Cybersecurity Interview Questions and Pitfalls You Should Prepare For [Part 3]
In part 3 of our Cybersecurity Interview Questions series, we continue to take deep dives into popular interview questions. This is intended to provide you with the knowledge to develop your authentic answers to help you land a cybersecurity job.
Can you tell me about your cybersecurity experience?
There are numerous variants of this question, but they’re all attempts to hone in on the same thing. The interviewer wants you to tell them about your cybersecurity experience, even though he or she can see from your resume that this would be your first cybersecurity job. The question is a bit of a set up. You can spin it to your advantage though.
Do not start by saying you don’t have any cybersecurity experience. By doing so you voluntarily place yourself behind every candidate who gave any different answer. You want to provide the interviewer reasons to hire you.
Instead, start by describing the cybersecurity training you’ve completed. Yes, your cybersecurity certifications are on your resume, but your resume doesn’t tell the whole story. (Resumes never do.) You progressed from little-to-no cybersecurity knowledge to being certified through self-motivation and hard work. That learning journey is your cybersecurity experience. It may not carry as much weight as on-the-job experience, but it’s something. Make sure to highlight areas in which you’ve done hands-on training, as that tends to stand out.
Do not start by saying you don’t have any cybersecurity experience.
Close out your answer by acknowledging that the role you’re interviewing for would obviously be your first professional cybersecurity experience and that your educational cybersecurity experience has prepared you well for the role. This does two things. First, you express that there are more types of “experience” than on-the-job experience. Second, you acknowledge that the interviewer’s question was about professional experience (even though you gave an answer, which was more advantageous to you).
What kind of cybersecurity training have you had?
This is similar to the question above. It’s less of a gotcha question though. The interviewer knows this would be your first cybersecurity job and has chosen to ask a fairer question. While the question is rather straightforward, it does leave plenty of room for a rambling answer.
You want to use this question to talk about your certifications achieved and skills acquired. Remember, the interviewer may not be the person who selected you to be interviewed. Therefore you don’t want to make assumptions about them having thoroughly read your resume or having done so recently. Talking about your training highlights your aptitude to work hard and learn. The goal is to highlight where you are in your learning journey.
For example, stating that you completed a half dozen Cybrary and Udemy courses on cybersecurity doesn’t adequately highlight what you would bring to the table. Conversely, stating that you leveraged those same courses to pass your CompTIA Security+ and a MITRE ATT&CK Defender certification outlines skill sets that you would bring. If your interviewer isn’t familiar with the MITRE ATT&CK Defender certifications, you have an opportunity to educate them. Interviewers don’t often get to learn something new during the interview process. It will generally leave a strong impression.
Remember, the interviewer may not be the person who selected you to be interviewed. Therefore you don’t want to make assumptions about them having thoroughly read your resume or having done so recently.
Determine what you want the interviewer to know about your cybersecurity skills. Then use the answer about your training to back into it. Interviewing is about efficiently answering questions in a manner that makes people want to work with you.