When it comes to hiring, enterprise security teams can use all of the help that they can rally. But when it comes to hiring entry-level talent, that\u2019s not as easy as it may seem.According to a poll last summer of 1,000 18\u201326 year olds conducted by Zogby Analytics and underwritten by Raytheon, about 40 percent of Millennials reported they would like to enter a career that makes the Internet safer, but roughly two-thirds of them said they aren\u2019t sure exactly what the cybersecurity profession is, and 64 percent said that they did not have access to the classes necessary to build the skills required for a career in information security.That means, at least when it comes to the entry-level information security market, that there will be many job applicants continuing to enter the field with backgrounds that lack formal information security training. This echoes what we hear when we speak with CISOs and others who often hire security talent.[ What to do when starting a new security job ]With all of this in mind, we recently reached out to those CISOs to see if there was a common thread of mistakes among information security career newcomers who are in the job market. Here\u2019s what we found:1. Fail to show oneself as a team playerSounds like a no-brainer, right? But it\u2019s not. Many of the hiring executives we spoke with say that personality can \u2013 and often does \u2013 trump technical assets. This is especially true as more and more information security roles interface with the rest of the business. It\u2019s essential that applicants be themselves \u2013 amiable, articulate, and able to prove that they can work with different areas within the organization.2. Sell one's self as a jack-of-all-trades\u201cEntry level applicants across almost all verticals of information security make the mistake of trying to be a one-size-fits-all candidate,\u201d says Boris Sverdlik, head of security at Oscar Insurance. \u201cSecurity is broken up across many verticals and even among those who are experienced, it's almost impossible to be well versed in all aspects,\u201d he says. \u201cThe most annoying candidate is the arrogant know-it-all,\u201d says Brian Martin, founder atDigital Trust, LLC. \u201cI don't mind arrogance when it's earned, but not in a kid who's never been tested. In cases where we've tried to work with these types, it hasn\u2019t ended well.\u201dIf you have interests in many skills in information security, highlight a couple that best meet the needs of the organization.3. Falling flat on job search and interviewing basicsFor many CISOs, such as Martin Fisher, manager of IT security at Northside Hospital, it is common for potential hires to harm themselves by flunking the basics of job seeking. \u201cOn resumes, misspell HIPAA, and I\u2019ll toss the resume,\u201d Fisher says. He also says that he too often encounters typos, punctuation errors, and resumes laden with information that's not relevant to the role being offered.Mike Kearn, principal security architect at US Bank, cited what job seekers don\u2019t do when it comes to the basics of interviewing. \u201cWhen I offer them an opportunity near the end of the interview to ask me anything, and I emphasize\u00a0the word \u2018anything,\u2019 the majority ask me softball kinds of questions about culture or why I like working there.\u00a0Missed opportunity on their part,\u201d he says.4. Believe certifications and degrees matter more than practical skills\u201cMany think that I care more about their degree or certifications than actual skills,\u201d Kearn says, while others are under the misguided assumption that a degree or a certification equals a job.\u00a0It doesn\u2019t."[ 10 security mistakes that will get you fired ]Likewise, many entry-level applicants think technology is the hammer to squash every security risk nail. \u201cToo many think that the solution to most problems is a technology control, rather than people and processes,\u201d says Eric Cowperthwaite, former CISO for Providence Health and Services and currently advanced security and strategy VP at Core Security Inc.Ben Rothke, senior eGRC consultant at Nettitude Group and former CISO, agrees. \u201cThe technology tools they have experience with are the definitive techniques for approaching information security.\u00a0Not every security problem can be fixed by a firewall or IDS,\u201d says Rothke.5. Stretch the truthThis one certainly isn\u2019t exclusive to information security, but it is especially silly to try to pull this off on experience security professionals who tend to be a suspicious bunch by nature. \u201cYou'll notice that they tend to exaggerate their experience to impress hiring managers; some range from slight fibs to full-blown lies,\u201d says Sverdlik.Have you ever caught a candidate in a lie?Kearn concurs: \u201cA lot of them attempt to inflate or enhance their resume by saying they know someone and are connected via LinkedIn. But when I press them on it, because I actually know the individual personally, they cave almost immediately.\u201d6. Don\u2019t understand the highly interpersonal nature of infosecMany entry-level applications come from workers in small businesses, and they are not prepared for or don\u2019t seem to understand how large enterprises function. That\u2019s fine, and part of the learning process for new professionals \u2013 but keep an open and learning mindset when it comes to practicing information security at a larger enterprise. \u201cA lot of people have expressed ways to do business that simply won't work in a large enterprise. Typically, the person would be very direct toward people who want an exception to security policy, avoid collaboration, avoid discovering why the person wants the exception, and just dictate behavior,\u201d says\u00a0Cowperthwaite.\u201cThey often don\u2019t realize that their excitement and sometimes irrational exuberance around all things information security is not shared by most people in the organization,\u201d Rothke says.In the end, perhaps the most important thing is to be one's self. \u201cShow that you have a passion for security, be it examining logs, performing code review or risk assessments, or even administering security appliances. If you are good at critical thinking and have a good technical background, learning the rest is easy,\u201d says Sverdlik.