The Questions to Expect in Cybersecurity Interviews in 2024

Table of Contents

• Meet Your Panel: Marco, Courtney, and Djavan
• The Cybersecurity Interview in 2022
• Where is the cybersecurity demand in 2024?

Cybersecurity is one of the fastest-growing fields in tech and everyone wants to know how to get their foot in the door. Although you’ll likely be interviewing remotely this year, you’ll still need to demonstrate communication skills and well-rounded knowledge in your interview. So what exactly will you be asked in a cybersecurity interview in 2024? A panel of experts – instructors and alumni – from Code Fellows share 4 questions you’ll likely hear in interviews, 3 soft skills you’ll need to demonstrate to interviewers, and how a cyber range will help you stand out in the interview process.

Meet Your Panel: Marco, Courtney, and Djavan

• Marco is a Lead Instructor at Code Fellows after spending 8 years in the cybersecurity industry.
• Courtney is a Code Fellows graduate now working in cybersecurity, who is giving back to the community by acting as an instructor and teaching assistant to future industry professionals.
• Djavan is a night and weekends Lead Instructor for Code Fellows and also works for Amazon Web Services!

Code Fellows teaches the skills that employers are asking for, so what does the Ops & Cyber Security Program curriculum cover and which certifications do students train for?

• Ops 101 is a 1-day intro course (which Courtney teaches). It offers students the chance to explore if a career in cybersecurity is right for you, and includes hands-on hacking experiences. 
• Ops 102 gets even more hands-on experience with the tools that professionals use. It’s a short course with a focus on setting up your home cyber range. 102 is designed to break down any fears that people might have about opening up their computers, and exploring the internals to really understand what a computer is.
• Ops 201 is focused on computer operations fundamentals and topics that might be covered in the CompTIA ITF+ certification. This includes help desk issues, troubleshooting for various operating systems, and developing SOP. Students get started with Bash scripting.
• Ops 301 moves students into networking and cloud networking, and system administration skills. The curriculum aligns with the CompTIA Network+ certification. Students also learn some Python scripting for custom tooling.
• Ops 401: Cybersecurity Engineering is a 10-week capstone course that covers the huge breadth of cybersecurity disciplines like GRC (governance, risk, compliance), malware analysis, forensics, threat hunting, penetration testing, and other similar topics. The industry is so broad that you won’t dive overly-deep into any one topic, but you can dive deep enough to figure out your interests and find where your aptitude lies, and cover the material of CompTIA Security+ certification. This prepares students for all kinds of interview experiences, and lets graduates set the direction of their careers to be strongly aligned with their interests. 

Has Code Fellows added anything specific to the cybersecurity curriculum in response to COVID-19?

Students in any cybersecurity training need to be more aware of the extra security concerns facing a distributed workforce. One thing we did was add scenarios around helping a company move employees to remote work. The Ops & Cybersecurity Program teaches all of the security responses for what the workforce looks like in 2022.

Our plan for in-person learning was always to have students tear our in-house lab computers apart and put them back together again. When you’re learning at home, there’s no lab and no classroom. We now ship everybody a computer that they get to deconstruct and rebuild at home. They then build their own network from hardware provided by Code Fellows. 

This was a huge change for us and the logistics were tough. However, the essential result is that students get to actually touch the technology in their home cyber ranges every day. 

What type of hardware does Code Fellows ship to students for their cyber range?

We’re sourcing components from REPC, which is a source for recycled enterprise machines that are tested, refurbished, and restored to usefulness. We look for at least a Quad Core I5 processor with 16 gigs of RAM and an SSD so students can get their work done. It’s a fairly capable machine, but it can take a beating. It’s totally okay if students mess it up!

Students use that cyber range for their lab assignments throughout the full sequence of courses.As instructors, we set up class lab assignments to operate on their home cyber range. 

Why is that important? Why are at-home cyber ranges specifically relevant to cybersecurity students?

A lot of what you’re doing as a budding cybersecurity professional could be considered malicious and you definitely don’t want to do it to systems that don’t belong to you. We’re having students attack other machines in their cyber range so they ensure it’s something they own and control. Working on your own cyber range is one of the most critical ways to build hands-on experience, so you can keep your skills sharp and keep learning. 

Courtney says you can think of a cyber range as “a sandbox, an isolated home network that you can easily modify and experiment in, without disrupting your personal machines”. When a parent gives their child a first car, it’s usually something you can learn to drive in and figure out how traffic works. You can use it to get from point A to point B and if you take care of it, it will last a long time. A student at Code Fellows can learn enough on a cyber range to know when they need more to work with. We have a couple of students that have made upgrades to .

The Cybersecurity Interview in 2022

Here are a few specific questions that you might hear in a cybersecurity interview:

• Open-ended questions where you can explain (or draw on a whiteboard) technical processes, like:
• “Explain the steps a computer takes to display the webpage when you type google.com into a browser. ”
• “What happens when you push the power button on your computer?”
• “What happens after you click send on an email? Where can the information flow be compromised and how do you secure it?”
• Short, quick-answer questions to verify you know your stuff, like:
• “What purpose does a firewall serve?”
• What is the CIA triad?
• What’s the difference between asymmetric encryption and symmetric encryption?
• What is the difference between a risk, a threat, and a vulnerability?
• Behavioral questions checking your communication and professional skills, like:
• Tell me about a time when you had too much work on your plate. 
• Tell me about a time when you disagreed with a supervisor. 
• Have you ever had to manage conflict with a team member? What did you do?

It boils down to this: In 2022, employers are looking for well-rounded knowledge, communication skills, and continuous learning in the field. So how exactly do you show these skills in an interview? 

Well-Rounded Knowledge

After working in the cybersecurity field, Djavan advises that “cybersecurity is about breadth and depth. In the Code Fellows 401 final exam, students get a rapid-fire test with 10 multiple choice questions about breadth followed by 3 technical interview questions that go in-depth into specific cybersecurity domains. Students should be able to explain with lots of detail about, for example, how to handle an incident when things go wrong.”

If there’s an incident going on, how well can you triage it, get down to the root of the problem, and then propose a solution? The interviewers are often looking for how well you can describe a topic when they potentially know more than you. They want to find the limits of your knowledge, so they will continue to probe your responses to see how deeply you can discuss the topic.

Communication Skills

Interviewers want you to meet technical objectives, but they’re also looking at how you communicate your approach. Sometimes things don’t work how you wanted, but tell your interviewer what you are thinking, what you tried, and which resources you consulted. An advantage of programs like Code Fellows is that students get to practice communicating in addition to their hard skills so that they’re prepared when they get a job.

Continuous Learning

Courtney says that “If I could point to a single question as an interviewer, it would be to ask how job seekers continue to learn. I’m looking to hire in my current role and the number one thing I’m looking for is curiosity. Are they practicing in their own time? I realize this isn’t a technical question, but we’re never done learning in this field so it’s my number one character trait to look for.”

Marco tends to look for “people showcasing a passion for cybersecurity. Keeping up with the news is also important. I ask which blogs people follow and see if they can talk about current events from a technological perspective.” 

Djavan’s advice to demonstrate your passion for learning cybersecurity is to “have a home cyber range! Show the interviewer that you can install virtual machines, test new tools, attack your own systems, build your own network, and then tear it all down to try something new!”

Where is the cybersecurity demand in 2024?

Right now there’s a huge demand in governance, risk, and compliance, which is a great entry point for people with a non-technical background. In that interview, expect questions about:

• Tradeoffs: Balancing security with the business’s operational needs
• Critical Thinking: It’s important to have an appreciation for context. IT is usually black and white whereas cybersecurity requires more critical thinking. Every question has more than one answer, so in this interview, show that you’re thinking about the best solution. 

Which kinds of cybersecurity jobs are students landing after Code Fellows?

• Help Desk Analyst is a traditional starting point for new folks coming into IT and cybersecurity. 
• Threat Hunting + Thread Analyst
• DevOps Engineer
• SOC Analyst
• Cloud Engineer
• AWS Engineers – pro-tip: AWS has special programs for military veterans who already have security clearance
• Some students have been invited to interview with the Microsoft LEAP program’s cybersecurity track as well!

Is there anything your team anticipates adding to the Code Fellows cybersecurity curriculum in 2022 to make students more hireable?

Code Fellows is designed to be responsive to the way the industry shifts; we’re always iterating, adapting, and adjusting the curriculum. 

In 2022, we’ll continue to teach Python and scripting. The demand for Python has been a steeply rising trend in cybersecurity and that will only get stronger. 

Right now, we prepare students for specific certifications like CompTIA ITF+ and Network+. We don’t currently tell students to go for the AWS Certified Cloud Practitioner, but in 2022, we’ll build in more material for that certification. 

Find out more and read Code Fellows reviews on Course Report. This article was produced by the Course Report team in partnership with Code Fellows.