Landing your First Role in Cyber (Pt 2)

Building a Portfolio 

Building your own portfolio can be a great way to showcase your work during the job hunt to potential employers. This can be done through a personal website, Github page, or other methods. Through different internships, classes you’ve taken, or personal projects you have undertaken, I am sure you have some items you can showcase! Here are some additional ideas for items that would be great to showcase in a portfolio: 

1. Malware analysis

2. Setting up your own hacking lab

3. Write up on utilizing a hacking tool

4. Write up on a recent cyber event

Here is a great guide to start creating a portfolio if you do not know where to start: HACK your way into a job (no experience required)

This video details how to begin creating your own portfolio site. It is super easy even if you have never made a website before. He also goes over some good resume tips and other job hunting tips, so it is a great watch. This video is from the channel NetworkChuck, and he makes great videos about all kinds of topics if you want to check out some of his other videos. He also has great ideas for some projects you could put in your portfolio, and he has his own example portfolio site which is great to reference.

Interviews

Congratulations! You made it past the initial application process and you have secured an interview! Yippee! This is no small feat, so you should be extremely proud of yourself for making it this far. However, the job hunt process is not done. Interviewing can be something nerve wracking, so I put together a list of tips to help you.

Interviewing Tips:

1. Remember to breathe and relax.

   Interviewing can be stressful, but if you are freaking yourself out, you will only do worse. Take deep breaths, and do something that calms you beforehand like going on a walk. Staying calm is going to allow you to put your best foot forward.

2. Review the resume and cover letter you submitted to the job posting.

   Be prepared to talk in depth about anything you put on your resume. Most likely, your interviewer is going to want to know more about your skills and experience, so be prepared to dive in.

3. Review the job posting again to see what kind of candidate they are looking for.

   Be able to market yourself and your skills to match this kind of candidate. This will help you show how you are truly the fit for the job.

4. Look up some basic interview practice questions.

   A basic google search of “cybersecurity interview questions” can give you a good idea. You can also look up some questions more specific to your role though. For example, if you are interviewing for a SOC analyst role, try searching “SOC analyst interview questions.” ChatGPT is also a great tool to use to quiz yourself. You can ask ChatGPT to ask you some cybersecurity interview questions.

5. Understand who you are interviewing with.

   Are you interviewing with a recruiter? Are you interviewing with someone more technical in the organization? Knowing who is interviewing you can give you insight into what kinds of questions you are going to be asked as well as how you should answer them. What is going to be important to a recruiter might not be as important as what a CISO is looking for.

6. See if you can find who is interviewing you on LinkedIn.

   I did this with the people working in cyber that interviewed me, and it gave me a good idea of what they might be looking for in a candidate.

7. Dress for success!

   Put on an outfit you feel confident and comfortable in so that you can best showcase yourself. Personally, I feel like the right outfit allows me to accel.

8. Have water ready for your interview.

   There is nothing worse than choking on your own spit or something in an interview. Also, if you need a second to think about your answer to a question, you can ask to take a sip of water.

9. Don’t be afraid to ask questions to your employer as well!

   When I interviewed, I asked those interviewing me what they found to be the most challenging part about the job. This gave me a way to connect with the people interviewing me, and it showed them that I wanted to make sure I was prepared to take on the challenges that came with the job. You also want to make sure that the organization is a good fit for you just as much as you are a good fit for the organization.

10. If you do not know the answer to a question asked or feel like you didn’t give your best answer, shake it off.

    No interview is going to be 100% perfect, and you are bound to make a mistake. Just keep going!

11. Really emphasize your passion and desire to learn in cybersecurity.

    This is what companies want to see, especially in someone fulfilling an entry level role. They want to know that you are committed to learning and growing in the field.

12. Do not be afraid to say that you do not know something or that you do not have experience with something.

    Interviewers will know when you are lying about something, and there is no need to lie about your experience or qualifications. Be open and honest, and if you can, say how you might go about solving something or finding an answer when you are facing uncertainty.

13. Be prepared for a long interviewing process.

    In this industry, there are usually several interviews carried out. You also might have interviews that are more talking about your experience as well as a more technical interview.

My interviewing experience:

In securing the position working as a cyber risk specialist for an insurance broker, I went through four formal interviews. I also visited the office before receiving a job offer, so this was almost like a fifth interview.

The first interview I had was with a recruiter for the company. This was over the phone, and she asked me some fairly basic questions as well as explained to me more about what the position was. She told me how they were looking for someone to help with their cyber insurance practice, and wanted a candidate who knew about cybersecurity but also had a good personality and was comfortable talking to others. The company wanted someone with a cyber background as well as someone who was able to talk about cybersecurity to others as this role is focused on helping clients decide what cyber insurance policy would be best for them.

She told me that I was going to be getting a call from the hiring manager for the position. She told me, “I am helping you out here. When so and so calls you be sure to be able to explain why you are interested in the insurance sector. He comes from the insurance side of the company, and he wants to know that you would be interested in learning about insurance for this role.” This was some great advice, and I had prepared an answer to this question when the hiring manager then called me for my second phone interview. While normally you wouldn’t get this direct kind of advice for an interview, it helped me realize how your interview can really dictate what your interview is going to be like. I talked with him over the phone, and I was then scheduled for another interview. '

I talked with both the recruiter and the hiring manager over Zoom, and then was invited to another interview. I had my final formal interview with both the person who had been sort of filling in for the position of cyber risk specialist at the company. He had no formal background in cyber, but came from an insurance background and had stepped up to learn as much as he could. This interview was also conducted with the national head of the cyber practice for the company, so I was a little bit nervous going into this interview. However, it went well and I was invited into the office to tour it, and I received a job offer that week! The interview process can definitely be long. I spent probably about 5 or 6 hours interviewing.

Because of what the recruiter had told me in wanting a “cyber person with a personality,” I emphasized my skills in talking about cyber to others and my experience in cyber awareness training. I had started a business in teaching kids about cybersecurity, and I had worked helping develop a curriculum to teach real estate agents about cyber risks they may face. I really highlighted these experiences to show that I knew how to talk to others about cybersecurity, especially those who do not come from a cyber background since this is what the position needed.

While this job role is most likely going to be different from the job you are interviewing for, I can give you the kinds of questions I remember them asking me to hopefully help you in your interview!

Questions I was asked through my interview process:

1. Since cybersecurity is always changing, how do you stay up to date in this field?

2. What led you to wanting to pursue cybersecurity?

3. What is your ultimate career goal in cybersecurity?

4. Why do you want to work in the insurance industry?

5. What was your least favorite class in college?

6. Do you feel comfortable talking with others that are in management positions or C-suite executives?

7. So, tell me about yourself (I always think open ended questions can be really hard ones to answer on the fly so this is a really good question to practice your answer to)

8. What did you learn from performing a risk assessment?

9. What was your favorite class in college?

10. On a scale from technical to sales oriented, what percentage do you think of each of these you are made up of?

11. Do you have experience conducting vulnerability assessments on a corporate level environment?

12. Tell me more about your business in teaching children about cybersecurity (be prepared to further explain anything on your resume)