In part 4 of our Cybersecurity Interview Questions series, we continue to take deep dives into popular interview questions. This is intended to provide you with the knowledge to develop your authentic answers to help you land a cybersecurity job.
What are your thoughts on [insert latest high profile cyberattack]?
During the course of your interview, you’ve been telling the interviewer how hard you've been working and how much you want to get into cybersecurity. Now he or she has laid before you a straightforward question, which can allow you to thoughtfully articulate how you analyze cyberattacks… or blow yourself up.
The pitfall here is a simple one. If you really want to get into cybersecurity, you should be paying at least nominal attention to what’s happening in cybersecurity. No one expects that you will be able to recite their daily cyber threat intelligence report back to them. But if someone asks you about a cyberattack as high-profile as NotPetya or SolarWinds, you shouldn’t have to ask, “What’s that?” That lack of awareness may be enough to single-handedly kill your interview.
If you really want to get into cybersecurity, you should be paying at least nominal attention to what’s happening in cybersecurity.
The upside is that the question is open-ended. It gives you a lot of runaway to put the range of your cybersecurity awesomeness on full display. You can show both your awareness of the public facts of the incident and (more importantly) your analysis. Your answer is not limited by the facts you have at hand. A creative answer may include questions that you would have of the investigation. After all, a good cybersecurity analyst asks good questions. The upside to posing these potential investigative questions is that the interviewer likely doesn’t know that answer either. Be aware though. A reasonable follow up for any of those questions is, “How would you go about answering that?”
How do you prevent getting stumped on cybersecurity current events questions? Easy. Follow the cybersecurity news. Regularly listen to cybersecurity podcasts. (Check out: Podcasts to Expand Your Cybersecurity Awareness.) You can also create a Google News alert for the word “cyber”. In addition to high-profile incidents, this alert will update you on a lot of less visible, local cybersecurity incidents. This knowledge can put you in a position to tell the interviewer something she or he didn’t know. That is always a good place to be during an interview.
Where do you get your cybersecurity news?
This question is similar to the previous question. You’re simply enumerating your news sources. You want to paint yourself as a student of cybersecurity. To do that though, you need to actually remember the names of the podcasts, websites, and newsletters that you follow. If you find yourself answering, “I can’t remember the exact name, but…” then you’ve missed an opportunity. As always you get bonus points for telling the interviewer about an interesting source that he or she hasn’t heard of before. It’s a good thing, when the interviewer responds, “I’ll have to check that out.”
A creative answer may include questions that you would have of the investigation. After all, a good cybersecurity analyst asks good questions.
Admittedly, you may not be asked this question outright. Describing your news sources during your interview unprompted can also be effective. This displays your immersion in cybersecurity, which highlights motivation and interest to the interviewer. Lots of people will say they want to get into cybersecurity. Proving your immersion in it can help differentiate you from other candidates.