• United States



Mary K. Pratt
Contributing writer

10 ways to prep for (and ace) a security job interview

Jan 25, 20218 mins
CareersIT LeadershipSecurity

You've landed an interview for that security job you've had your eye on. Now prepare to land the job with these 10 techniques to get noticed and make an impression

resume handshake cv career job search interview
Credit: Getty Images

The shortage of cybersecurity workers is well known, with studies showing that millions more professionals are needed to meet the increasing demand for skilled talent in this profession.

The 2020 Cybersecurity Workforce Study from the nonprofit professional organization (ISC)² estimates that the global workforce shortage stands at 3.12 million, and it estimates that employment in the field needs to grow by 41% in the United States and 89% worldwide in order to fill the talent gap.

But don’t let those figures go to your head if you’re looking for a job.

Hiring managers, recruiters and career consultants all say they’re working hard to find the right candidate for every open position. They’re carefully reviewing resumes and they’re using interviews to separate the best from the rest.

So if you’re looking to impress, what should you do? Here experts offer 10 ways to prep for and ultimately ace a security job interview:

Have and demonstrate broad business knowledge

Hiring managers typically look for strong technical skills and specific cybersecurity experience in the candidates they want to interview, particularly for candidates filling entry- and mid-level positions within enterprise security. But managers use interviews to determine how well candidates can apply those skills and, more specifically, whether candidates can apply those skills to support the broader objectives of the organization, says Sounil Yu, CISO-in-resident at YL Ventures. As such, Yu says he and others look for “T-shaped individuals”—those with deep expertise in one area but with general knowledge across the broader areas of business. The candidates who get job offers are those who have, and demonstrate, both. “Security is a multidisciplinary problem, so that depth is an important asset,” Yu adds.

Show your passion for the profession

Candidates love to say they’re passionate about security, but many can’t figure out how to showcase it. Those who can, however, stand out. Yu once interviewed a candidate via video and could see a server rack in the background of this person’s home office. “He clearly liked tinkering outside of work. You could see that he had tech skills and a passion for them and a drive to learn about new technologies,” Yu says. Not all candidates have servers in their homes, nor do they need to, but they should have ready proof that they’re invested in their profession. Be ready to list classes you’ve taken, experts you follow, trade journals you read and off-hour pursuits that illustrate your commitment to your profession.

Back up your claims of expertise

James Carder, CSO of the security tech company LogRhythm, remembers interviewing a candidate who brought in some code he had written, shared what worked well with it and talked about the areas that didn’t work. It was a bold move that Carder says illustrated the candidate’s capabilities. “He showed the technical aptitude needed for the job,” Carder says, adding that he did in fact hire the candidate. Although Carder doesn’t advocate for every candidate bringing code or work samples to interviews (especially if it’s proprietary), he and others agree that successful candidates should be ready to demonstrate their expertise in any area where they claim to have it. “If you put something on your resume, you have to be able to talk about it in detail and not just show a vague awareness of it,” adds Russ Kirby, CISO of software company ForgeRock.

Acknowledge what you don’t know

On the other hand, Kirby says candidates shouldn’t try to fumble their way through questions about topics that they really don’t understand. “A lot of candidates underappreciate and underuse the term ‘I don’t know.’ If you don’t know about one thing out of 10, it’s not as bad to say you don’t know about something than bluff your way through it,” Kirby says. He interviewed one candidate who responded when asked about a compliance standard: “I’ve never had anything to do with that in my life.” The candidate then went home, studied the topic and requested a second interview where he then revisited the original question, sharing what he had learned and how he’d apply his new-gotten knowledge. Kirby offered him the job.

Practice and perfect your responses

Practice what you’re going to say. It’s a standard, and longstanding, piece of advice, but one worth repeating, says Pamela Nigro, a vice president and the IT and security officer at Home Access Health Corp. as well as director with ISACA, a professional association focused on IT governance. Nigro advises candidates to work out potential responses in advance and work with a coach or colleague to strengthen their communication abilities. “You may need to do this for the interview, although practicing shouldn’t stop there. You’re going to need to be able to articulate well long-term,” she says. The work pays off: She has interviewed promising candidates, who don’t get the offer because they couldn’t articulate their ideas when meeting face to face. On the other hand, candidates who can confidently and coherently explain their thinking not only demonstrate that they know their stuff, they also show they’re capable of communicating well with the business—a highly-prized skill among today’s security teams.

Get your questions ready

You know it’s coming: the hiring manager asking, “Do you have any questions?” So be ready with a long enough list to respond. “There’s nothing worse than saying ‘You’ve answered everything,’” says Katie Cassarly, associate director of career services at Carnegie Mellon University’s Heinz College. Even if the interview up to that point was thorough, thoughtful candidates will have some additional areas they want to explore. Moreover, Cassarly says, well-crafted questions demonstrate that you’ve not only done your research but are thinking about how you’ll fit with the company and its security team.

Keep useful phrases handy

Candidates often jump into their responses without fully understanding the questions being asked or without pausing to think through their responses. So be prepared to hit the pause button with some useful phrases. “It’s the kind of thing that would make candidates stand out in any interview,” says Lisë Stewart, principal-in-charge of the Center for Individual and Organizational Performance at the professional services firm EisnerAmper. Stewart suggests using phrases like “Can you tell me a bit more about that?” or “That’s an angle I haven’t considered before, let me think about it.” instead of blurting out the overused response “Good question!”

Pick good stories to share

Interviewers like to ask candidates about how they’ve handled challenging assignments or some past difficulty on the job. Although those questions do have value, they often have candidates thinking about the anxiety-ridden times in their careers. Candidates, though, can and should think about the times they had great work experiences—perhaps when they’ve had some well-recognized success or a particularly productive partnership—and find opportunities to share those stories during the course of an interview, too, says Kimberly Roush, founder of All-Star Executive Coaching. “When people talk about a challenge, you hear angst in the voice. But when you talk about a time when you were thriving, your eyes are going to sparkle,” she says. She advises candidates to create a narrative that shares the situation, the action, the result and why that experience was so meaningful.

Create good visuals

It should go without saying, but yet it needs repeating: Dress appropriately for the interview. Recruiters, career coaches, and hiring managers say they continue to see candidates who are unkempt and now, in the era of virtual interviews, poorly positioned for the camera with questionable materials in view. Paul Wallenberg, who as director of technology services at the staffing firm LaSalle Network recruits for hard-to-reach IT and security talent, says he has seen his share of candidates with hoodies pulled up over their heads. (“That may say something [negative] about your willingness to interact with people,” he notes.) He also has seen candidates with violent music posters in the background and others with political flyers in view. One candidate had dozens of anime figurines positioned in a battle-like scene right behind him. “How do you not know if it’s in view of the camera?” Wallenberg asks with a sense of disbelief. “Just be self-aware.”

But let your personality come through

When interviewing candidates for an open staff position, Kirby says he’s looking for someone who has the right skills as well as for someone who understands his company, its business and the industry so they know how to apply their skills to the organization’s security needs. But he’s also looking for someone who will work well with his team and who will feel comfortable being part of the security department. Candidates should want that, too, he and others say, stressing that interviews are a chance for both sides to figure out if they’re a good fit for each other. Kirby says he can quiz candidates on their skills and their knowledge of the company and its work, but he needs candidates to be themselves to determine if they’re going to fit well with the security team. “But too often they put on a façade of what they think we want a professional to look like,” he says.