Home My First Job Interview in Cyber Security
Post
Cancel

My First Job Interview in Cyber Security

Intro

I recently had my first job interview in Cyber Security for a Junior Penetration Tester role and just wanted to break it down for fellow newbies like me to explain what they can expect when looking for roles!

Desktop View

The Recruiter

Having been a contractor for 10 years I have dealt with many recruiters and have had very mixed experiences! However I have to say the duo that I worked with have got to be the best I’ve come across!

The recruiter was working with a number of clients looking for Junior Penetration Testers whom were in process of taking their OSCP cert or had recently passed the exam. This was great for me having just passed and had no real world experience yet (17+ years in IT helped though!)

With their assistance we built a profile about myself to accompany my CV so that the prospective clients would get a feel about me as a candidate. As I said with no real world experience this was great as I could get across why they should take the time and put me through their interview process to prove I could be a great addition to the team.

Read the Cover Letter section at the bottom to boost your application as not all recruiters are this involved.

Sending my profile to their clients one took a keen interest and wanted to put me through their interview process.

The Interview Process

This was a two staged interview, a practical and a remote interview.

Practical Stage

The practical was to perform a penetration test with an allocated 3 hour time limit and then 90 minutes to write a report on my findings.

As with the OSCP this was an open book practical (no unknown person watching you pick your nose!)

If you’ve recently passed your OSCP, work on HTB or OffSec PG then you should have no issues with this stage of the interview! Keep calm, take notes, take screenshots as you go along, take short break if necessary etc)

One box was geared more towards infrastructure exploits (FTP,SMB,SMTP,etc), the second was hosting a web app and the third well numbnuts here tested my own VM provided to me! Thankfully I think the fact I provided my process of the testing they let it slide but was a 🤦‍♂️ moment when they explained in the interview what I’d done.

Read the penetration scenario/instructions twice!

Video Interview

Video/in-person interviews are all the same!

They’re designed to get to know you as a person, what your previous job history is, how would you deal with situation X and Y, what sort of career progression do you perhaps see, find out more about the company etc etc.

Did I Get The Job?

YES! 😄

I am officially going to be a Junior Penetration Tester!

The last couple years of hard work and perseverance has paid off!

I was very lucky to get a job offer on my first attempt. DO NOT get disheartened if you’ve had a number of interviews to no fruition. Ask for feedback and work with the advice.

Job Hunting Advice

Where to Apply?

I was passed on details of a recruiter via a friend of mine whom had seen a post on the Offensive Security Discord server under the #Career channel.

A number of IT Sec servers have #Career channels that mostly cover the US but there are some posts that are EU based. I suggest joining a few and check them out every couple of days as often these jobs are not advertised elsewhere.

Below are my suggestions of where to search for roles, increasingly people are shying away from job websites like JobServe and heading to Linkedin / community platforms.

  • Linkedin
  • Reddit (checkout IT Sec related subreddits)
  • Discord (OffSec, HTB, Blackhills, etc etc)
  • Company Websites (find the career@ address, apply speculatively)

Cover Letter

If you’re like me and have no experience in IT Security or under going a career change then I cannot stress enough to create a Cover Letter to accompany your CV.

A Cover Letter is a great way to get across details that do not have a place on your CV. Answer such questions as below (don’t put the questions in the cover!) Keep it precise and to the point, essay paragraphs will bore the reader.

  • Why or how you originally got interested in Cyber Security?

  • What draws you to the particular role you’re applying for?

  • What do you do in your spare time to pursue a career in Cyber Security?

  • What route do you see your career going?

  • What soft skills from previous roles are transferrable?

TL;DR

  • Wrote CV/Cover Letter
  • Applied for job
  • Two stage interview
  • Got job
This post is licensed under CC BY 4.0 by the author.