Failed SOC interview

Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
Interview

Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

SOC role in the DC area.

Required Knowledge/Experience:
A minimum of a Security+ certification
Combination of 3 years' and information security education experience
They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

Pay is 90-100k.

The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
Both interviewers handled my implosion well. I really appreciate them for that.

Lessons Learned:

Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

**** happens. Move on. Continue learning. Don’t be dumb.

Comments

  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    From what you shared it looks more like "interview passing skills" than "technical skills".

    Just apply for more and eventually after a dozen+ interviews you'll get familiar with the process and typical questions and will stop sweating on every little thing.

    Regarding the incident response process I just want to mention that there is no set in stone standard on the steps. All of them revolve around major phases such as preparation, detection, remediation.

    The (ISC)2 one, AFAIR, boils down to PICERL, which unfolds as prepare, identify, contain, eradicate, recover, lessons learned.
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,661 ■■■■■■■■■□
    +1 Interview skills. Sounds like you could of answered those if you had kept your heart rate down. Your worry took over and you were done after that.....

    I think the more you go through the interview process for these positions the better prepare you are. I'm not saying you shouldn't study etc.... But I wouldn't over compensate and grind yourself to a pulp either.

    I recently interviewed for a position and there was a heavy ETL component to it. I was spinning my wheels and clearly didn't get the job, but..... The questions they asked me were very telling and helpful. Interviewer asked me if I had any questions and I asked if the question he had asked would come up on this particular tool set in other jobs down the road. His reply, 100%.

    So now I have 5 integration questions for this tool set in my back pocket.
  • josephandrejosephandre Member Posts: 315 ■■■■□□□□□□
    tough break man, but as you've said, and others said use the experience as motivation and get back out there. i can't even tell you the amount of bad interviews i've had, but i can say i learned something from each of them and improved because of them. i like to aim high and put myself in uncomfortable situations because you can get complacent otherwise. good luck moving forward
  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,309 ■■■■■■■■■□
    Sounds like the biggest issue is that you aren't in interview shape and tried to run the full race after coming straight off the couch. icon_lol.gif

    Consider this one a practice lap and take a few more before you try for one you really want. IMO you have the skills and experience to make the jump, you need to work on your salesmanship which isn't typically a strength for most of us in this industry.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,661 ■■■■■■■■■□
    iBrokeIT wrote: »
    Sounds like the biggest issue is that you aren't in interview shape and tried to run the full race after coming straight off the couch. icon_lol.gif

    Consider this one a practice lap and take a few more before you try for one you really want. IMO you have the skills and experience to make the jump, you need to work on your salesmanship which isn't typically a strength for most of us in this industry.

    Agree +1000

    Clearly has the infrastructure background and was very smart about getting the appropriate certifications, not doing a cert barf strategy.

    From what little I know about you, it seems you pulled all the correct levers.
  • PseudonymPseudonym A+, Net+, Sec+, Linux+, ITIL v3, MCITP:EDST/EDA, CCNA R&S/Cyber Ops, MCSA:2008/2012, MCSE:CP&I Member Posts: 341 ■■■■□□□□□□
    If it makes you feel any better, I feel like it's very difficult to keep cert related information at the forefront of your mind if you're not doing it frequently, even if you did get it legitimately.

    Like everyone else said, just take this one on the chin and make sure you're fully prepared for the next one. Might end up being a blessing in disguise.
    Certifications - A+, Net+, Sec+, Linux+, ITIL v3, MCITP:EDST/EDA, CCNA R&S/Cyber Ops, MCSA:2008/2012, MCSE:CP&I, RHCSA
    Working on - RHCE
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    Agree +1000

    Clearly has the infrastructure background and was very smart about getting the appropriate certifications, not doing a cert barf strategy.

    From what little I know about you, it seems you pulled all the correct levers.

    thank you. I definitely have been trying to fill the security holes in my resume with targeted certs. I’ll Make note of where I fell short and get back up on that horse.
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    Pseudonym wrote: »
    If it makes you feel any better, I feel like it's very difficult to keep cert related information at the forefront of your mind if you're not doing it frequently, even if you did get it legitimately.

    Like everyone else said, just take this one on the chin and make sure you're fully prepared for the next one. Might end up being a blessing in disguise.

    Yeah, the cert knowledge really killed me. I need to review my notes on a regular basis. I’ll be ready for the next interview.
  • chapterchapter Member Posts: 14 ■■□□□□□□□□
    I wouldn't worry too much. Just ensure for the next interview you Google everything on the job description (keywords), check the profiles of the folks who are going to interview you. Give a short example with every answer. Everyone gets nervous in interviews or public speaking.
  • Goteki54Goteki54 SSCP, A+, Network +, Security + BaltimoreMember Posts: 79 ■■■□□□□□□□
    Shane2 said:
    Interview

    Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

    SOC role in the DC area.

    Required Knowledge/Experience:
    A minimum of a Security+ certification
    Combination of 3 years' and information security education experience
    They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

    Pay is 90-100k.

    The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

    The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

    The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
    Both interviewers handled my implosion well. I really appreciate them for that.

    Lessons Learned:

    Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

    Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

    Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

    Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

    **** happens. Move on. Continue learning. Don’t be dumb.


    It's the law of averages. As you said, just consider it a learning experience that will help you on the path to the job that's yours.


    CompTIA A+, Network+, Security +., SSCP
Sign In or Register to comment.