Master The Interview

hello everyone uh my name is josh and i am going to be the track manager today for our talk with uh paul guido he's going to be master of the interview paul is a i.t security professional over 25 years of i.t experience currently employed in a san antonio financial institution where he is a security janitor cleaning windows that's pretty cool so let's uh turn it over to paul and we'll get started for you guys yeah and uh so i've been working here in san antonio area for financial institutions for over 23 years i currently work in the security operations area and from time to time we need people to work in the area for me and for my colleagues at

the organization and we're trying to interview and get more people to work and so during so in the last few interview sessions that we've done for the last few positions i've noticed a a large valley between uh the different candidates that are out there apparently they have run the gauntlet and they have been able to get through the ai or whatever else is used by our hr department or anyone's hr department these days to get their resume to the top of the list and get that job interview but then they go to the interview and even though they've done all of these things ahead of time it's just it just doesn't work for them uh either maybe they oversold their

enter their resume or maybe they just need to get a few more extra skills and tasks that they can do to push themselves over the top to be able to get that job so let's get ready first i really recommend nist nist has a bunch of wonderful documentation on just about everything when it comes to cyber security and one of the things that i really really like that came out in 2017 and now it's been updated in 2020 is the nice document the national initiative for cyber security education so so they kind of changed their terminology they used to do um tasks knowledge skills and abilities now they've changed it into task statements knowledge and skill

statements um but it's nice because if you want a particular role or position in it this gives you um oh you might want to mute your mic there on the other side because i hear a little bit of background noise um what you might want to do is is look up a particular position that you're interested in doing and see how many of the skills uh statements and task statements and knowledge that you've already gained to put you in the right spot to get that particular position and it also gives you an idea of the deficiencies and things that you might want to improve upon to make sure that you work really well and you're going to succeed

in that position whether it's the resume portion of it or the interview or actually doing the work it kind of gives you a much better foundation to make sure that you're ready to go for those particular jobs and this nice document it's okay it's a bit technical and it's a bit dry but it's also a wonderful source of data so please consult that like i said it was updated in november 2020 so um they've changed it a little bit i try and make sure that when we are looking to hire people that they actually fit into the roles for this cyber security education document the other thing i really recommend if you just kind of want to get excited

about finding a position in it and i.t security is to go to cyberseek.org and look at their heat map their heat map allows you to categorize jobs that are open out there in a couple of different ways one of them you can look them by state and the other one you can look at it by uh area so there's actually a san antonio new braunfels area and it shows the total number of job openings that are there um workforce employed the amount of demand the certifications that they're kind of looking for for those particular positions or other types of things you can drill into different various areas of this thing you could drill down in here this is just a jpeg image of it

but i really recommend you take a look at cyberseek.org heat map and there will be links in the breakout area later i'll actually be posting the presentation as well plus of course this will be on youtube and i'll provide the links there for them to put on the youtube page so you're going to go interview you finally ran that gauntlet you've got the interview scheduled and everything well you need to do a little research you got to do some homework don't just walk into an interview cold where you don't know anything about who you're going to be interviewing with how long have they been in business i mean just some basics get the company history mission

statement vision statement it's really important to kind of get a feel of the corporation that you're going to be working for the company or the organization um do some research on news articles and stuff have they been in the news for charitable events are they been in the news for sec violations if they have been in the news for whatever you want to get a feel of the culture of the organization obviously if they've been in the news for lots of you know hanky-panky going on there or stuff you want to know that before you walk in the door you don't want to walk in there and find out that you know my goodness gracious uh you

know i got this wonderful job and say the scooter store and they're constantly under the investigation of the federal government uh yeah that i probably should have known that before i got that job um uh i had a lot of friends that worked at scooter and um uh obviously you know when you when you got out of there early uh they they did a little bit better when the mass of people were let go when they shut that thing down it was a lot more difficult for them to find positions so check linkedin see who works there maybe you know someone that works there you can contact and have them put in a good word for you

and stuff i've done that a number of times for people over the years and uh when they when they check me out and they you know find out that i'm working someplace or whatever they don't hesitate to let me know and you know i definitely uh if i you know everything's going i definitely put in the word hey i work with these people at previous employer i want to make sure that they get the best particular position that they can is this place to really the place you want to work once again if you check the place out and you find out the culture isn't the culture that you're looking for um you should know that ahead of time

you should really probably uh get that information uh before you walk in the door of that interview okay this is the place you really want to work how can you really show it to them that this is the place you really want to work what kind of connections do you have to that organization um you know it's that whole degrees of separation how many people do you know that do things there if it's a financial institution do you have an account there right how long have you had an account there if it's a business a retail front a software manufacturing company do you use their software do you use the companies if it's a healthcare

organization have you ever visited someone in that hospital or those doctors or whatever there's so many different ways that you can tie your personal experiences into the interview do it show it take a look at what you can find out and try and have some nice relatable information that you can provide in the interview what's the interview format so um i'm i'm a stickler whenever there's a any kind of job i'm going for so many years ago back in the 90s i actually was looking to become a police officer that didn't work out for me but i learned some wonderful skills doing so and one of the things that i did is i found out

what was required to run the gauntlet to get that first uh kind of seat at the table right to where you can begin the process and so 700 people walked in to take a test that was like the written s-a-t or a-c-t test and of the 700 people 70 people passed that part of the exam so they only took the top 10 percent because i knew that going in i was able to make sure that i had the skill sets necessary to work the problems that that type of test provided and i was one of the 70 people then they said hey you need to be able to do certain physical activities after the test is that

that same day yeah i think they're written in the morning physical in the afternoon so where do you do this uh well they showed it and they said you got to do this kind of weights and this kind of this and this kind of sit-ups and this kind of run a mile and a half on concrete in the middle of the day in the heat in the summer and stuff so i trained to make sure that i was ready to do that so at the end of the day there were only 35 people out of the original 700 that finished the day and i was very happy to be in that 35 group unfortunately like i said next set of

culling process i didn't make it through it just didn't work out for for me of them but i learned some valuable skills on making sure that i'm prepared for that initial part of the job so contact them ask information who am i going to be meeting with and what do they do what what are their positions there and stuff take notes make sure you understand what you're going to be um asked of in that type of job interview who's going to be in the room right and once again i talked about that if is it just a person that's going to be the hiring manager or is it going to be the hiring manager hr and the cio or whoever

you really kind of want to get some idea um to prepare uh i know somebody they went to go interview and they thought they were just gonna be talking to the hiring manager and they walked in and there's like six people in the room and it made them very nervous and very reserved and stuff and they shouldn't be right they did uh how's it go you worry right when there's something to worry about and just because there's six people in the room versus one person in the room it's still no reason to worry just continue on and do the best you can in your interview find out about the people if you do get information on the roles

or the names of the people take a look and see how they contribute to the company how long have they been with the company and other information so how do you do that hey ocean skills look them up linkedin is a wonderful wonderful place to find information uh on people and how long they've been there and the different roles that they've had at an organization other organizations that they work for other roles that they've had sometimes people even post the charitable work or hobbies that they do and so that's a very insightful information because you want to make sure that you're you know got your best foot forward in the job interviewing process what do we want to know about the people

that we're interviewing right i'm not some hr professional i don't have years of experience doing this or anything but there's some basic things i need to know right how are you going to contribute to the employer or to the organization that you're working for what can you bring to the table so do you are you the kind of person that's going to seek out and take the initiative in i.t security it's very important to have people that are self-starters and go-getters right and the things that you can show that you've done that portray you as a self-starter and go-getter that would be really good you have to have that inner drive a lot of times to be able to go

and find out some of these problems and and tackle them so that's uh that's one of the things that we're looking for for people to do that and for some people uh cultures and stuff it's difficult uh for people to be other than reserved and i recommend you work with people as much as possible to try and break out of those things um a lot of people have imposter syndrome and stuff i'm just as guilty as anyone else for that and trying to break past that shell is so much a part of what you need to do to do a successful interview because you know i don't want to sell myself right i don't want to just you know

i'm not here there's like a marketing thing but in some ways that's exactly the mindset you have to be you have to be the marketer you're marketing yourself and your skills to that organization so if you have taken some examples or some initiative have some examples that you can show that oh hey i saw this problem and i self-started i found a way to solve this problem and i attacked it and and took care of it uh got whatever i needed to get that done organized it and made that kind of thing uh happen so that's uh really important to be able to show that that you can contribute greatly to the organization this is one that we've run into a lot

and especially in my last sets of interview processes that uh was was an issue um so uh the the last set of interviews that we're doing was in january february um of this year and so it's like we'd ask questions so what's going on in cyber security is there any news out there that's uh happening and when we were doing that uh we were expecting you know there's a couple of really large things going on in cyber security that are not just making the cyber security news but they're making the suit the news um the nightly news almost every night um and for example one of them was the solar winds breach that happened december 13th

or at least it was publicized december 13th um and in january they're still just finding all kinds of information out about what was going on there um a number of the candidates uh fully admitted that they weren't keeping up with cyber security news and stuff so it moves fast in i.t you got to keep up to date whether you go read leaping computer once a week or if you take a listen to some podcasts out there internet storm stormcast cyberwire there's a number of others techme being able to uh keep up is really important i t security moves even faster than it um the uh so you know twitter though not a uh authoritative source there as long as

you can do some original research it is a very good source for some of the breaking news type things you can also once again cyberwire has a nice daily podcast of 20 minutes and you can run it on a high speed and get through it pretty quick and it's a really great way to keep your finger on the pulse of what's going on in cyber security there are other podcasts out there as well but those are pretty much a good minimum to to do if you want to consume it via audio be prepared to answer these types of questions the employers especially in the i.t security field want to make sure that you're engaged in the organization

in in your field and being disengaged or actively disengaged is is not going to do very well in an interview got initiative what have you done for yourself lately right have you earned a certificate or degree you don't necessarily have to maybe you just did a ctf maybe you're going and you contributed and you volunteered at b-sides that you're out there you know doing what you can have you read a book from the cybersecurity canon the cybersecurity canon is a list of books that was originally started by a gentleman that was at palo alto but it's now it's taken care of by ohio state there will be a link to it and they get nominations for

and add to the canon of books that every cyber security professional should read i have not read some of those books and i am looking forward to it some of the books are quite obvious like the phoenix project uh if you are not aware of the phoenix project you should be it's an excellent book when it comes to being able to find constraints and move processes along find out where things can be better how do you uh you know look at a process and and and look at a problem and and hopefully find some solutions for it the other books that are out there right now is one of them is called code girls it

is about how women were brought in from colleges and universities to help uh crack the um codes during world war ii we're talking about 10 000 people that were brought in to do this work and it was one of the more unsung uh stories out there uh it's totally uh a very impressive book so um take a look at it they also have fiction books out there for those that have not done it one of the books that they have on there is called cryptonomicron it is not an easy read it is 800 pages by neil stevenson but that book there is is really interesting it's almost like um you know predicting of bitcoin predicting of all kinds of other things

out there neil stevenson that and snow crash it's another book cyberpunk kind of genre um but those are kind of good things to have too so like you know being able to be well read uh in the organizations or in the field that you're in so what have you done for others have you mentored so have you gone out even even anybody with any kind of skill sets even at the beginning um you probably have more skills than others so what can you do you can go to cyberpatriot and sign up to be a mentor there finding a school nearby that has a cyber patriot team and offer to um mentor students in particular areas

if you can teach it you know it very well you you have to learn it well enough to teach it right and so um cyberpatriot gives everybody the opportunity to be a mentor uh i am going to be starting that back up again now at the pandemic is over and we're allowed to get back on school campuses uh this next year uh i'm going to be getting right back into the thick of it and becoming uh fully active again in cyber patriot to help these kids out now cyber patriot isn't some just a weekend warrior kind of thing it's a mini month long mini group long event that the let's say i know of one particular student in high

school that basically had full ride scholarships to multiple colleges after this they had done what they did it truly impressive work um that they uh can can teach kids in high school uh and and continue on further with their career um can you think um you know some of the people interviewing you really want to know do you think how do you think right how do you approach a problem especially a problem that you've never seen before and so you know can you talk out loud your thoughts and observations when working through let's say an exercise i give you a thing a widget whatever it is and uh ask you about it and tell you to

describe what you're seeing most likely you've never seen the things that i would provide you i'm an old ham radio operator i've been working with computers for over 30 years i still have some components from 30 years ago that trust me almost no one born since 2000 will ever have seen these things um so it's uh it but it's nice because it does give you an opportunity to uh discuss what you're looking at um let's say it's an interface card that you've never seen on a bus structure you've probably never heard of but you should be able to walk through and talk through what's going on and what you're seeing in your hands whether it's a

whatever kind of device it is so um i've got some weird tools in the toolbox the same kind of deal what could this possibly be used for right um how about a question like this is what is a particular motorcycle way right how would you find the answer to that question uh if that was posed to you in a meeting or interview process so you know the nice thing about it is there's not a lot of wrong answers here the probably the only wrong answer is i don't know how i would even do that that would be a probably the only wrong answer any other thing you do whether you're saying well i could take

uh you know a gallon of milk that weighs this much and i could put it at the end of a fulcrum that's got a pivot point this distance away and pick up the motorcycle and i know how much it weighs or something um you know for me i would look at the owner's manual because in the owner's manual it gives you the dry weight and the wet weight of that motorcycle but um but yeah you could uh you could do it a number of different ways but once again uh the only uh the only wrong answer there is the the opposite war games is not to play you you should want to play these games

right there are many ways to do a thing pick one or two go for it even if you you um you come up with multiple ways of doing it give them all out there and stuff because people want to know that you can think through issues because we're going to find unknowable um and things that we have to learn on the fly problems and the thing is you've got to be able to be engaged with that um get help and network clear jobs clear jobs sponsor here of this particular track uh is an excellent place if you have clearance i totally recommend kathleen and their group to help find you positions out there if there is a local issa or ise square

chapter meeting do it besides get involved volunteer and there are other local it groups and even larger it groups that are out there sign up for them look for them on linkedin look for more in-person organizations so you can network in the future anybody have any questions or anything

trying to take a look here in the track and uh okay and oh i got a breakout question hey kathleen i'll get the interview track okay um but yeah uh so that kind of gives you some rundown uh is there any questions or anything that they might have moderator here thanks paul um yeah i don't see any other questions i checked discord and the questions in here and i do not see any right now okay and um just got a quick question here yeah there you go i'm reading code girls right now um that's it's an excellent book it really is it deserves to be in the cyber security canon for sure well with that uh i hope everybody does

well in their interview and aces it in the future um you know uh uh look at the nice document from nist find out and make sure that you uh are in alignment with the type of positions that you're looking to do in the future um stretch those goals out as far as you can and and keep reaching uh for that for the next level there thank you all very much for your time all right thanks paul there's a lot of great information there for everybody

so

[Music]

[Music]

[Music] you