows you're a fit for the role.

Look for key words in the job posting that you might be asked about in the interview. If you're going for a role in a security operations center (SOC), be prepared to answer networking questions. If you're doing application security be prepared to answer development questions. If you're going for a penetration tester role be prepared to talk about attack techniques and your methodology. You get the idea.

Write out questions and answers on 3x5 index cards

I use the list of 31 common interview questions from the muse. I pick the ones that apply and write them down on 3x5 index cards. I then flip them over and write down my answers in one word or short sentence. This allows me to practice my answers to questions such as, "What's your greatest strength/weakness" or more technical questions like, "How does DNS work?"

Practice, practice, practice

Go over the questions you've collected. Read out loud the question and say out loud your answer. Flip over to see that you've hit on your main point. Do this over and over again. Do this again in the waiting room or in the car (if you've arrived early, which I recommend) on the day of the interview. That's the benefit of writing questions and answers on 3x5 index cards, they fit nicely in a coat pocket.

You will practice questions that don't get asked. There is no way for you to anticipate all the questions you'll be asked. Getting the common ones and the ones you think will be asked will make the interview go much smoother. The less brain power you have to spend on a question the more you have for the questions you didn't anticipate.

Physical preparation

  Go get a haircut and make sure you still fit into your interview clothes. If you've out grown a pair of slacks you'll need to go buy a new pair. Prior to the interview you can ask what is the dress expectation. A suit is standard and something I often go with. I also have a pair of khakis and a sports coat in case they want me to dress down. Have at least two sets of interview clothes for multiple interviews. Dressing in the same thing twice is not a good look.

I feel uncomfortable going to an interview in just a t-shirt or polo shirt, even if that's what was recommended. I know some interviewers in our industry care less about dress. I believe in over-dressing rather than under-dressing, though.

Extra preparation

I applied for a job once that described the role as I would my dream job. I did all my usual preparation above. I had two really good interviews and was slated for a third. The first two were phone interviews. The third was going to be in person. It was expected that I would interview with the CISO and a one or two other managers (it ended up being six).

I decided that I would put together a short slide presentation. I practiced going through the presentation as part of my answer. I also went to the print shop and had them print out three bound copies of the presentation. It cost me about $35. I took this to the interview. Two questions in when we started discussing my vision for the role, I handed out the bound copies of the presentation. I then walked through my vision for the role. I got an offer for that job and I'm happy to say I'm still in that role.

Wrap-up and resources

Preparation is so important for a job interview. I failed at it for a long time. Some people can wing an interview and get an offer. I am not one of those people. Once I took the time and made the investment into preparation, I increased my offer rate. I turned down other positions, because I had the confidence that a better offer was coming. 

Review the job posting. Tie it to your experience. Write down common questions and ones you think might be asked. Practice. Say your answers out loud. Do that over and over again until you can answer question confidently and concisely. Then practice some more. Make sure what you wear to the interview is ready before the day of the interview. Scrambling around for something presentable creates more anxiety and nervousness. Finally, consider putting a presentation together. $35 was a great investment.

Before I go here are some great resources around preparation:

Hope to see you at BSides Nashville!