Job Application Tips for Infosec

Choosing a dynamic and interesting career that gives you plenty of opportunity for personal growth, as well as a hefty salary, has probably steered you towards a future in IT. However, IT covers such a broad spectrum of possibilities, it’s essential you narrow down your options before you start preparing to go for specific qualifications, or apply to particular companies.

Top of the wish list for many companies is a well-qualified and (preferably) experienced InfoSec or cybersecurity expert. You need to be comfortable in a dynamic and challenging arena that attracts candidates who are not just technically skilled, but innovative, ‘outside the box’ thinkers and problem solvers. If you’ve decided that this challenging career path is for you, then there are a few things you can do during the application and interview stage to convince your potential employer that you’re the right candidate for the job.

Know the industry, know the terminology

If you stumble during interview over industry terms you really should be familiar with, such as phishing and password salting, then you’re demonstrating a lack of understanding and familiarity with the most basic references, instantly undermining your credibility. Watch out for InfoSec terms such as WEP cracking and rainbow tables, which any competent applicant should know.

Research the different career paths open

The sheer number of different career paths available is mind-boggling. From managing large networks to more focused InfoSec positions, there is literally something for everyone. Courses are plentiful, allowing you to add ‘bolt-on boot camp’ training which gives you specific skills in everything from Cloud Security through to Compliance, Data Protection, Intrusion Detection, and Threat Management.

Depending on what interests you, it’s easy to build up a portfolio of skills (many of which can be transferred between disciplines) and make yourself attractive to a potential employer. Current courses demonstrate not just a candidate that’s willing to learn, but one that’s also happy to upgrade their understanding of what is an incredibly fluid business.

What your interviewer is interested in

Initially, they’ll want to see what you have to offer, and that you’ll add immediate value to their company. They’ll want to know what motivates you, how willing you are to increase your skills set through additional training, and how you can apply what you know to real world scenarios, especially if they’re looking for network experts. They’ll also want to see whether your ethos fits in with their own, and whether your idea of cybersecurity compliments their existing setup. The last thing any employer wants to do is to change a perfectly robust and functional system to suit you. Cybersecurity positions are rarely new broom opportunities, but more a chance to fit into existing structures.

Killer questions

Be prepared to have your commitment, your expertise and your soft skills scrutinised. Inevitably, you’ll be asked if you’re a good team player, whether your personal vision for cybersecurity matches the company’s existing parameters (so do your homework), and (this one can be a real tester) whether you’re prepared to take responsibility for cybersecurity. If you’re the resident cybersecurity expert then the buck stops with you. If there’s a breach then not only do you have to have the skills to tackle and combat it, but you better have a very good reason as to why the hackers got in in the first place, and be able to reassure your employer that it won’t happen again.

Interviewers will also want to know your methodology, so expect to be asked how you’d react to a breach. If you’ve had experience of threat response, detail what you did and how it worked, and then show how you would upscale that response to a breach at your potential employers’ workplace.

Demonstrate soft skills

Technical skills are great, but you’ll also need to show that you have the soft skills as well to fit in with a team. You may be asked to demonstrate how you would explain a breach to someone with very little computer experience, but who might in charge of finances, for example.

Prepare to succeed at interview

There’s an old saying, ‘fail to prepare, prepare to fail’. It should be your guiding mantra when you’re getting ready for an InfoSec interview. It’s important to research the company you’re being interviewed by, so look out particularly for recent news and press releases, announcements, or major events.

Research potential interview questions you may encounter too, such as:

  • Questions about what news sites you regularly check – they want to know how up to date you are, especially regarding the latest security issues and breaches, as well as how the industry is adapting to combat hacking.
  • Details on projects you have built or developed – a good way of demonstrating your thought process and problem analysis skills
  • Whether you know the difference between encoding, encryption, and hashing – These are definitions that any potential job candidate looking for a job in InfoSec should be able to answer
  • If you know what ‘salting’ is – a term that’s often used to catch candidates out. A good candidate will know that the term refers to ‘password salting’, what it is and why it’s important.