Failed SOC interview

Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

SOC role in the DC area.

Required Knowledge/Experience:
A minimum of a Security+ certification
Combination of 3 years' and information security education experience
They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

Pay is 90-100k.

The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
Both interviewers handled my implosion well. I really appreciate them for that.

Lessons Learned:

Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

**** happens. Move on. Continue learning. Don’t be dumb.

Comments

  • nisti2nisti2 Member Posts: 503 ■■■■□□□□□□
    Thanks for sharing your experience. Maybe it was different factors as:

    > You was nervous.
    > You was confident but your mind was failing.
    > You wasn't prepared for the interview.
    > You have to show that you know something.

    Anyways could be a lot of factors but now you can start writing those questions and just in case you receive a phone call or another interview you know how to answer.

    Good luck!!
    2020 Year goals:
    Already passed: Oracle Cloud, AZ-900
    Taking AZ-104 in December.

    "Certs... is all about IT certs!"
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Shane2 wrote: »
    Dust myself off, and put myself out there again. Not every interview will go well.
    Well said!!! Good luck on your next one.
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    Just wipe off your wounds & move on...there will be other opportunities. I always tell myself that it wasn't meant to be if I didn't get the position. Also, go back & think of what you could've done better & use that as a learning experience. I hear that people actually get better at interviewing when they do a lot of them. So, keep applying even for ones that you are not qualified for, and if you get an interview out of it, you can practice interviewing. You never know you might get hired and if you don't want the position, you can always decline the offer. CHEERS & good luck on your endeavors.
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • Tekn0logyTekn0logy Member Posts: 113 ■■■■□□□□□□
    Shane2 wrote: »
    Lessons Learned: **** happens. Move on. Continue learning. Don’t be dumb.

    Trial by fire. Don't sweat it, there will be other opportunities and as long as you learned from the last, it can only get better.
    My first interview this year I crashed and burned. I do this stuff every day, but found myself at a loss when director zeroed in on a specific tech.
    Manager didn't even tech me out. Lessons I learned:

    SLEEP. Your brain works 1000% better on 7~8 hours. Working on various things, I wound up with barely 2 the night before my interview.
    EAT. Don't eat after 8pm the day before your interview and definitely not fast food the previous day. The lightest breakfast you can stand.
    Have something sugary (juice/soda/hard candy) before you go in so that your brain has fuel.
    Plan to arrive an hour ahead of schedule. Time to unwind, un-sweat, review, spit out gum and LOOK IN THE MIRROR!
    Still might not be enough time as I planned for an hour and train delays had me walking into the building 10 minutes before the interview.
    Of course this was post brisk 1/2 mile walk in a suit on a +90° day and could not stop sweating.
    Still aggravated by the train delays, I was very very distracted.

    Lastly, know what day is your "best".
    Sounds weird, but Thursday's I'm usually on fire. Just so happens I was born on Thursday. Maybe this works for you.
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Don't sweat on it. Better luck next time. Let me share one of my experience back in 2008 when I moved to DC, I had this awful interview. I literally had my pants downicon_redface.gif during the interview, man I was mad like hell at me after the interview. I had two of my friends waiting on me near by, when they saw me after 30 minutes they are like should we be heading to NYC. Three of us came down to DC from NYC for the interview. Since, I had one interview on the next day, I dust myself off and said to myself I will do better on the next one. Guess what, that next day interview lasted literally 15 minutes, and an offer letter during the lunch time :D. We still make jokes about that interview of mine. I guess it was a lesson learned that we don't know when the next opportunity will knock the door for us.

    **** So Cheer Up! you will ace the next one***
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Let's look at this situation from the point of view of someone who has been interviewing SOC analyst candidates every week for pretty much this entire year:

    A SOC analyst's role will include some degree of Incident Response. You will be responsible for handling incidents that are too small for the actual IR team to bother with. (There are usually much fewer members on the IR team than in the SOC team.) You were being tested on how much IR you have experience performing. This will also include how well you are able to document incidents in tickets, so business/technical writing skills are very important to have for both SOC and IR members as well. Professional communications with other humans is also essential, so a lack of confidence in something like a business interview is very telling of "not what we're looking for."

    I'm glad that interviewers are challenging candidates on their certs. I ask candidates about what they thought of getting their most recent security cert just to hear what kind of response I get, which range from "talks my ear off like it's sports" to "does this guy even have the cert?"

    Many people who earn certs as part of their degree program treat getting certs like they do their classes--just pass the thing and forget it. It's very disappointing when someone with a degree in "cybersecurity," and/or has several IT security certs, can't event give a good explanation of the CIA triad, or the difference between threat/exploit/vulnerability or firewall/proxy/reverse proxy. A lot of people I'm interviewing today have really good looking resumes, but the candidates don't personally reflect that knowledge and experience in the interview.

    Such interviews are just such a waste of everyone's time. I never do an in-person interview for the first round. I try first to do a 10-minute phone pre-interview just to hear if the person sounds anything like their resume. This also allows the candidate to be more casual and at ease because they think it's not the a real interview. I'm looking for confidence, enthusiasm, and talks about InfoSec like it is their favorite sport (or computer game). That's the foundation of a good SOC analyst.
  • draughtdraught Member Posts: 229 ■■■■□□□□□□
    It happens to all of us. It just happened to me a few months ago. Don't dwell on any one interview. You obviously have the knowledge and skills and you will be successful in the future.
Sign In or Register to comment.