We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
An Enterprise Strategy Group study found that almost two-thirds of organizations intend to increase IT spending this year, with 69% of respondents noting that they were raising their cybersecurity spending in the same period. Only 2% expect to spend less on cybersecurity.
“Cybersecurity remains the top IT initiative in 2022,” said Jon Oltsik, an analyst at the Enterprise Strategy Group.
He added that the cybersecurity job market reflects these trends. There are far more companies looking for security specialists than there is talent available.
Cybersecurity jobs: A seller’s market
While it is a “seller’s market” that favors potential recruits over employers, interviews remain a fact of life. Prospective candidates had better be prepared. That means being ready to answer some tough questions.
There are plenty of sources around that offer the top 50 cybersecurity questions. These articles provide the questions as well as answers. Their goal is for job candidates to drill on answering these questions to appear more convincing during interviews. This approach has some validity. But it typically limits itself only to detailed technical questions rather than business-oriented questions.
The fact is that the field of security is diverse and constantly evolving. Knowing what technical questions will be asked is difficult if not impossible. Companies like Google are famous for providing candidates with obscure and highly technical problems to solve.
In this article, we split the questions into two categories. Ten technical questions that might come up, as well as 10 career — or business-oriented questions that prospective employers may ask.
Let’s start with the business or personal questions.
Top cybersecurity interview questions to expect for managerial or executive positions
Some firms just want to look at your credentials, certifications and experience, and will ask you a series of technical questions to see that you know your stuff. A few examples of such questions are included in the second part. However, many interviewers will want to dig deeper into motivations, purposes and personal attributes. They want to determine whether you are business savvy and have managerial aspirations, or prefer to remain purely as a cybersecurity technician or expert.
Here are a few possible questions that might crop up during an interview for a senior cybersecurity position:
- What do you know about how we address cybersecurity, and how do you think you can help us improve?
This question highlights how well or poorly you have done your homework. Ideally, you will have done a search online to see if the organization has made cybersecurity headlines for all the wrong reasons. Have they been hacked recently? Or held to ransom? Have they suffered any data breaches and been forced to report them? Google, news stories and press releases will probably tell the tale. Check, too, if the company is named in the press releases of any IT or security vendors. That will give you an idea of the type of tools they have in use internally and in the cloud. Additionally, job sites will no doubt provide plenty of clues. Ads for IT and security positions, even if already filled, typically list the platforms, tools, and skill sets they have in use or plan to deploy. Finally, the job posting you responded to should provide ample clues about what exactly they are looking for and the pain points they are experiencing.
- What cybersecurity skills and strengths can you bring to the table?
Here is a chance to blow your own trumpet — but not too hard. Be honest about your abilities. Highlight your primary areas of cybersecurity confidence. If the interviewer asks about a specific skill that you don’t have, be honest. But follow that up with a story that shows how rapidly you have learned a new area of security technology in the past.
- Where do you think the security landscape is heading?
This one demonstrates whether you are current on trends and know the latest technologies. If you start talking about virus signatures as opposed to zero-trust architectures, you are unlikely to be offered the position.
- What is your position on cloud-based security versus in-house security?
Be careful with questions like this. If you go on a roll about how only antiquated organizations try to manage security internally using on-premise tools, you may just have talked yourself out of a job. Know who you are talking to, their preferred approach to security, and address the question accordingly — with a touch of diplomacy if necessary.
- What kind of cybersecurity challenges have you enjoyed the most in previous positions?
Such questions are there to elicit responses that demonstrate your ability to solve problems in the real world. Answer honestly about a major challenge you faced and how you addressed it. The interviewer particularly wants to hear about the software, hardware and cloud elements, the security breach or challenge, and how it was resolved.
- What plans do you have to enhance your cybersecurity skills, such as new certifications or training, to help you achieve career goals?
In this one, the interviewer might be after your ambitions, to discover how driven you are to learn new skills and what you plan to do to become an even more valuable cybersecurity asset.
- If cybersecurity-related executive positions were to become available in this company, how do you think you could prepare yourself to become a good candidate?
Another question that probes ambition. This time, it is looking to see if a technically trained resource might be a candidate for chief information security officer (CISO) or similar positions in the future. An MBA is often a requirement to enter the C-suite. Sometimes, interviewers wonder if a candidate is motivated enough to complete an MBA part-time to prepare themselves for future promotions.
- How do you feel about providing cybersecurity briefings to upper management, and how would you approach it?
Such an inquiry seeks to determine if the candidate is comfortable translating technical language into business terms. Many in IT struggle in this area. Those who can pull it off are good candidates for managerial roles.
- Do you see your career path as heading in the direction of cybersecurity specialization and expertise, or more in the direction of managing a larger cybersecurity team?
Even though there is a severe shortage of general cybersecurity skills, many companies are desperate to find those who understand the complexities of security and can lead a team of technically skilled individuals.
- Can you give me an example of a security deployment or project you were involved in that demonstrated real business value to an organization?
Most IT personnel think in terms of bits and bytes, developing code and deploying systems. It is rare for an individual to see the broader picture of how all that fits into the achievement of strategic business objectives. If you seek either a management position or a career path that takes you there, be prepared to answer such questions from both a technical and a business perspective.
[Related: 3 most common — and dangerous — holes in companies’ cyber defenses]
Top cybersecurity interview questions of a technical nature
As noted earlier, here are a great many articles out there listing dozens of technical questions and offering potential answers. Candidates are advised to drill receiving these questions and delivering the response, much like a catechism.
The problem with such lists is that it is impossible to cover all areas of security technology. Someone using them to prepare may be caught flat-footed by a question that wasn’t included in their preparations. In addition, interviewees that provide glib answers learned by heart on such lists are likely to trip up under closer examination. A lack of actual know-how will be exposed, so don’t try to fake it.
For the remaining questions; therefore, we won’t attempt to cover the entire cybersecurity horizon. Instead, we will narrow it down to what is likely to be on the minds of recruiters and executives right now. And in the current IT climate, ransomware and cyberattacks in general are top of mind. Enterprise Strategy Group’s surveys show that 48% of respondents had been the victim of at least one successful ransomware attack, and the majority of them had paid a ransom. That’s why 46% of respondents named ransomware defense, protection and remediation as one of their most important business priorities.
Here is a sampling of the type of technical questions to expect on ransomware, data breaches, and responding to such attacks.
- What would you do if you arrived at or signed on to work and the organization was locked out of all systems by a ransomware attack?
This question merits a thorough answer. Lay out the steps to take to assess the extent of the breach, with an emphasis on initial containment of the attack.
- How would you go about restoring applications, systems and corporate data in the aftermath of a cyberattack?
The interviewer is probing to determine if you know about recovery efforts to get systems online via backups. Be ready to talk about finding backup tapes or other sources of backup data, how to ensure they are recovered onto systems that are free of infection, verifying the integrity of the backup and that the backup itself is free of ransomware, and more.
- What steps would you take if the early stages of a distributed denial of service (DDoS) attack were detected?
Know what the difference is between flooding attacks and crash attacks, and explain it well. Containment is key here. How do you avoid servers going down under the traffic onslaught? And if organizational servers and websites are taken down by DDoS, what technologies and processes would you implement to avoid such an occurrence in the future?
- The CEO inadvertently clicks on a phishing email and infects some systems. How would you address this?
Lay out the steps such as isolating the CEO’s device and cleansing it (and getting him or her a loaner in the meantime), checking the extent of the breach, eliminating any further phishing traffic that might be getting through, scanning for and removing malware, etc.
- In the aftermath of a breach, what steps would you take to prevent it from recurring?
Discuss forensic analysis, finding the source of the incursion, full remediation, review of security tools and procedures, etc.
- What basic actions, if done well, would reduce the likelihood of an attack or any damage that might result from it?
A smart way to answer this is to discuss things like automated patch management, backups, vulnerability scanning, penetration testing and user education. These actions are typically a lot less expensive than deploying expensive new security solutions. The organization may even have these systems already in place. Yet, such actions are often neglected. By reviewing the processes and approaches surrounding them, the organization can be better safeguarded without it costing a fortune in new technology.
- What steps would you take to reduce our susceptibility to phishing?
Phishing is probably the top avenue of attack into organizations. Know exactly what it is, the various social engineering tactics such as general phishing, spear phishing and CEO fraud. Have at hand some statistics on phishing prevalence among personnel and how comprehensive security awareness training substantially reduces phishing prevalence but does not eliminate it entirely. Advocate greater use of such training. But explain that it is not the answer to everything. It must be supported by other cybersecurity safeguards such as firewalls, antivirus software, anti-phishing filters and more.
- What is SQL injection, and how do you prevent it?
SQLi attacks execute malicious SQL queries and can be used to bypass application security or authorization and authentication logins and systems. Attacks vary depending on the type of database engine. Common variants include user input-based SQLi, cookie-based SQLi, HTTP headers-based SQLi and second-order SQLi. Mitigation and prevention of SQLi is initially all about knowing which applications may be vulnerable via vulnerability scans and penetration testing. SQLi detection and prevention tools should also be used.
- What is DevSecOps, and how can it help us enhance our security posture?
Know the relationship between devops and DevSecOps, how they fit in with application development and what it takes to implement them.
- What is the difference between a security incident and a breach?
An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset. A breach is an incident that results in the confirmed disclosure of data to an unauthorized party. Therefore, there are always many more incidents than breaches. If a breach occurs, the organization may be required to report the extent of data exposure.
Prepare well for the interview
Interview preparation can make all the difference between a successful and an unsuccessful interview. Get drilled on questions such as these by someone knowledgeable in security. Drill them again and again. Good luck.
Read next: 10 in-demand tech skills for 2022