Hays’ Christine Wright discusses the key topics infosec recruiters will want to know about and how candidates can best demonstrate their knowledge.
If you have an upcoming interview for a cybersecurity role, preparation is key. And there are two hot topics most employers want to know about: the zero trust model and ransomware.
The pandemic has permanently changed our view of remote working – with 82% of business leaders planning to allow staff to work remotely, at least some of the time. But this change also makes businesses more vulnerable to ransomware attacks.
A recent survey found that 96% of businesses feared being hit by a ransomware attack during the pandemic.
Email phishing and compromised Remote Desktop Protocol (RDP) are believed to be the main entry points for these attacks, which is bad news for the remote working world. If the right measures are not put in place, remote work can introduce RDP vulnerabilities.
When workforces are based remotely rather than in the office, employees are also more susceptible to phishing scams, with 60% of businesses expecting to fall victim to an email attack within the next year.
Why should people interviewing for cybersecurity jobs know this?
Whether you’re applying for Microsoft security jobs or cloud cybersecurity jobs, the world of infosec is growing in size and complexity.
You should be prepared to answer some standard questions during a job interview. This is a great opportunity to stand out in today’s job market.
For example, an investigator may ask you what security measures are required for your home network. Or they might ask how you can improve user authentication for an online application, or why DNS monitoring is important.
It can be difficult to predict what an interviewer will ask. But one way to make a good impression is to make connections between your own cybersecurity expertise, the company, and the world of remote work.
It’s also important to demonstrate your broader knowledge outside of your technical skills. With more than half of businesses lacking an effective cyber incident response plan, you need to demonstrate how you could help an organization up their cybersecurity game.
A key area to consider is the human element of cybersecurity, where employees often shirk their security responsibilities. How could you get buy-in from a remote team, for example?
What should you prepare for your cybersecurity interview?
Have a few key takeaways ready, explaining how your cybersecurity experience to date can help an organization adapt to the new world of remote working.
A key topic to consider is the emerging zero-trust model, which replaces the “castle and moat” approach. This shift is happening because companies are now losing control of networks.
In the pre-Covid world, everyone worked in the office and on dedicated devices, where firewalls provided a layer of protection. But remote work completely undermines this model.
Instead, companies are moving towards a zero-trust model. Here, the identity of each individual entering the network is verified and authenticated, through several checkpoints.
Five questions to ask your interviewer to demonstrate your expertise
If a specific question arises about the role of cybersecurity in the world of remote work, this is the perfect opportunity to show off your knowledge. But if it didn’t come out during your interview, be sure to mention it at the end when you have a chance to ask a few questions.
Depending on what has already been discussed in the interview, you can ask:
- What cybersecurity plans do you currently have in place? Are they implemented across your organization? If so, are you using a zero-trust model? If not, are you developing one?
- How does your organization promote its cybersecurity measures and what kind of culture exists?
- Do you regularly perform cybersecurity audits? When was the last time you performed?
- How is your cybersecurity function composed and managed? Do you use an in-house team or do some of the responsibilities fall to contract staff?
- When it comes to managing cybersecurity, what is your biggest challenge? Is it prioritizing different cyber risks, inadequate governance, or perhaps a lack of management buy-in?
Your interviewer may not answer these questions due to their own security protocols. It is very good. The purpose of asking these questions is to clearly demonstrate your ability to think about cybersecurity at the organizational level.
It shows that you are not just thinking about your niche, but are aware of the broader implications of cybersecurity for today’s workplace.
If you can demonstrate your competence in the business world and in the world of cybersecurity, you clearly show your interviewer how you would be a valuable asset to their organization.
By Christine Wright
Christine Wright is Senior Vice President of Hays US. A version of this article originally appeared on the Hays Technology Blog.
10 things you need to know straight to your inbox every weekday. Sign up for the brief dailythe summary of essential science and technology news from Silicon Republic.