Interviews (Saga of SOC Analysts/Cyber Security Analysts)

What does come to your mind when you hear the word “interview”?

For most I guess its about the aspiration of landing their next job. At the same time you get some butterflies in the stomach, little anxiousness and nervousness is there in the air and obviously we also start thinking “What questions might the interviewer ask”, “Will it be too tough?”, “What if I don’t clear?”, “Will there be too many rounds?”

As a manager taking interviews and seeing umpteen number of candidates not getting selected, I thought of putting my perspectives (at least what I personally look for and thought of sharing it with the larger audience (whoever reads this !)

First and the foremost thing is going through the job description and understanding it. If you are not clear, please get in touch with the recruiter and clarify or even get in touch with the hiring manager.

Secondly please learn about the company as much as possible and some of the key facts/interesting facts about the company that you liked and what made you feel that you need to apply for a job in this company.

Please prepare your resume according to the job role and customize it. Although resume is a not a legal document, make sure that you know things that are written on your resume. I see lot of candidates mentioning a number of tools and skills and when I ask them questions surrounding it, the tone completely changes and start hearing answers like “ I was doing it a while back and don’t recollect” or “I don’t do that much of analysis/investigation, there’s another team for it” or they just start telling something irrelevant to the question asked.

This brings to another point: Please hear the question properly and take time to think on what you want to say. I think this is the biggest pet peeve for anybody interviewing when they ask something and the person responds to some thing else which doesn’t make sense, then your chances of cracking the interview ends at that point. You would be in a much better shape if you mention “I don’t know” and somehow convince that you can learn the concept/tool quickly with your past experience.

Next is please prepare for your interview and go through some of the fundamental stuff (irrespective of technology/tools/industry). Basic concepts like networking, OS concepts, Security concepts etc., Generally the interviewers would like to take the onion model by peeling the outside (fundamentals) and then dig bit deep if your fundamentals are good.

Often I have seen that candidates are stuck to their thinking or speak in terms of the SOP they are following and don’t really think like an analyst should do and that disappoints me personally because we are not looking for people to just follow the rules like a robot. (Even robots are becoming intelligent these days!). We want analysts who can think beyond the SOP’s and handle some tricky situations. We don’t want them to be blank if something not written in the playbook/runbook appears in real time. Other thing what I have seen with candidates/analysts is that they say “This is being handled by the L2 team or a L3 team or there is another team”. Obviously there are multiple teams within a SOC but your learning happens only when you push yourself outside the comfort zone and are curious & think like an analyst and say “Hey what happens after I escalate it? What do these L2/L3 guys really do? What analysis do they do and how can I learn it?

The last thing that I would like to highlight: When the interviewer gives you a chance to ask questions — Please ask good questions. I have seen so many people telling “No, I don’t have any questions” which again might cut down your chances of succeeding. This implies that you are not really passionate about the role or the company and you just want to get in there somehow.

When you ask questions, it shows that you are really interested in the role/company. Please ask questions such as “Can you describe more about the role?” or “What’s the interesting thing the team did in the last 6 months?” or “What’s the roadmap of the team/division or the company?” or “How success looks like for your new role” or “ask about the company culture” etc.,

Hope these points help you with your next interview and wishing you all the best :)