The shortage of cybersecurity workers is well known, with studies showing that millions more professionals are needed to meet the increasing demand for skilled talent in this profession.The 2020 Cybersecurity Workforce Study from the nonprofit professional organization (ISC)\u00b2 estimates that the global workforce shortage stands at 3.12 million, and it estimates that employment in the field needs to grow by 41% in the United States and 89% worldwide in order to fill the talent gap.But don\u2019t let those figures go to your head if you\u2019re looking for a job.Hiring managers, recruiters and career consultants all say they\u2019re working hard to find the right candidate for every open position. They\u2019re carefully reviewing resumes and they\u2019re using interviews to separate the best from the rest.So if you\u2019re looking to impress, what should you do? Here experts offer 10 ways to prep for and ultimately ace a security job interview:Have and demonstrate broad business knowledgeHiring managers typically look for strong technical skills and specific cybersecurity experience in the candidates they want to interview, particularly for candidates filling entry- and mid-level positions within enterprise security. But managers use interviews to determine how well candidates can apply those skills and, more specifically, whether candidates can apply those skills to support the broader objectives of the organization, says Sounil Yu, CISO-in-resident at YL Ventures. As such, Yu says he and others look for \u201cT-shaped individuals\u201d\u2014those with deep expertise in one area but with general knowledge across the broader areas of business. The candidates who get job offers are those who have, and demonstrate, both. \u201cSecurity is a multidisciplinary problem, so that depth is an important asset,\u201d Yu adds.Show your passion for the professionCandidates love to say they\u2019re passionate about security, but many can\u2019t figure out how to showcase it. Those who can, however, stand out. Yu once interviewed a candidate via video and could see a server rack in the background of this person\u2019s home office. \u201cHe clearly liked tinkering outside of work. You could see that he had tech skills and a passion for them and a drive to learn about new technologies,\u201d Yu says. Not all candidates have servers in their homes, nor do they need to, but they should have ready proof that they\u2019re invested in their profession. Be ready to list classes you\u2019ve taken, experts you follow, trade journals you read and off-hour pursuits that illustrate your commitment to your profession.Back up your claims of expertiseJames Carder, CSO of the security tech company LogRhythm, remembers interviewing a candidate who brought in some code he had written, shared what worked well with it and talked about the areas that didn\u2019t work. It was a bold move that Carder says illustrated the candidate\u2019s capabilities. \u201cHe showed the technical aptitude needed for the job,\u201d Carder says, adding that he did in fact hire the candidate. Although Carder doesn\u2019t advocate for every candidate bringing code or work samples to interviews (especially if it\u2019s proprietary), he and others agree that successful candidates should be ready to demonstrate their expertise in any area where they claim to have it. \u201cIf you put something on your resume, you have to be able to talk about it in detail and not just show a vague awareness of it,\u201d adds Russ Kirby, CISO of software company ForgeRock.Acknowledge what you don\u2019t knowOn the other hand, Kirby says candidates shouldn\u2019t try to fumble their way through questions about topics that they really don\u2019t understand. \u201cA lot of candidates underappreciate and underuse the term \u2018I don\u2019t know.\u2019 If you don\u2019t know about one thing out of 10, it\u2019s not as bad to say you don\u2019t know about something than bluff your way through it,\u201d Kirby says. He interviewed one candidate who responded when asked about a compliance standard: \u201cI\u2019ve never had anything to do with that in my life.\u201d The candidate then went home, studied the topic and requested a second interview where he then revisited the original question, sharing what he had learned and how he\u2019d apply his new-gotten knowledge. Kirby offered him the job.Practice and perfect your responsesPractice what you\u2019re going to say. It\u2019s a standard, and longstanding, piece of advice, but one worth repeating, says Pamela Nigro, a vice president and the IT and security officer at Home Access Health Corp. as well as director with ISACA, a professional association focused on IT governance. Nigro advises candidates to work out potential responses in advance and work with a coach or colleague to strengthen their communication abilities. \u201cYou may need to do this for the interview, although practicing shouldn\u2019t stop there. You\u2019re going to need to be able to articulate well long-term,\u201d she says. The work pays off: She has interviewed promising candidates, who don\u2019t get the offer because they couldn\u2019t articulate their ideas when meeting face to face. On the other hand, candidates who can confidently and coherently explain their thinking not only demonstrate that they know their stuff, they also show they\u2019re capable of communicating well with the business\u2014a highly-prized skill among today\u2019s security teams.Get your questions readyYou know it\u2019s coming: the hiring manager asking, \u201cDo you have any questions?\u201d So be ready with a long enough list to respond. \u201cThere\u2019s nothing worse than saying \u2018You\u2019ve answered everything,\u2019\u201d says Katie Cassarly, associate director of career services at Carnegie Mellon University\u2019s Heinz College. Even if the interview up to that point was thorough, thoughtful candidates will have some additional areas they want to explore. Moreover, Cassarly says, well-crafted questions demonstrate that you\u2019ve not only done your research but are thinking about how you\u2019ll fit with the company and its security team.Keep useful phrases handyCandidates often jump into their responses without fully understanding the questions being asked or without pausing to think through their responses. So be prepared to hit the pause button with some useful phrases. \u201cIt\u2019s the kind of thing that would make candidates stand out in any interview,\u201d says Lis\u00eb Stewart, principal-in-charge of the Center for Individual and Organizational Performance at the professional services firm EisnerAmper. Stewart suggests using phrases like \u201cCan you tell me a bit more about that?\u201d or \u201cThat\u2019s an angle I haven\u2019t considered before, let me think about it.\u201d instead of blurting out the overused response \u201cGood question!\u201dPick good stories to shareInterviewers like to ask candidates about how they\u2019ve handled challenging assignments or some past difficulty on the job. Although those questions do have value, they often have candidates thinking about the anxiety-ridden times in their careers. Candidates, though, can and should think about the times they had great work experiences\u2014perhaps when they\u2019ve had some well-recognized success or a particularly productive partnership\u2014and find opportunities to share those stories during the course of an interview, too, says Kimberly Roush, founder of All-Star Executive Coaching. \u201cWhen people talk about a challenge, you hear angst in the voice. But when you talk about a time when you were thriving, your eyes are going to sparkle,\u201d she says. She advises candidates to create a narrative that shares the situation, the action, the result and why that experience was so meaningful.Create good visualsIt should go without saying, but yet it needs repeating: Dress appropriately for the interview. Recruiters, career coaches, and hiring managers say they continue to see candidates who are unkempt and now, in the era of virtual interviews, poorly positioned for the camera with questionable materials in view. Paul Wallenberg, who as director of technology services at the staffing firm LaSalle Network recruits for hard-to-reach IT and security talent, says he has seen his share of candidates with hoodies pulled up over their heads. (\u201cThat may say something [negative] about your willingness to interact with people,\u201d he notes.) He also has seen candidates with violent music posters in the background and others with political flyers in view. One candidate had dozens of anime figurines positioned in a battle-like scene right behind him. \u201cHow do you not know if it\u2019s in view of the camera?\u201d Wallenberg asks with a sense of disbelief. \u201cJust be self-aware.\u201dBut let your personality come throughWhen interviewing candidates for an open staff position, Kirby says he\u2019s looking for someone who has the right skills as well as for someone who understands his company, its business and the industry so they know how to apply their skills to the organization\u2019s security needs. But he\u2019s also looking for someone who will work well with his team and who will feel comfortable being part of the security department. Candidates should want that, too, he and others say, stressing that interviews are a chance for both sides to figure out if they\u2019re a good fit for each other. Kirby says he can quiz candidates on their skills and their knowledge of the company and its work, but he needs candidates to be themselves to determine if they\u2019re going to fit well with the security team. \u201cBut too often they put on a fa\u00e7ade of what they think we want a professional to look like,\u201d he says.