Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down

by FNNewGuy in Everything Else about June 1, 2016 open - report

info security interviews/experience

hopefully this isn't an irrelevant question. i've put together questions i think i should know to perform well while interviewing for information security. i think i have an idea about how some things work.i just don't have experience with real attacks on large corporations or how they may change in real time. if you have that experience, would you be willing to share limited information about an attack you experienced? i think everyone could benefit from that knowledge.

Answers: 4 • Score 0 • Views: 1181
Browse by
  • 49

    by coyote86 about June 2, 2016

    In my limited experience thus far, my interview went something to the affect of:

    What projects are you doing on your own?

    Can you give me an example of this exploit?

    How is this exploit used?

    What are the 7 layers of the OSI model; what does each contain?
    How are you involved in the infosec community?

    Granted most of my answers contained EG references or knowledge, but as long as you love what you do, remain humble and show a willingness to learn, most places will give you a shot if you manage a sit down.

  • 42

    by Galagatron about June 1, 2016

    Evil's answer is really good. For some reason I also always get asked about a relatively in depth rundown of entering a url to a web page showing (All the protocols and how they work(loosely), the OSI model, SSL, subnet masks, how routers work, IPv4 vs IPv6, switches etc)


    Might just be me but retaining this stuff in your memory, although this is relatively basic comparatively speaking, has helped me in quite a few interviews.

    • Score: 0
  • 10

    by untchable01 about June 1, 2016

    When I applied as a Jr Info Sec Analyst, they wanted to know about any experience in Incident Response. How you or your team would react in certain situation and what the cost would be essentially. This is important to understand, as when attacks happen you need to know how to handle them and document them well for management.

  • 5

    by Evil1 about June 1, 2016

    Every infosec gig asks the same shit for their interviews:


    1) define the 3 way TCP handshake

    2) define HTTP

    3) what is CSRF? how do you prevent it?

    4) what is XSS? How do you prevent it?

    5) what is SQLI? How is it exploited?

    6) What is wireshark and how does it work?

    Know these and you're a shoe in for any entry level infosec gig.

    When I went to work for McAfee reverse engineering malware, they skipped this interview and instead handed me some malware samples from the net and asked me to go through each, define exploits used, evasions, etc - a bit more hands on.

You must login to post an answer.