A lot of the cybersecurity interview preparation is generalized based on the roles candidates are applying for. That's to be expected. Your answers to “Tell me about yourself” or “Why do you want to get into cybersecurity?” are independent of which organizations you’re interviewing with. The technical questions that you prepare for, when interviewing for a penetration testing or cyber threat intelligence role, would be similar regardless as well.
You also need to do your homework on the specific company you’re interviewing with. This is the part of your interview preparation that doesn’t scale. If you have five interviews scheduled, then that’s up to five different companies you need to research. When you add it to the rest of your cybersecurity job hunt activities, researching every company you interview with can seem like a lot. The secret weapon? Annual financial reports.
Why Do You Want to Work Here?
For every interview you need to be prepared to answer why you want to work for the company you're interviewing with. You should have a cursory understanding of how they make money. If the interviewer mentions the CEO by name, you shouldn’t look like a confused deer in headlights. You should recognize it. The secret weapon to prepare for all this and more is the organization’s annual financial report (often called a 10-K for publicly traded companies).
I know what you’re thinking. Accounting and finance aren’t my thing. It doesn’t have to be. There’s a lot more to an annual report than financial statements. It provides a lot of verbiage describing the organization’s priorities, what it’s investing in, its risks, and other key attributes specific to that company. Reading a company’s annual financial report will help you sound like you’ve actually done your homework. When asked, “Why do you want to work here?” you be prepared with a thoughtful, unique answer. After all, you don’t want a generic that could apply to any of that company’s competitors.
Consume What’s Useful, Then Move On
Of course, annual financial reports aren’t intended for interview preparation—that’s what makes them a secret weapon—so don’t get bogged down reading them cover-to-cover. As a cybersecurity job candidate, you are not the intended audience. So browse the report, consume what’s useful, and move on. This isn’t sleepy time reading. (Remember to take notes.)
You’re not going to be quizzed on the company’s annual financial report. In fact, your cybersecurity interviewer probably hasn’t read it. Consuming the annual financial report allows you to make it clear, you do your homework. Including an opening like, “I noticed in your annual report that…” once or twice will help you stand out from the competition.
Annual Reports, Not Just for Corporations
Annual financial reports tend to be associated with the corporate world, because they are required for publicly-traded companies. The little known fact is that non-profit organizations and government agencies also publish annual reports. For example, the US Department of Homeland Security (DHS) publishes its Fiscal Year Report annually.
There are unfortunately limits to this secret weapon. Private companies have no requirement to publicly report their financial status, so there are no financial reports available for them. (That’s one reason some stay private.) You may be able to glean some similar information for sustainability or diversity reports, if those are available.
In the end your aim is to demonstrate that you’ve adequately researched the organization. It helps demonstrate both that you’re a thorough professional who does their homework. Sometimes that is enough to rate you higher than another, less prepared, candidate.