Common interview questions

Now, let's look at some common interview questions I've gotten over the years. I've been asked the following:

• Who are you? (also known as, Tell me about yourself)

I've always wanted to answer this question with I'm Batman, but for some reason, I suspected the interviewer would not find that funny and I really needed the job at the time.

This question is not a place for you to share your childhood memories and how your mom didn't hug you enough.

Instead, what the interviewer wants to hear is a brief summary of your career with a focus on your impact on past employers. Think of this as your 30-second elevator pitch.

Here's an example:

From the job posting, it's clear the person in this Security Operations Center (SOC) analyst role needs to be ready to go on day one and deliver results fast. That's what I've been able to do at Acme Inc. I developed a new SIEM tool for them within 60 days of hire and created an automation program that reduced false positives by 12%. Would you like to hear more about anything I've mentioned so far?

• What is your greatest strength?

Under the section titled The HACK method later in this chapter, we'll talk about analyzing yourself. This greatest strength question is where you can focus on your key value points and how you are the right fit for the position.

Here's an example:

I would say my greatest strength is the ability to break down technical information and present it in an easily digestible format for stakeholders across an organization.

• What is your greatest weakness?

With this question, I would typically just bring up a weakness they already know about and then end with some of the value I bring to an organization. I work too hard would be a dumb answer here. The interviewer is typically trying to assess your self-awareness with this question.

Here's an example:

I would say my greatest weakness is that I don't have the required 27 years of Kubernetes experience, Certified Information Systems Security Professional (CISSP) certification, and 19 PhDs required in the job description for this entry-level cybersecurity position, but I did reduce support tickets by 14% in my last position, which saved Acme Inc over $57,000 United States dollars (USD).

• Why are you leaving your current job?

You should not answer this question with Because my boss sucks. I usually would answer this one with something about growing your career in a new role.

Here's an example:

While I've enjoyed my time at Acme Inc, I realized it was time to move to the next level in my career as a pentester.

• Where do you see yourself in (x) years?

This one is usually asked as Where do you see yourself in 5 years? Some people will tell you to answer I see myself working in your position, which is a dumb idea in my opinion. That puts the interviewer on the defense, and you want to keep them relaxed and liking you. I used to answer this one and then ask the interviewer a question. The more you can keep the interview a conversation and not an interview, the better off you are.

Here's an example:

For the next 5 years, I see myself growing in my skillset and taking on more responsibility in the organization. Can you tell me how other SOC analysts have advanced their careers at the company?

• What are your salary expectations?

Everyone hates this one. I typically would start by thanking them for the question and then mentioning if everyone decides it's a good match, we can discuss compensation at that time. You can also ask the interviewer directly what the salary range is for the position to see if they are willing to share it. Some companies out there require the interviewer to get an actual base salary number, so in those instances, I would usually quote 30-40% above what you're making now. Yes—that might get you disqualified from the job, but if they can't pay you a fair wage, why would you ever want to work there?

Here are a few examples:

I appreciate you asking me that question. Would you be against us discussing compensation after everyone has agreed that this is a good match?

I appreciate you asking that question. Are you needing a minimum salary number for your interview form?

Assuming they answer yes (most interviewers will be honest about this), then give them a number 30-40% above your current base salary.

Here are some interview questions I think you should ask:

• Which key performance indicators (KPIs) would you have for me in this position over the first 30, 60, and 90 days?

This question does a few things that benefit you. First, it gets the interviewer thinking of you in the position and not other candidates. Second, it lets you know what is expected of you in the position over the next 90 days. If the interviewer (assuming it's the hiring manager) has not thought about any KPIs for the position, it might indicate they are overwhelmed with work, and it might not be a good company for you.

• What kind of person succeeds at this company?

This helps you understand how the company defines success. If the answer is someone that works 100-hour weeks, then you should probably run out of that interview as fast as you can.

• What do you enjoy most about working at this company?

If the interviewer is happy in their role, then they might share a few things they love. On the other hand, by asking this question, you might be able to save yourself some headaches from working in a toxic environment. It's amazing what some interviewers will share with you if you ask the right questions (social engineering at its finest).

• What do you see as my greatest strengths for this position?

This question is another way to keep the interviewer thinking about you for the position over others. And if they don't have any strengths to share, it's highly unlikely you have a chance at getting the job, so you save yourself some stress in waiting to hear back.

Here are a few other tips for your interview:

• Make eye contact: I would say you want to make eye contact most of the time when you're listening to the interviewer and when you're answering questions. Little or no eye contact can make people suspicious and feel you're not trustworthy.
• Smile more: Don't be creepy with this one, though. If someone is constantly smiling in the interview, I immediately feel it's not genuine. Smile when appropriate, and if you're introverted like me, then try to remember to smile at least three to four times during the interview, especially when you first meet the interviewer.
• Appearance: As much as that person you follow on social media might want you to believe that appearance doesn't matter, it does. Be sure that you're well-groomed (and showered, please) and dress appropriately. I do recommend a suit (men and women) if you have one, but in most interviews, business casual is fine. I would suggest asking the person who set up the interview what the dress code is. With the global pandemic in recent years, many interviews have moved virtually through things such as Zoom. You want to maintain the same dress code for virtual interviews because you don't know when you may find yourself standing up during the interview and being caught just wearing your shorts—or worse.
• Research the company: Do your homework on the company—its mission, current/future project initiatives, financials, and so on. I'm always amazed at how many people show up to an interview without having done any open source intelligence (OSINT) on the company.

Think of it this way—if some person you didn't know walked up to you and proposed marriage, would you say yes? Or would you say no because you hadn't vetted them at all? Be smart. Do your homework.

• Don't bad-mouth a past employer or team: Yes—some companies (and some people) suck, but no one wants a negative person on their team. I remember a person I worked with many years ago who was negative about everything, and several productive people left the team because they were tired of hearing the endless complaints.

Remember—it only takes one bad apple on a team to change team dynamics and reduce the team's productivity.

• Don't be emotional: Remember—this is business, so don't get emotional when talking about past companies, and so on. The interviewer is not your therapist.
• Be concise in your answers: For most people, this means you need to practice your answers to common interview questions and figure out how you can say less to get the same point across.

I find myself rambling, especially if I get on a live question-and-answer (Q&A) session with students because I am so excited to educate them.

Here are some of the things I used to do during a job interview to reduce my rambling:

• To make a long story short is a phrase I use if I think I'm rambling so that I can wrap up whatever I am saying. You have to practice this and be conscious of the fact you are rambling for this one to be effective.
• Keep your answer short. I used to answer interviewer questions with just a few words and then ask them if they wanted to know anything more about what I had mentioned.