

Ask HN: Your First Technical (Security consulting) Interview - chunky1994

Hello HN, I&#x27;m a physics major (infosec is really cool though) and I have an upcoming technical (infosec) interview for an internship with an infosec consulting company, and it&#x27;s half an hour in duration. It&#x27;s unknown as to whether this is entirely technical, or some other sort of combination of an HR type interview as well as a technical interview.<p>How do you suggest I prepare for this&#x2F;does anyone know what I should expect?<p>Thanks in advance.
======
jmbmxer
I've worked in Infosec for over 4 years and have been on both sides of the
interview process. I have only a few high level pointers.

1\. If you are passionate, show it. If you want to work in the security
industry you have to really nerd out on this stuff and not treat it like a day
job that "pays the bills".

2\. Don't BS about technical answers. If you don't know the answer to
something, that is OK. A good interviewer would rather you walk them through
the steps you would take to find the answer than completely make one up. Big
no-no.

3\. I don't know what position you are applying for but you should be expected
to know some basics about attack vectors, defenses, security strategies, and
general computing. Brush up on your scripting skills while you are at it.
Python is my language of choice. Bash scripting is also highly desired.

4\. Don't regurgitate a list of tools you know. Pick a few that you have used
and explain how you used them..anyone can run an Nmap scan but what do the
results mean?

5\. Be friendly and approachable. This goes with any job interview but just a
reminder.

6\. Don't stress it too much. It's impossible to anticipate every little
detail of every question that will be asked. Be yourself and most of all, be
curious.

Hope this helps! Feel free to PM me with specifics and GOOD LUCK! Hope too see
ya at the next con.

------
drakaal
Practice what they preach.

Don't tell them anything they don't need to know. Don't join their WiFi. Don't
share information about the organizations you have worked with in the past.

That's and make sure you are familiar with the concepts of OpSec.

Typically in a 30 minute interview the extent of the technical questions are
going to be limited to concepts not practice. I can't imagine a 30 minute
interview will require you to setup a firewall, or configure a router.

