Failed SOC interview

Interview

Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

SOC role in the DC area.

Required Knowledge/Experience:
A minimum of a Security+ certification
Combination of 3 years' and information security education experience
They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

Pay is 90-100k.

The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
Both interviewers handled my implosion well. I really appreciate them for that.

Lessons Learned:

Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

**** happens. Move on. Continue learning. Don’t be dumb.

Find more posts tagged with

Comments

gespenstern

From what you shared it looks more like "interview passing skills" than "technical skills".

Just apply for more and eventually after a dozen+ interviews you'll get familiar with the process and typical questions and will stop sweating on every little thing.

Regarding the incident response process I just want to mention that there is no set in stone standard on the steps. All of them revolve around major phases such as preparation, detection, remediation.

The (ISC)2 one, AFAIR, boils down to PICERL, which unfolds as prepare, identify, contain, eradicate, recover, lessons learned.

DatabaseHead

+1 Interview skills. Sounds like you could of answered those if you had kept your heart rate down. Your worry took over and you were done after that.....

I think the more you go through the interview process for these positions the better prepare you are. I'm not saying you shouldn't study etc.... But I wouldn't over compensate and grind yourself to a pulp either.

I recently interviewed for a position and there was a heavy ETL component to it. I was spinning my wheels and clearly didn't get the job, but..... The questions they asked me were very telling and helpful. Interviewer asked me if I had any questions and I asked if the question he had asked would come up on this particular tool set in other jobs down the road. His reply, 100%.

So now I have 5 integration questions for this tool set in my back pocket.

josephandre

tough break man, but as you've said, and others said use the experience as motivation and get back out there. i can't even tell you the amount of bad interviews i've had, but i can say i learned something from each of them and improved because of them. i like to aim high and put myself in uncomfortable situations because you can get complacent otherwise. good luck moving forward

iBrokeIT

Sounds like the biggest issue is that you aren't in interview shape and tried to run the full race after coming straight off the couch.

Consider this one a practice lap and take a few more before you try for one you really want. IMO you have the skills and experience to make the jump, you need to work on your salesmanship which isn't typically a strength for most of us in this industry.

DatabaseHead

iBrokeIT wrote: »

Sounds like the biggest issue is that you aren't in interview shape and tried to run the full race after coming straight off the couch.

Consider this one a practice lap and take a few more before you try for one you really want. IMO you have the skills and experience to make the jump, you need to work on your salesmanship which isn't typically a strength for most of us in this industry.

Agree +1000

Clearly has the infrastructure background and was very smart about getting the appropriate certifications, not doing a cert barf strategy.

From what little I know about you, it seems you pulled all the correct levers.

Pseudonym

If it makes you feel any better, I feel like it's very difficult to keep cert related information at the forefront of your mind if you're not doing it frequently, even if you did get it legitimately.

Like everyone else said, just take this one on the chin and make sure you're fully prepared for the next one. Might end up being a blessing in disguise.

Shane2

DatabaseHead wrote: »

Agree +1000

Clearly has the infrastructure background and was very smart about getting the appropriate certifications, not doing a cert barf strategy.

From what little I know about you, it seems you pulled all the correct levers.

thank you. I definitely have been trying to fill the security holes in my resume with targeted certs. I’ll Make note of where I fell short and get back up on that horse.

Shane2

Pseudonym wrote: »

If it makes you feel any better, I feel like it's very difficult to keep cert related information at the forefront of your mind if you're not doing it frequently, even if you did get it legitimately.

Like everyone else said, just take this one on the chin and make sure you're fully prepared for the next one. Might end up being a blessing in disguise.

Yeah, the cert knowledge really killed me. I need to review my notes on a regular basis. I’ll be ready for the next interview.

chapter

I wouldn't worry too much. Just ensure for the next interview you Google everything on the job description (keywords), check the profiles of the folks who are going to interview you. Give a short example with every answer. Everyone gets nervous in interviews or public speaking.

Goteki54

Shane2 said:

Interview

Background on me. Coming up on the better part of 8 years as an infrastructure guy, worked my way from Tier 1 Helpdesk to Sysadmin. In the past 2 years I have attained the CEH and CCNA Cyber Ops. I got these certs honestly, however with separation of duties, the skills I learned on the Cyber Ops have certainly diminished. And with some slight burnout, my knowledge has diminished as well, as most days recently I want nothing to do with a computer when I get home. These are not excuses, I brought this failed interview on myself, kind of.

SOC role in the DC area.

Required Knowledge/Experience:
A minimum of a Security+ certification
Combination of 3 years' and information security education experience
They preferred experience in their chosen apps, however I was assured by the recruiter that they didn’t require experience, just some knowledge and a willingness to learn.

Pay is 90-100k.

The Interview: Interviewed with a director level Sec guy, and a team lead. Director asked more personality questions, trying to figure out who and what I was. Asked me to run down my resume, had a question here and there, I would guess I did very well here as I have decent soft skills, and he came across as a really nice guy.

The team lead starting asking questions, and this is where I imploded. I had prepared for basic questions. Port numbers, IDS vs IPS, pretty easy stuff that I have been asked before and looking back were way too basic. However, the questions that threw me off weren’t even difficult. “Explain the process of incident response?”. I know this, I should have been able to answer, but I stumbled on my words and froze. He tried to walk me through it, but I let the nerves get me. He then asked me to explain the CCNA Cyber Ops, and how it applies to the job. Again, I know this, but now I’m sweating, these aren’t the questions I prepared for, and I am taking these rather easy and inoffensive interview questions as daggers cutting me down. Death by a thousand (just 2 really) cuts(paper cuts). I have let panic set in, this interview is blown. I, again, stumble on my words.

The director chimes in, probably out of sheer pity, and asks more about my current position, offering an olive branch of comfort, something I can answer with confidence. He states that it looks like they probably need someone with more experience, they want someone to “Hit the ground running”, and asked me where I would fit in. I told him SOC 1, to which they both agree. However this isn’t an interview for SOC 1. I did mention that it is difficult to break into security when every entry position wants 3-5 years of hands on experience, and if a shop is following industry standard, then separation of duty is a dagger to the employee trying to transition. We shook hands, I thanked them for their time.
Both interviewers handled my implosion well. I really appreciate them for that.

Lessons Learned:

Its time to stop allowing myself to be “burned out”. A lot of it is laziness for which I am making an excuse.

Sharpen my skills on a daily or weekly basis. I did not represent my certifications well in that interview. Again, my fault.

Prepare better and in a wider scope. I will say that I was under the impression this was a role for someone with little experience, and because of that I only prepared for that. I was wrong and have no one to blame but myself.

Dust myself off, and put myself out there again. Not every interview will go well. I really want to transition to a security focused role. And I won’t get there unless I open myself up the embarrassment that I endured in this interview.

**** happens. Move on. Continue learning. Don’t be dumb.

It's the law of averages. As you said, just consider it a learning experience that will help you on the path to the job that's yours.