Friday, February 11, 2022

55 Cyber Security Interview Questions (and Answers)


55 Cyber Security Interview Questions (and Answers)

If you’ve sent out your resume and received a call for an interview, congratulations.  Now the real work begins. it’s time to prepare. Regardless of whether it’s a phone or face to face interview, you need to be well prepared in order to make the best of the opportunity.  Besides the (hopefully) obvious things like dressing appropriately, being considerate and on time, it’s important to be prepared for the questions you are likely to be asked. A lack of preparation for an interview is always very evident and is a common reason why people do not get hired.  Preparing for an interview is important for everyone, especially if you are inexperienced in interviewing or haven’t interviewed in a while.

Listed below are common questions that you may be asked in an entry level cyber security job interview, along with suggested answers and tips.  Be sure to practice responding to these questions so that you have strong, well thought through answers ready before you get to the interview.

General Questions

You should expect a number of generalized questions about yourself, your last job, and what is motivating you to apply for the job that you’re applying for.  With these questions, employers are trying to get to know you and look for any red flags, like if you are not selective in the jobs you are applying for, if you have been a problem employee elsewhere and if you have been fired from your last job.  Employers arealso trying to determine if you are likable and if they want to work with you and if you’ll fit in with their team and culture. Let’s take a look at several possible general questions and suggested responses.

  • Why are you interested in this job, why did you apply for this job, or why are you interested in working here?

A very common first question that many interviewers will start with to break the ice is to ask why someone applied for the job that they are interviewing for.  A critical error here is to focus your answer solely on why the job is good for you and not on why you are good for the job and the employer. Remember that at the end of the day, employers care what hiring you will do for them.

  • Why are you leaving your current employer?

With any question about your current or former employers or bosses, never speak poorly about them.  If you do, they will assume you’ll do it to them too.

Example response:  I enjoy my current job and have been successful there, but I’m interested in finding a new opportunity where I can to continue to grow and utilize my (whatever skill you bring to this position that they need) skills.  

  • Tell us about yourself.

A common mistake with this statement is to give either too little or too much information.  Too little information doesn’t tell them anything, and too much information tells them things that don’t relate to the position.

The best way to think about this question is that what the employer is really asking is “tell us the things about you that make you a good hire.”

Example response:  I am currently enrolled in a cyber security program at the local college.  I plan on graduating by XX. I have experience with XX from my prior job at XX.  I enjoy working with technology and am interested in getting more into (whatever this job does.)

  • Do you enjoy your current job?

A similar response as #2 above would be good here.  Saying that you do enjoy your current position but you looking for an opportunity for growth is a safe bet.  Be careful to not speak poorly about your current job or employer here. Focusing on the positive aspects of the job, such as the skills you’ve learned, is always helpful.

  • I see that you are in school.  What is your favorite class?

If the employer asks about your current classes, it’s okay to be honest, but always be positive.   Share the things you have learned in the classes. Show that you have an interest in learning.

  • Where do you see yourself in five years?

A lack of an answer for this question will indicate to some employers that you are aimless.  To best answer this question, consider an answer that indicates what kind of work you want to be doing in five years and the knowledge you’d like to have by then.

  • I see that you are not currently working.  What have you been doing?

The same as #6 above, a lack of an answer for this question indicates a lack of directly.  You should be doing something productive with your time, so share whatever that is. Possible answers would be “I’ve been focused on being a stay at home mom” or “I’ve been focused on attending college”

  • What are your strengths?

This question is really “what are your strengths that will benefit us if we hire you.”  Provide two or perhaps three strengths, and say them in an affirmative way. In other words, say “I’m able to learn new technology quickly” instead of “I think I’m able to learn new technology quickly.”

  • What are your weaknesses?

This is another question you’ll want to have a quick answer for.  Consider your response to be focused more on what you are improving on than what your weaknesses are.  For example, “I’ve been focusing lately on being more organized” is better than “I’m not very organized.”

  • Do you work better alone or in a team?

This question almost feels like a no-win, so it’s probably best to share that you don’t mind either work format and know that both formats are needed, based on the project that is being completed.

  • What do you do for fun?

With this question, an employer is trying to get to know you, know you have a balance of interests and are generally a normal person.  It’s okay to share some basic information about interests you have, but be careful not to spend too much time on the answer or allow the conversation move away from the job and become more of a conversation about hobbies.  I have seen this happen where the conversation moved in this direction and then time ran out. The result – we didn’t get a chance to really learn if the applicant was qualified.

  • Is there anything you believe we should have asked you that we didn’t?

This is an opportunity to share more information about your skills.  Here you can say, “No, I just would say that I am very interested in this position and believe my skill in XX would be a good fit for this position.”

  • Do you work well with others?

This is a poor question that is sometimes asked.  The answer, of course, is that you’re a great teammate and you work well with everyone.

  • Do you have a network at home?

This question is used often to determine how interested someone really is about technology and cyber security.  The best answer is to share details about your network, including technology specifics, or if you don’t have much in the way of equipment, share what you do have and that you are working on building it up.

  • Do you have any questions for us?

To show interest, you should ask one or two questions if they ask you if you have any.  Usually this question comes at the end of the interview, so the interviewer may be looking to wrap things up.  Because of this you don’t want to go on and on with lots of questions. You can ask a question about a specific technology or something general, such as how large the department is.

Remember, you’ll have an opportunity to ask more questions if the process moves to the next step, and certainly before you entertain a job offer.  

  • How do you stay up to date with the latest technology?

This is a question that is almost guaranteed to be asked by an interviewer.  With this question, they want to see that you actively work to keep your knowledge updated.  Share what you do to keep up with technology, which should be that you are pursuing your education and that you subscribe to a number of blogs and journals.  List those in your response as well.

  • How does your current company handle X?

Sometimes an interviewer who is in charge of technology will ask about the technology at your current organization.  In most cases, this is done because they are curious how technology is deployed elsewhere, but they also want to see how well you understand the technology that you’ve been working with and they level of access and trust that the company placed in you.

For this question, it’s okay to share information about the network and technology, as long as it isn’t proprietary knowledge, a trade secret or you’ve signed a non-disclosure agreement.  But general information on things that most people use, such as saying “they use Cisco routers” or “they are a Microsoft shop” or “we supported XX number of employees” is usually okay.

  • What did you think about that new security breach in the news?  

Just like a nurse who should be aware of the latest flu outbreak, if a new cyber security breach is in the news (and one probably is), you should be aware of it and be able to speak generally about it.  Make sure you are aware of the major breaches that have happened in the last 90 days.

  • Was your last organization affected by the XX?

Just as in the previous question, you should be aware of common viruses, ransomware outbreaks and so on, and be able to share whether that affected your prior job or not.

Customer Service Questions

Questions in the customer service category are intended to determine how well you will interact with customers and your approach to handling and resolving issues.  these are important question you can’t write an elaborate on well. Let’s take a look safe to potential customer service related questions.

  • Tell me about a time that you were faced with a problem at your job and didn’t know what to do?

Use a question like this as an opportunity to show that you’re a problem solver and can find solutions, especially while working independently. You’ll notice in several of these examples the best approach is to twist the question by using it as an opportunity to answer how your skills are ideal for the position you’re applying for.

To best answer a question like this, share a problem you faced in a prior position or elsewhere, and then share how you worked to solve that issue.   Be sure to include that the resolution was successful.

  • How would you handle an irate customer?

A scenario question like this is meant to test your reasoning process and customer service approach.  It’s very difficult to describe in words how you would respond to a live issue such as this, and most people’s answers to this question are not an accurate portrayal of how they would actually respond.

To best answer this question, try to lay out a logical approach, such as:  “I would first make sure that i introduce myself so that they know who they are speaking with. I would make sure I get their name and call back information in case we get disconnected.  I would then try to calm them by sympathizing with their concerns and sharing that I am dedicated to helping them.:

  • If a customer called you and said they were not able to access their email, what would you do?

Any technical issue question like this is trying to uncover your reasoning ability.  Just like the previous question, try to communicate a logical approach. Common responses here are “I would start by asking when the issue started, ask if others in the office are having the same issue”, and so on.

  • How do you prioritize different projects?

This question is also difficult to put into words, but when describing a method for prioritization, focus on sharing that you prioritize based on deadlines and what resources are needed to complete a project.  

Technical Questions

In this section, I’ve listed a number of potential technical questions that you may be asked on an interview.  Technical questions can vary greatly from job to job since positions can differ so greatly in the responsibilities they have and the technology that they work with.  For whichever job you apply for, you should be comfortable with answering the basic technology questions related to that job. I’m not going to list the answers here since you should be doing your own research and learning.  Let’s take a look at a few examples.

  • What is the difference between an IDS and an IPS?
  • Can you describe the DHCP protocol?
  • What is an example of social engineering?
  • What is a port scanner?
  • What port is the SMTP protocol on?
  • What VM software have you used?
  • What is the subnet mask for a /25 network?
  • What happens to data at each level of the TCP/IP model (or OSI model)?
  • What experience do you have working on multilayer switches?
  • Have you ever configured a firewall?
  • Explain the CIA triad of security.
  • What is the difference between black hat, gray hat and white hat hacking?
  • Your resume says that you have experience with X technology.  Tell me about that.
  • What is the difference between symmetric and asymmetric encryption?
  • What are the challenges of BYOD policies?
  • What is the difference between TCP and UDP?
  • What is two factor authentication?
  • What does the IP address 169.254.X.X mean?
  • What is a DoS attack?
  • What is hashing?
  • What is TLS?
  • How would you verify connectivity to the network?
  • Describe IPSec.
  • How would you set up a user account on…?
  • On this computer, show me how you would..

Hiring Questions

Hiring questions are often the most difficult questions because they relate to money and the structure of the job.  Perhaps most importantly, be on the lookout for signs of how the employer will treat you based on what they ask and how they respond to your questions.  If there are going to be warning signs of a bad employer that you don’t want to work for, they often show up here.

  • What are your salary requirements?

Employers love to ask this question because they always want a bargain and they know that if you give them your number first, they have the upper hand.  The best angle is to do your research and know what the market is paying, and what salary you deserve.

  • Are you eligible to work in the United States?

A requirement for some positions.  

  • Do you drink alcohol or do drugs?

Sometimes an uncomfortable question, but one that has been asked on occasion.  You know what is legal and illegal here, but keep in mind that the employer may also be looking at liability, especially if you will be driving or on client sites as part of your job.

  • Do you have a license and are you able to drive?

It’s often surprisingly difficult for employers to find someone who can drive and can pass a drug test.  Just like in the last question, they are verifying you can handle all aspects of the job, especially if you will be driving or on a customer site.

  • This position requires a flexible schedule.  Are you able to work that type of schedule?

It’s probably best to be open and honest with this question.  Any employer should expect that employees do have some personal responsibilities or interests.  A good answer here is to say that you are flexible and committed to getting your work done, but do have a few personal responsibilities like everyone else.  Most employers are good to work with, but some are downright unfair and take advantage of employees. If you ask what kind of flexibility they need, you may be able to get a glimpse of what time of employer they are.

  • Can we call your references?

Calling references is almost standard practice, but you should have the option to hold this off until they are about to hire you.  Asking them to wait until they are finalizing the decision to hire you is not too much to ask.

  • When can you start?

If you have a current position, you probably should give them some notice.  Employers aren’t always fair about giving employees notice, but this is more about your reputation than anything else.  Tell the employer that you would be able to start in two weeks (or whatever arrangement you have) and say that you want to be fair to your current employer.  Some employers will pressure you to start earlier because they have a current need, but this really is somewhat discourteous. If they push hard on this, than that should be an indication of how they’ll treat you down the line too.

Hopefully these questions and answers help you in your interview process.  Remember that interviewing takes practice, so have at least two different people ask you these questions to prepare for any interview you have.  Good luck!

Matt Day

Matt Day is a cybersecurity professional with over twenty years of experience in the IT, cybersecurity and technology training fields. He holds CompTIA A+, Network+, Security+ and Cisco CCNA certifications, and is the author of the book CCENT Troubleshooting Guide.