Four Areas That I Evaluate During An Information Security Interview

I wrote this article to document some of the key attributes I use to evaluate a candidate during an interview conversation. I look at interviews as a method of conversation with the candidate to understand how she/he will fit into a role.

The following four key attributes form the foundation and are generic in nature, yet outline their importance in the context of roles in the Information Security and Cybersecurity spaces. They are outlined in no particular order.

Ownership

InfoSec is all about Ownership. Everybody in the team owns up an area and delivers with this attitude. This is critical since in all industries the business will look up to the security team for all things security. If one is not able to own up and deliver on an agreed scope, it dilapidates the whole team and, most of all, puts security at risk for the entire organization.

Communication

One key skill required to flourish in the InfoSec world is Communication: verbal, written and all other forms. There will be situations every day where you need to communicate with your supervisors, your peers, management, Board members, community members etc. on all matters InfoSec and otherwise. Your ability to communicate and present effectively (accuracy and completeness included) is what makes you stand apart from the rest.

InfoSec provides you with ample opportunities for communication - in situations of incidents or otherwise. You will be expected to report, summarize and present everything you have done on a task at hand. People will also question you - sometimes stupid and most times challenging - your ability to think on your toes and communicate swiftly will bring glamour to your feet.

Problem-solving ability

In all InfoSec roles, sooner or later one realizes that day in and out, we are posed with problems - of incidents, people, process or technology amongst others. Your ability to collect the relevant information about a problem at hand and ask the right set of questions is what helps you navigate the maze and identify a solution. There will be situations where you will be stuck with limited information - that is when your ability to solve problems is put to test. To summarize, this ability is what helps you survive through the day. :)

Clarity of concepts

InfoSec is all about concepts and the way you apply them to a task at hand. If you have your basics (risk management, operating systems, databases, CIA, AAN, etc.) you are welcomed aboard. A lot of times, this attribute helps you navigate a situation, win an argument and helps you put your point forward. People in the field and your IT teams will also respect your views - hence a must-evaluate attribute in my list.  

If you are a rock-star on these four dimensions - you are on my team. If y'all can get these right, you are on the right track for an InfoSec career. The places you'll go!!!