To be completely honest with you, I actually liked my last job. Sure it had its ups and downs, but the situations I grew from and the relationships I fostered are what turned me into the so-called IT security professional I am today. Like all aspects in life, I had reached the point where it was time to expand my boundaries and take on new challenges. Despite this ambitious feeling, I was found myself getting in over my head having jumped into the business side of what we do.
Let’s be real here: Job interviews aren’t the most fun thing for anyone to go through. The anxious feelings about your job readiness. The constant questioning of your own skills from people you’ve never met before. The seemingly pointless tech questions about port numbers that make no real impact on how you do your day to day job. These are realities that Cybersecurity professionals like us have to deal with every time we hit the open market. Fortunately, after going through three interview processes with industry leaders in vastly different spaces, I started to hit my stride and handle these difficult situations with a newfound confidence. While I cannot give you the secrets to nailing any interview or getting every job you apply for, I can tell you what works for me, and I can tell you that this process can be much more enjoyable once you take a few minutes to re-frame your mindset about the whole interview experience.
This bit of advice will not be targeting common questions, but more so explaining why I used to struggle to prepare for infosec interviews (and interviews in general) and why I do not anymore. If you are looking for a more traditional list of common entry level questions, I would recommend these lists from Daniel Messler and Sakshi Gupta.
Why I Struggled
1. Imposter Syndrome.
As I explained in my first post in this site, I used to suffer from imposter syndrome. This did not make facing a technical interview any easier. Filled with self-doubt, I would spend far too much time worrying myself with questions like “What if I just got better at my previous job, but not at being an infosec professional” or “What if they discover I was truly an imposter and just think I am wasting their time”. These thoughts are clearly counterproductive, not because you have to be confident to “sell yourself”, but because they take your mind away from being yourself. The idealization of a potential employer, together with undermining your own ability or experience, can make it very challenging to find out if they are even a good fit for you in the first place.
2. I wanted to control everything.
I wanted to anticipate any possible question, think of any possible answer, to know exactly how the conversation would evolve passed the initial answer. The reality is that this is such a broad field with so many variables. A SOC Analyst’s day in Company A and at Company B may not look alike (customer facing vs. single environment, tool set, organizational maturity, escalation paths, support teams, etc.). Experiences in our field may never be identical, and a good employer should know that.
While I definitely do recommend a certain amount of prepping or research into the company/position/specifics, chasing that total control is not ideal. After all, this is still a fairly young industry. Generic Google search rabbit holes would only get you so far, and not all the answers research will provide are tailored to the organization or structure you would be joining.
What Helped Me
1. I no longer wanted to impress a potential employer, I wanted to make sure we matched.
Though it may sound simple, this was a very important change. By doing this, I started to place the same amount of value on myself as I did with the potential employer. I understood that we all have different experiences in this field. Though I may not have experience with tool X or action Y that the employer listed, I do have equally relevant experience tackling other similar challenges. Placing that amount of self-value was foundational to performing better in interviews. Changing the goal from impressing to collaborating made me realize that the only way to ensure we matched was to be myself.
2. I know what I know, and have to be at peace with it.
Be okay with letting your interviewer know that you don’t know the answers to all of their questions. I am okay admitting to not knowing a random port number or a Linux command. Those type of bits of knowledge are only a quick google search away anyways, and I would rather save cycles for correlation/critical thinking tasks. I am no longer intimidated by admitting something like that as I believe an organization that makes that admission a determining factor against hiring me is not a good match.
3. I wear the employer’s shoes.
Every interview requires a level of research about your potential employer, but you need to go past face value and look into what the company’s vision actually is. Ask yourself -What are they looking for to take their company to the next level? This process is all about finding the common ground between yourself and the company. With that mindset, why not try finding an angle where you fill a niche for them? This is also the perfect place to remember that soft skills are just as important to Cybersecurity as technical skills. Whether you bring technical ability from your current role or carry over the ability to be an exceptional communicator, there are always unique traits that can make you the perfect person for the job. Another “trick” that helps me keep my nerves in check during interviews is to realize that what to me may feel like the opportunity of a life time (and thus induce endless amounts of anxiety), may just be a very much welcomed break during a busy day for the interviewer(s). Focusing on that different perspective coming into an interview helps, in a way, switch the focus from anxiety-inducing thoughts to being effective during that short period of time.
4. There are plenty of opportunities out there.
While we’re in the heat of an interview, it sometimes slips our mind that there are plenty of opportunities out there. The Cybersecurity field is growing by the second, presenting new opportunities left and right for candidates with drastically different skill-sets. If this interview doesn’t feel like a fit for you, chances are you can have another opportunity lined up that may suit you better. Even when you are just breaking into the field, your talent level can qualify you for a bounty of positions. So when you do run into negativity and feel that imposter syndrome getting to you, just remember that this is just a conversation like any other. The fact that there is the possibility of a new job and a fresh start at the end of the process shouldn’t bring out negative emotions, it should excite you.
These are the ways I have found to quickly improve my experience during interviews. Interviews are not an exact science, so tell me, what works for you? Let’s continue the conversation either here or on Twitter @spapjh.