Interviewing for a cyber security role? Be prepared for questions about two trending topics: ransomware and the zero trust model.
The shift to remote work makes companies more vulnerable to ransomware attacks. According to one cyber incident response firm, the top entry points for ransomware attacks are compromised remote desktop protocol (RDP) and email phishing. This is bad news since remote working introduces vulnerabilities to RDP if proper measures aren’t taken. Furthermore, employees are more susceptible to phishing scams, like a fraudulent request for a funds transfer, if they can’t verify information with colleagues in the office.
As a cyber security professional, you’re qualified to answer standard questions. Your interviewer might ask you to describe your home network, why DNS monitoring is important, or how you would improve user authentication. But most other candidates will know how to answer these questions as well. So stand out by making connections between your expertise, the enterprise, and what the world of virtual work today means for cyber security.
This is essential, because managers have become aware of an alarming fact: Even though cyber security is a shared responsibility, they are behind in terms of infusing cyber security into their company culture. In fact, 77 percent of companies don’t have a cyber incident response plan for the entire enterprise, let alone a cyber incident prevention plan. As a result, employees are “passing the buck” or adopting a “not my job” mentality to basic security hygiene.
Be prepared to discuss how your cyber security experience to date will adapt to this new world of virtual work. For instance, an important topic to be familiar with is the shift from the “castle and moat” security approach to the “zero trust” model. In the past, enterprises exercised significant control over their networks thanks to firewalls and dedicated devices at the office. The underlying assumption to the castle-and-moat approach is that everyone already in the network was safe. Remote work undermines this approach. Now, companies are embracing the “zero trust” model where the identity of every person entering the network must be verified and authenticated at multiple checkpoints.
There are several opportunities to organically weave this knowledge into your interview. The best time is when the interviewer asks if you have any questions. Based on what’s been discussed, consider asking questions like:
Your interviewer may not answer all these questions for security reasons. That’s fine. The point is to show them that you think about cyber security at an organizational level, that you understand the current business environment, and that you’d be a valuable addition to their cyber team.