Hays’ Christine Wright discusses the key topics infosec recruiters will want to know about and how candidates can best show their knowledge.
If you have an interview coming up for a cybersecurity role, preparation is everything. And there are two hot topics most employers want to know about now: the zero-trust model and ransomware.
The pandemic has permanently changed our outlook on remote work – with 82pc of company leaders planning to allow staff to work remotely, at least some of the time. But this shift also makes businesses more vulnerable to ransomware attacks.
A recent survey found that 96pc of companies were concerned about being hit by a ransomware attack during the pandemic.
Email phishing and compromised remote desktop protocol (RDP) are reportedly the top entry points for such attacks, which is bad news for the world of remote work. If the right measures are not put into place, remote working can introduce RDP vulnerabilities.
When workforces are based remotely rather than in the office, employees are also more susceptible to phishing scams, with 60pc of firms expecting to fall victim to an email-based attack in the next year.
Why do people interviewing for cybersecurity jobs need to know this?
Whether you are applying for Microsoft security jobs or cloud cybersecurity jobs, the world of infosec is now increasing in scale and complexity.
You must be prepared to answer some standard questions during a job interview. These are a great opportunity to help you stand out in today’s jobs market.
For example, an interviewer may ask you what security measures are required for your home network. Or they could ask how you can improve user authentication for an online application, or why DNS monitoring is important.
It can be difficult to predict what an interviewer will ask. But one way you can make a good impression is to make connections between your own cybersecurity expertise, the enterprise and the world of remote work.
It is also important to demonstrate your wider knowledge outside of your technical skillset. With more than half of companies lacking an effective cyber incident response plan, you need to demonstrate how you could help an organisation up its cybersecurity game.
A key area to consider is the human element of cybersecurity, where employees are often shirking their security responsibilities. How could you build buy-in with a remote team, for example?
What do you need to prepare for your cybersecurity interview?
Prepare some key points, explaining how your cybersecurity experience to date can help an organisation adapt to the new world of remote work.
A key topic to consider is the emerging zero-trust model, which is replacing the ‘castle and moat’ approach. This shift is happening because enterprises are now losing control over the networks.
In the pre-Covid world, everyone worked in the office and on dedicated devices, where firewalls gave a layer of protection. But remote work completely undermines this model.
Instead, businesses are turning to a zero-trust model. Here, the identity of every individual entering the network is verified and authenticated, across multiple checkpoints.
Five questions to ask your interviewer to demonstrate your expertise
If a specific question arises on the role of cybersecurity within the world of remote work, then that is the perfect chance to show off your knowledge. But if it hasn’t come up during your interview, don’t forget to mention it at the end when you have the opportunity to ask some questions.
Depending on what has already been discussed in the interview, you may want to ask:
- What cybersecurity plans do you currently have in place? Are they implemented across your organisation? If so, do you use a zero-trust model? If not, are you developing one?
- How does your organisation promote its cybersecurity measures and what sort of culture exists?
- Do you conduct regular cybersecurity audits? When was the last one you carried out?
- How is your cybersecurity function composed and managed? Do you use an in-house team or do some of the responsibilities go to contract staff?
- When it comes to your cybersecurity management, what is your greatest challenge? Is it prioritising different cyber risks, inadequate governance, or maybe a lack of management buy-in?
Your interviewer may not answer these questions due to their own security protocols. That’s fine. The point of asking these questions is to clearly demonstrate your ability to think about cybersecurity at an organisational level.
It shows you are not just thinking within your niche but are aware of the wider implications of cybersecurity for the current world of work.
If you can demonstrate your competence across the business world and within the world of cybersecurity, you are clearly showing your interviewer how you would be a valuable addition to their organisation.
Christine Wright is the senior vice-president of Hays US. A version of this article originally appeared on the Hays Technology blog.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.