Interview questions to throw you off guard

Sure there are those boilerplate questions such as do you work well with others or what are your strengths and weaknesses, but there are a few questions that interviewers ask that they hope will set you apart from the others.

Jeff Schilling, CSO at managed security provider Armor, likes to ask prospective candidates about their home network. “I like to get a sense that folks who are watching our cybersecurity tools have a love for tinkering around or have their own lab and treat cyber security as their passion and hobby, not just a job.”

He said the worst responses are “I am not sure” or “that is not really important to me.”  But the best response he ever got was when the interviewee leaned back in his chair with a guilty look and asked: “Why do you want to know.”  Turns out this prospect had a very elaborate home network with gaming, Linux labs and public cloud honey pot collecting.  “I really think he thought he was in trouble,” Schilling said.

Rick Howard, CSO at Palo Alto Networks, tries to allow the interviewee to get comfortable with a few questions trying to get to know the candidate. Near the end of the interview he throws the curve ball by asking similar to Schilling what their home network is like.

“That may seem strange, but in the cybersecurity field, if s/he is not running at least one Linux box at home that s/he built alone, s/he does not have the intellectual curiosity and technical competence to be on my team,” Howard said. “The people that work for me have to solve problems for themselves in a highly technical arena.”

He said it is not that they have to know Linux, but they have to be able to solve technical challenges on their own. Building a Linux box from scratch is a great demonstration that you can handle yourself.

“I would say in general, if you fancy yourself to be a cybersecurity expert or if you are just getting into the field, if you have not built some kind of Linux box on your own just because you think it is cool, then you should reconsider your career field,” Howard said.

Geoff Webb, vice president of solution strategy for NetIQ, the security portfolio of Micro Focus, wants to find out if the candidate has a macro view of the security industry. “The InfoSec world is moving extremely quickly and one of the biggest mistakes we make as an industry is to fail to adapt to the profound changes we are seeing – whether in the type of attack facing organizations or the impact of new technologies,” he said. He wants to know if the candidate has the wherewithal to know what mistakes were made in the past so not to repeat them in the future.

[ ALSO ON CSO: Infosec jobs: 5 Ways to score an ace recruiter ]

“How do they characterize the changes that have occurred in the last couple of years, and what major changes are on the way?,” he added.

Then there is the interviewer who tries to catch you off guard. Ryan O’Leary, senior director of the Threat Research Center at WhiteHat Security, asks a brain teaser that forces the applicant to look at a problem from a different angle.

“A security engineer needs to look at something, be given how it should work and then figure out how to break it. It’s a skill that’s difficult to teach and the primary trait we look for in applicants,” he said.

According to Robert Half Technologies, the largest expected gains in the number of jobs available are in tech, where starting salaries for newly hired IT workers are forecast to climb 5.3%. So it goes without saying that these job interviews are extremely important.

Joey Peloquin, senior manager, Threat & Vulnerability Management at Citrix, sees tons of resumes and often asks candidates what sets them apart from the rest of the pack. “It’s an opportunity to evaluate a number of skills and characteristics with a single question: communication, depth and breadth of knowledge, confidence, ego, and so on. They even the playing field and suggested possible deficiencies provide a glimpse into their demeanor under pressure.”

He added that the leading security professionals are forged through a rapid iteration process of failures and successes. One of the most important questions to ask to build on the above is, “What are the last three significant projects you worked on in detail and how are you a better security professional because of them?”

Leigh Fransen, recruiting manager at Beyond Trust, goes with the tried-and-true method of first finding out if the candidate has done their homework in researching the company. “The candidate’s answer to this simple question will give us insight into his/her industry experience, ability to come prepared and do research (which we expect they will do), and will also open a discussion about the culture at BeyondTrust and the dominance of our products in the market.”

Andrew Wertkin, CTO at BlueCat Networks, might ask candidates to describe the level of risk that currently exists in his company’s environment? He would look for the prospective employee to take him through the steps to identify risks, how you would implement the full cycle of your project, and describe the operational impact of the solution you are proposing.