Cybersec Analyst Interview question

[DireWolf]

My question, again, is: "Anyone ever seen anything like this? Know potentially what to expect?"

Sorry I missed this earlier, but yes - have run that exact gauntlet before (and from both sides of the table).

For the skills testing, most of the time it is indeed just a bunch of wtf-level rudimentary questions, but when you start getting beyond that there's a world of possibilities from super simple to crazy advanced...Anything from being given snippets of malware code and being asked to describe what it's doing, to performing configuration, discovery, IR/break-fix, or even remote system compromise/capture-the-flag tasks on the fly.

One thing I started doing about 15 years ago was building fully-functional test environments for skills verification with my hires (initial use case was for hiring NOC/SOC analysts) which where basically clones of multi-tiered infrastructure environments in a virtual stack - I'd usually break something simple (relative to skill level of candidate/requirements), then sit the candidate down on a terminal, give the basic scenario, and ask them to fix/investigate within a given amount of time. They would have the room to themselves (to reduce pressure), but I'd be in another office shadowing their desktop session. Sometimes these went very well, other times it was all I could do to keep a straight face while thanking them for coming in...

As for the IR, just treat it like any other TT excercise, and should be fairly easy if you've done any work in that area...

Also, recommend being honest about skill level. It's entirely possible that there will be questions/scenarios which are intentionally far beyond your current skills, presented both as a "litmus" test to see where you sit on the skills continuum, but also as a "canary" test to see if you're likely to go totally off the deep end trying to fix something but in reality just making it worse or even completely trashing the system/environment by accident...

Good luck, and feel free to pm me if you want any help prepping or gaming out your approach ahead of time...

[CS1983]

Sorry I missed this earlier, but yes - have run that exact gauntlet before (and from both sides of the table).

For the skills testing, most of the time it is indeed just a bunch of wtf-level rudimentary questions, but when you start getting beyond that there's a world of possibilities from super simple to crazy advanced...Anything from being given snippets of malware code and being asked to describe what it's doing, to performing configuration, discovery, IR/break-fix, or even remote system compromise/capture-the-flag tasks on the fly.

One thing I started doing about 15 years ago was building fully-functional test environments for skills verification with my hires (initial use case was for hiring NOC/SOC analysts) which where basically clones of multi-tiered infrastructure environments in a virtual stack - I'd usually break something simple (relative to skill level of candidate/requirements), then sit the candidate down on a terminal, give the basic scenario, and ask them to fix/investigate within a given amount of time. They would have the room to themselves (to reduce pressure), but I'd be in another office shadowing their desktop session. Sometimes these went very well, other times it was all I could do to keep a straight face while thanking them for coming in...

As for the IR, just treat it like any other TT excercise, and should be fairly easy if you've done any work in that area...

Also, recommend being honest about skill level. It's entirely possible that there will be questions/scenarios which are intentionally far beyond your current skills, presented both as a "litmus" test to see where you sit on the skills continuum, but also as a "canary" test to see if you're likely to go totally off the deep end trying to fix something but in reality just making it worse or even completely trashing the system/environment by accident...

Good luck, and feel free to pm me if you want any help prepping or gaming out your approach ahead of time...

Excellent intel, sir. Thank you.

PM inbound.

[Justin]

Now, I get what he was asking for. There are problems with that as the only answer, as you would still most likely have a single back end that would be crushed in that situation. But the job was for AWS, and they can charge more for each server you bring online...

Noted for future reference.

That's not terribly encouraging.

[whitewalrus]

I bet it really is basic troubleshooting. You would be shocked how many people I work with cannot do basic step by step troubleshooting. They immediately jump to the conclusions.

Never had an interview like this, wish my team would do something like this.

Good luck on your interview.

[fitterjohn]

I bet it really is basic troubleshooting. You would be shocked how many people I work with cannot do basic step by step troubleshooting. They immediately jump to the conclusions.

Never had an interview like this, wish my team would do something like this.

Good luck on your interview.

I think this is true with all trades
I got sent out to work with an apprentice on a job him and a journeyman (20+ years in the trade) had been working 2 days on. A lot of changed parts and phone calls. We fixed it in 15 mins with 0 parts needed. Someone was pulling on wires and must have pulled on off a relay and got it out back on the connection next to where it needed to be. The apprentice was in awe that it was that simple and fast. I told him it?s koting special I looked at the diagram and tested for power from one connection to the next and when I got to where it dropped, bingo no wire there but the wire I needed was on an under contact. Moral of the story start at step 1 and go though step by step. There is no level of experience that outweighs proper trouble shooting procedures. (Also is the first 5 of the same part don?t fix it, the next 5 won?t either)


Good look sounds like it went good

[whitewalrus]

How was the interview?

[CS1983]

How was the interview?

Next week.

[iego]

Have you ever had sex with a Russian robot?

-John

[Irving]

Have you ever had sex with a Russian robot?

-John

Yes, but I was coerced.

[Circuits]

Only practicums I've encountered in job interviews were when interviewing with the technical team leads, and I've been asked to whiteboard pseudo-code solutions, or briefly diagram data structure layouts. I had one hiring manager quiz me on my OpenGL fundamentals, while another asked me highly technical C/C++ and compiler switch knowledge, and outlining my experience with cross compilers and system-adaptive makefiles. Only other was when I was starting out and the hiring manager quizzed me on my specific unix/linux knowledge, network layout and configuration and general troubleshooting steps.

I guess there was also that one time when I had to log in to a testing service and take an hour-long automated programming test for a possible position at FedEx.