“Tell me about your home network.”
It’s a simple query that seems innocent enough, but it tells Armor CSO Jeff Schilling quite a bit as he pounds the digital pavement for his next cyber security operative.
This and other interview pitfalls are the basis of a new story, “Interview questions to throw you off guard,” by CSO writer Ryan Francis.
As Schilling explains, the worst answers are those of indifference. “I don’t know” and “that’s not important to me” are red flags that a candidate doesn’t have the proper mindset for the mission. As Schilling told CSO, “one interviewee leaned back in his chair with a guilty look and asked: ‘Why do you want to know?’”
The candidate wasn’t in trouble. Quite the opposite. This is the type of cautious and meticulous demeanor Schilling seeks. People who build elaborate labs and networks for their personal use. Or those who deploy honeypots on the weekend — just for the hell of it.
In Francis’ story, Schilling’s approach was confirmed by Palo Alto Networks CSO Rick Howard, who uses similar tactics to find the proper candidates.
These executives comb the market for candidates who not only possess natural curiosities, but who also have the aptitude to build something unique and complex from the ground up. Only with this intricate knowledge of an environment can you know how and where to defend it.
From bringing attention to the shortage of security professionals to finding and educating cyber security professionals, it’s a challenge Schilling must take head on to bolster his growing security operations teams.
Francis uncovered other interview strategies such as candidates’ ability to take macro perspectives to learn and evolve. Others use brainteasers that force interviewees out of their comfort zone and require on-the-fly problem solving.
One interviewer likes to ask about three major projects that candidates were directly involved in and how it made them better cyber security professionals. And, finally, some keep with proven approaches: “What do you know about our company?”
Cyber security prospects almost need to live and breathe technology and security to be considered for these in-demand positions. But they also need to do their research — on the position, industry, company and the interviewer — to be properly prepared during the salvo of questions headed their way.