A Focused Approach to the Common Interview Process

Filling positions in the information technology career field, particularly in cybersecurity, can present unique challenges. Companies and organizations have realized the vital role cybersecurity plays in daily operations, including protection of company assets from cybercrimes such as DDoS attacks, ransomware, and advanced phishing campaigns. Skilled cybersecurity professionals are being recruited to alleviate these risks and take measures to prevent breaches. Finding suitable candidates can prove difficult, as interviewers must account for the candidate’s analytical and technical skills and determine if the individual would be a good fit for the team and culture. This blog will explain how Bitdefender’s Security Operations Center (SOC) approaches this common challenge by focusing mainly on candidates’ analytical and problem-solving skills. We will also address our views on questions of technical and cultural fit.

Culture Fit:

Beginning interviews with the cultural fit enables the interviewer to get to know the candidate on a personal level. A candidate whose values align with your company and team will more likely fit into the work place environment. In the case of discrepancies between the values of the candidate and mission of the company, the interviewer must evaluate the tension it may cause and how this could affect work quality and job satisfaction among the team; a glaring mismatch should be avoided.

Technical Knowledge:

This portion of the interview can cause some anxiety for candidates. During this step, the interviewer evaluates the candidate’s knowledge and skill set on topics related to the role. This is typically handled by phrasing questions using vocabulary or nomenclature (jargon) commonly used in the position. The candidate’s responses are used to determine if their technical ability matches the role. These questions are good to ask, as they reveal a candidate’s level of preparation, however, an interview should not consist of only this type of material. An interview based solely on technical knowledge questions typically only serves to show that a candidate has memorized the answers ahead of time.

Analytical and Problem-Solving Skills:

Testing a candidate’s analytical and problem-solving skills can greatly improve the evaluation process as it assesses their ability to connect the dots, gather information and use critical/lateral thinking. Scenario-based questions elicit a better understanding of how their mind tackles problems. Even if they can’t come to the correct conclusion immediately, their thought process may be on the correct path; they may just need a small hint to get to the answer.

As the process continues, candidates are also evaluated on how effectively they communicate their responses. This highlights how well (or poorly) they would communicate information gathered during an incident to other team members and the incident handler. At times, some candidates struggle to convey their thoughts to an interviewer. If interviewers recognize this, the consideration of the candidate shouldn’t end. While this behavior should be taken into consideration, we also need to realize that there are many unknowns when coming in for an interview and candidates can only do so much to prepare. That alone immediately makes it a high-stress environment. They may not struggle to convey their thoughts if they were in a situation they had been trained for like the employees already filling the positions on your team who know exactly what is expected of them during high-stress occurrences like incidents.

Additional ways to further assess competency for the position include giving them a practical assessment relevant to the role so they can display their technical abilities. Here are some examples to offer the candidate:

  • Present syslog information and ask them to explain what’s happening given the data presented
  • Present a PCAP snippet and ask them what might be going on in the network that could be potentially alarming

(For the practical assessment, interviewers could use a virtual machine or present images of the data to be analyzed)

To make the practical assessment more beneficial to yourself and the candidate, you could ask how all the information observed can be correlated into one event. Additional follow up questions could focus on asking if they think this is an incident and, if so, how they would remediate the problem. This is just another step to help interviewers evaluate the candidate’s capabilities.

Approaching the interview process this way gives companies a more dynamic way to evaluate potential candidates for their teams. This offers interviewers a better understanding of the candidate’s strengths, weakness and mindset. It’s ultimately up to the hiring manager to determine where a candidate would fit into the team. Once the interview is completed, interviewers, hiring managers and supervisors can better determine if the candidate would benefit the organization and whether they are hiring the best fit for their teams. By focusing on analytical and problem-solving questions and assessments, the Bitdefender SOC ensures candidates have a deeper understanding of the role and are not simply reciting memorized answers to common questions.