In this chapter, you will learn how to use this book, especially if you only have a short period of time before your job interview. You will also learn about some of the most common job interview questions asked and recommendations for how to answer them. This chapter also covers a brief introduction to personal branding and a simple method for reducing stress before a job interview.
The following topics will be covered in this chapter:
- How to get the most out of this book
- General interview advice
- Common interview questions
- Definition of cybersecurity
- The How, Analyze, Collect, and Know (HACK) method
- Personal branding and soft skills
- Negotiation 101
- Managing stress
How to get the most out of this book
If you're reading this book and only have a short time before your job interview, let me share some wisdom on how to get the most out of it.
This book is not intended to be read from cover to cover, although it can be.
I would suggest reading through at least Part 1 (Hacking Yourself) and Part 4 (Common Behavioral Interview Questions), plus the individual job role that you're interviewing for (assuming it's one listed in this book).
Many of the behavioral interview questions near the back of this book have been asked in interviews I've done, and some of the questions may be asked verbatim in your interview. This is why it's important to prepare for your interview.
I want to stress that the technology mentioned in this book will likely change over the years, so the technical interview questions should not be taken as a Holy Grail guide but rather as a more general guide to the types of questions an employer may ask you during an interview. Also, you may see questions on various tools that are used in each job role.
The questions you get about tools in an interview depend a lot on the company you are interviewing with and the tools they use.
The most important thing to remember is that having an understanding of the type of tool (that is, security information and event management (SIEM), endpoint detection and response (EDR), fuzzer, and so on) is more important than trying to get experience with every tool out there (it's impossible to be an expert in everything).
I also want to mention that this book could not possibly cover every possible interview question you might get (and I've had some strange questions asked of me over the years), but I've made every effort to include some of the most common ones after interviewing hundreds of cybersecurity professionals in these roles and going through hundreds of interviews myself over the years.
General interview advice
Your words have power.
I remember a few years ago, I needed to get my driver's license renewed and saw over 100 people waiting in front of me in the ticketing system line.
The first thought in my head was: This is going to take all day.
But what I said out loud to myself was: This line is going to move quickly, and they will call my ticket number in less than 20 minutes. In fact, people ahead of me in line are going to comment that this is the fastest they've ever seen the line move.
Guess what happened.
Yes—you are correct.
The line moved quickly, and my ticket number was called in about 15 minutes. A few people ahead of me in line also commented how they had never seen the line move that quickly.
Not at all—and I would much rather have the ability to freeze someone with ice as a superpower, anyways.
However, this is an example of the power of your words. You can search online and across social media platforms to see thousands of other examples of this.
There are also numerous books on the subject. A great one I've read is What to Say When You Talk to Yourself by Shad Helmstetter.
It's important to speak the right way before any job interview. Instead of saying things such as I'm dumb or They will hate me, say things such as This is going to be a great interview. Everyone is going to be friendly to me and the questions they ask will be easy. In fact, it will feel more like a conversation with old friends than a job interview.
Now, does this guarantee you will ace the interview and get the job? No—of course not. And sometimes, you don't get certain jobs because something much better for you is right around the corner. I have even experienced this in the past.
Common interview questions
- Who are you? (also known as, Tell me about yourself)
I've always wanted to answer this question with I'm Batman, but for some reason, I suspected the interviewer would not find that funny and I really needed the job at the time.
This question is not a place for you to share your childhood memories and how your mom didn't hug you enough.
Instead, what the interviewer wants to hear is a brief summary of your career with a focus on your impact on past employers. Think of this as your 30-second elevator pitch.
Here's an example:
From the job posting, it's clear the person in this Security Operations Center (SOC) analyst role needs to be ready to go on day one and deliver results fast. That's what I've been able to do at Acme Inc. I developed a new SIEM tool for them within 60 days of hire and created an automation program that reduced false positives by 12%. Would you like to hear more about anything I've mentioned so far?
- What is your greatest strength?
Under the section titled The HACK method later in this chapter, we'll talk about analyzing yourself. This greatest strength question is where you can focus on your key value points and how you are the right fit for the position.
Here's an example:
I would say my greatest strength is the ability to break down technical information and present it in an easily digestible format for stakeholders across an organization.
- What is your greatest weakness?
With this question, I would typically just bring up a weakness they already know about and then end with some of the value I bring to an organization. I work too hard would be a dumb answer here. The interviewer is typically trying to assess your self-awareness with this question.
Here's an example:
I would say my greatest weakness is that I don't have the required 27 years of Kubernetes experience, Certified Information Systems Security Professional (CISSP) certification, and 19 PhDs required in the job description for this entry-level cybersecurity position, but I did reduce support tickets by 14% in my last position, which saved Acme Inc over $57,000 United States dollars (USD).
- Why are you leaving your current job?
Here's an example:
While I've enjoyed my time at Acme Inc, I realized it was time to move to the next level in my career as a pentester.
- Where do you see yourself in (x) years?
This one is usually asked as Where do you see yourself in 5 years? Some people will tell you to answer I see myself working in your position, which is a dumb idea in my opinion. That puts the interviewer on the defense, and you want to keep them relaxed and liking you. I used to answer this one and then ask the interviewer a question. The more you can keep the interview a conversation and not an interview, the better off you are.
Here's an example:
For the next 5 years, I see myself growing in my skillset and taking on more responsibility in the organization. Can you tell me how other SOC analysts have advanced their careers at the company?
- What are your salary expectations?
Everyone hates this one. I typically would start by thanking them for the question and then mentioning if everyone decides it's a good match, we can discuss compensation at that time. You can also ask the interviewer directly what the salary range is for the position to see if they are willing to share it. Some companies out there require the interviewer to get an actual base salary number, so in those instances, I would usually quote 30-40% above what you're making now. Yes—that might get you disqualified from the job, but if they can't pay you a fair wage, why would you ever want to work there?
Here are a few examples:
I appreciate you asking me that question. Would you be against us discussing compensation after everyone has agreed that this is a good match?
I appreciate you asking that question. Are you needing a minimum salary number for your interview form?
Assuming they answer yes (most interviewers will be honest about this), then give them a number 30-40% above your current base salary.
Here are some interview questions I think you should ask:
- Which key performance indicators (KPIs) would you have for me in this position over the first 30, 60, and 90 days?
This question does a few things that benefit you. First, it gets the interviewer thinking of you in the position and not other candidates. Second, it lets you know what is expected of you in the position over the next 90 days. If the interviewer (assuming it's the hiring manager) has not thought about any KPIs for the position, it might indicate they are overwhelmed with work, and it might not be a good company for you.
- What kind of person succeeds at this company?
This helps you understand how the company defines success. If the answer is someone that works 100-hour weeks, then you should probably run out of that interview as fast as you can.
- What do you enjoy most about working at this company?
If the interviewer is happy in their role, then they might share a few things they love. On the other hand, by asking this question, you might be able to save yourself some headaches from working in a toxic environment. It's amazing what some interviewers will share with you if you ask the right questions (social engineering at its finest).
- What do you see as my greatest strengths for this position?
This question is another way to keep the interviewer thinking about you for the position over others. And if they don't have any strengths to share, it's highly unlikely you have a chance at getting the job, so you save yourself some stress in waiting to hear back.
- Make eye contact: I would say you want to make eye contact most of the time when you're listening to the interviewer and when you're answering questions. Little or no eye contact can make people suspicious and feel you're not trustworthy.
- Smile more: Don't be creepy with this one, though. If someone is constantly smiling in the interview, I immediately feel it's not genuine. Smile when appropriate, and if you're introverted like me, then try to remember to smile at least three to four times during the interview, especially when you first meet the interviewer.
- Appearance: As much as that person you follow on social media might want you to believe that appearance doesn't matter, it does. Be sure that you're well-groomed (and showered, please) and dress appropriately. I do recommend a suit (men and women) if you have one, but in most interviews, business casual is fine. I would suggest asking the person who set up the interview what the dress code is. With the global pandemic in recent years, many interviews have moved virtually through things such as Zoom. You want to maintain the same dress code for virtual interviews because you don't know when you may find yourself standing up during the interview and being caught just wearing your shorts—or worse.
- Research the company: Do your homework on the company—its mission, current/future project initiatives, financials, and so on. I'm always amazed at how many people show up to an interview without having done any open source intelligence (OSINT) on the company.
Think of it this way—if some person you didn't know walked up to you and proposed marriage, would you say yes? Or would you say no because you hadn't vetted them at all? Be smart. Do your homework.
- Don't bad-mouth a past employer or team: Yes—some companies (and some people) suck, but no one wants a negative person on their team. I remember a person I worked with many years ago who was negative about everything, and several productive people left the team because they were tired of hearing the endless complaints.
Remember—it only takes one bad apple on a team to change team dynamics and reduce the team's productivity.
- Don't be emotional: Remember—this is business, so don't get emotional when talking about past companies, and so on. The interviewer is not your therapist.
- Be concise in your answers: For most people, this means you need to practice your answers to common interview questions and figure out how you can say less to get the same point across.
I find myself rambling, especially if I get on a live question-and-answer (Q&A) session with students because I am so excited to educate them.
Here are some of the things I used to do during a job interview to reduce my rambling:
- To make a long story short is a phrase I use if I think I'm rambling so that I can wrap up whatever I am saying. You have to practice this and be conscious of the fact you are rambling for this one to be effective.
- Keep your answer short. I used to answer interviewer questions with just a few words and then ask them if they wanted to know anything more about what I had mentioned.
Definition of cybersecurity
Now that you have some basic tips for your interview, let's talk about this whole cybersecurity thing in case you're new to the field.
If you ask 100 people the definition of cybersecurity, you'll get 100 different answers. Likewise, you'll notice I combine cybersecurity into a single word in this book, while others separate it as cyber security.
My favorite definition of cybersecurity comes from Dr. Mansur Hasib's best-selling book, Cybersecurity Leadership, as follows:
"Cybersecurity is the mission-focused and risk-optimized governance of information, which maximizes confidentiality, integrity, and availability using a balanced mix of people, policy, and technology, while perennially improving over time." (Hasib, 2015, p. 3)
In my opinion, understanding the definition of cybersecurity and how cybersecurity can be a business enabler that evolves over time can help you grow your cybersecurity career.
The HACK method
I could feel beads of sweat forming on my forehead as I stared at my computer screen in the darkness of the night. My stomach churned as I watched the timer count down and I thought Will I make it in time?
Was I doing some top-secret hack against an alien spaceship to save the world?
No—I had simply procrastinated in writing some papers for my classes, and I now had less than an hour to write three lengthy papers.
Besides, I didn't have my hoodie and gloves on, which we all know is a requirement of any successful hacker (just google it if you don't understand the joke here).
With a few minutes left, I submitted all three papers and received an excellent grade on all of them.
What was my secret? Did I hack into the professor's computer to change my grades? In hindsight, that might have been a good option, but instead, I had learned a long time ago how to hack myself.
In a similar fashion, you can learn to hack yourself for job interviews using the simple HACK method.
When applying for jobs, think about how your life is impacted by getting this job. Many people will just focus on the money here, but also ask yourself how this job fits into things such as your long-term plans. What sacrifices do you have to make (missing birthday parties, long commute to the office, and so on) for this job?
Here are a few things I used to always think about:
- How long is the commute? I once had to commute 4+ hours each way for a job, so I'd spend much of the week just sleeping in my car near the job site.
- How much earning ability do I have? Is this just a base salary, or is there an option to earn more with stock options, sales commission, and so on?
- How much time will I really spend on this job? Because most of us are paid for 40 hours a week in the US, but work 60+ hours each week.
- How does this job benefit my 1-, 5-, and 10-year goals?
The next part of HACK is analyzing yourself. There are a number of self-assessments out there on the internet, and all sorts of personality and aptitude assessments, and so on.
Those are fine to take, but the low-cost route is to get a piece of paper (or your phone notes) and write down what you think is important, how you work through problems/projects, how good you are at time management, and so on.
This is important, so be honest with yourself.
As an example, I do the self-analysis monthly and I know that I am willing to go without eating, sleeping, and entertainment so that I can finish a project. I have no hesitation in sacrificing to complete the mission, which is how I was able to write those 20+-page papers in a short period of time. I also know that I can complete projects quickly, so I sometimes procrastinate until the deadline.
It's also important for you to collect information about the job you are applying for, the company itself (as mentioned earlier in this book), and what your long-term goals are.
You need to know what success looks like for you. For example, one cybersecurity professional I know makes a lower salary but is able to get off at 5 p.m. every day to have dinner with the family. He's happy with his job, and that is success for him.
Another cybersecurity professional I know is single and working at a major tech company working 80+ hour weeks but making close to a million in total compensation. This is the definition of success for her.
It's crucial to know what success looks like for you and not what people on social media tell you success is.
If you built a life that you never had to take a vacation from, what would that life look like?
Personal branding and soft skills
Many of the hiring managers I have spoken with over the years have mentioned that soft skills are a key part of the ideal candidate. In this section, we will discuss how personal branding and soft skills can help you achieve your goals. Your personal brand can help you develop more confidence, provide better job security, and increase your earnings over your career. When I developed my personal brand years ago, I went from living paycheck to paycheck to having financial freedom.
"Two all-beef patties, special sauce, lettuce, cheese, pickles, onions on a sesame seed bun" was a commercial jingle from McDonald's in the 1970s. I first heard it years later and I still remember it now.
That's the power of proper branding.
You are a brand, and you have value. Your personal brand brings value to any organization and helps them make more money.
Let me ask you a question. If you work hard for your brand and a company makes more money because of your brand, wouldn't it make sense for you to earn more money as well? Hopefully, you answered yes.
There are many books on personal branding and many ways to build your personal brand. I typically would tell you to focus on LinkedIn and show what you know through videos/screen recordings, posts, or articles/whitepapers.
Your personal brand can help you get jobs.
Imagine the no spray and pray resume and job application approach—no we have a few more candidates to interview type of stuff and no real pushback on the salary you want. All of this is made possible by your personal brand.
You might hear of many companies that advertise they need people with soft skills. Some of the key soft skills I think someone needs to have are the ability to communicate effectively across different stakeholders, the ability to work in a team, and customer service skills.
Everyone is in sales is a statement from one of my mentors many years ago.
Would you be opposed to me teaching you a trick I have used over the years to win at job interviews and—especially—negotiations?
I won't deep dive into sales techniques in this book, but a good sales book is The Sandler Rules by David Mattson, and a guy named Josh Braun also has some good training.
Here are a few questions I have used over the years in interviews:
- Would you be opposed to…?
Here's an example:
Would you be opposed to me asking about career advancement for this job role?
- Would it make sense…?
Here's an example:
Would it make sense for us to discuss salary after we've seen this is a good match?
- Can you offer your advice on…?
Here's an example:
Can you offer your advice on how the team manages projects?
- It seems…?
(Note: shut up after you use this one and let them respond)
Here's an example:
Years ago, I read a book called How to Stop Worrying and Start Living by Dale Carnegie. I'm not going to share everything in that book (you should buy a copy), but one key exercise had you reflecting on the worst possible scenario that could happen and then asking yourself if you were OK with that happening. If your answer was no, then you had to think through what action you could take to improve the situation.
Here's an example:
- Scenario: Your boss wants a project done by Monday, even though the real deadline is 3 weeks away.
- Worst-case scenario: You don't do the project on your days off, and the boss fires you because of it.
Are you OK with this?
Yes, because you already have money saved up to cover expenses while you look for another job. This gives you some freedom, and typically, this scenario wouldn't lead to termination since the project is not due for weeks.
No—you really need this job to pay your bills. In this situation, you probably have to suck it up this time and get the project done. However, I would suggest you then focus your spare time on building additional income streams, saving more money, and/or finding a new job. Otherwise, the cycle will just repeat itself.
I read another book years ago (can't think of the name) that mentioned reading just 6 minutes a day could reduce your stress by around 30 percent. I've found that reading can help take your mind away from stressful situations.
Another good book on the subject is Chaos Loves You: So Let's Love it Back by Jothi Dugar (cybersecurity executive).
I also practice simple meditation and breathing exercises.
I'm not going to lie to you—cybersecurity careers can be extremely stressful. It's important for you to recognize if you're stressed out and identify safe ways to cope. Remember, we as a community are here to support you.
Now that you have a good idea of some common interview questions you might be asked, the questions you should ask, the HACK method, and a few books I suggest you buy around stress management, let's move into job-specific interview questions in the coming chapters.
In this chapter, you learned about common interview questions asked in many job interviews. Studying these questions and writing down your answers to them in advance of a job interview can help the interview be less stressful. Speaking of stress, you also learned a simple method for analyzing a situation to help lower your stress level about the situation. You also learned how to hack yourself for job interviews. Understanding yourself and your situation (situational awareness) is critical to your success in job interviews and in life.
In the next chapter, you will learn about SOC analyst careers and some common knowledge questions you might be asked in a job interview.