Ok, so I am taking a bit of a different direction and I am writing a quick post on interviewing. I don't claim to be an expert in conducting or participating in them. I have; however, conducted what seems like 100+ interviews over the last 14 months and I noticed some common trends and figured I would write them down for people looking to better their skills. I'm not going to cover technical topics, just some thoughts, suggestions, etc.
CAUTION: People conducting interviews are unique so I don't claim this to be a solution for everyone. Some of the things I do/like to hear from someone might actually turn others off. This is how; "I" look at it. There is no foolproof way, but "I" do think some of the items below can help you gain an advantage over others. At the very least make my life easier when i'm interviewing you.
First, let's put things into perspective on what "I" think about interviews and how "I" conduct them. I also included a bit about me and my personality to give you and idea of what kind of a person I am. This may help you understand why I like certain things and dislike others.
- I'm 32.
- I'm not "old school" in the traditional sense.
- I'm pretty laid back. More than most.
- At the time of writing this post I was not the sole-decision maker for hiring actions. My input was valuable to the decision (especially for my region - APAC), but was a combination of feedback from multiple sources.
- I do not conduct "formal" interviews. I prefer real conversations. On par with what you do with your friends.
- I prefer Skype and Webex interviews more so because I interviewed people from all over the world. We also do a lot of remote work so it makes sense at some level.
- I try and be 100% honest. If parts of the job suck/may suck I will tell you. I will usually tell you before you even ask me about it.
- I will typically turn the interview into a training session if I get the vibe you're not going to be a good fit. I've been known to send PDFs, URLs, etc. over Skype to people during interviews in an effort to help them grow. I've sent follow up emails as well. I try and get back to everyone, but sometimes I let HR do it. I also get busy.
- I've told people to go study for a few weeks and come back and we can chat again. Some people do it and some don't but at least I gave them a second chance.
- What I want to know is whether or not you can actually do the work. You can always Google for the specifics.
- I feel people put too much emphasis on verbal knowledge. I know a lot of book smart people who can't do shit.
- I don't ask riddles. I think they are stupid.
- There should be some hands-on at some stage of the interview process. I get there there is time issues. Reserve this for your final 2 - 3 candidates. If you're not willing to invest time in finding a person to join your team you're also likely not going to invest time in keeping them happy when they get there. Not everyone is good at verbal interviews where they might be really good at getting the job done, which includes myself.
The items below are in no specific order. Just some random thoughts off the top of my head where I see people doing things I don't particularly care for.
- Job descriptions. Don't trust them. They are rarely accurate from what actually goes on day-to-day. Effort is made to write them accurately, but things do change and the business goes where the money goes. This is where you should ask me what a normal work day/week/month is like. Don't be scared to ask deeper questions on this part. At the end of the day you're working 8+ hrs here week after week. You have a right to know what goes on. If the person doesn't tell you or is vague the job likely sucks. Move on....
- Likes and Dislikes. If I ask you what you don't like be honest with me. I know people don't like certain things. If you don't like documenting then tell me. I might tell you that unfortunately 20% of what you do is documentation, but you're better off finding out during the interview than when you join the company. When you say, "I like everything" I know you're lying. Be careful here though. Don't give me a list of 10 things you dislike. At times you need to suck it up and do what's required.
- Linkedin. A lot of recruiters use Linkedin. It's possible I might even look at your Linkedin profile if it is listed on your resume. Make sure the picture you use is professional, or at least not you smoking a cigarette throwing a peace sign (i've seen it). Clients WILL search your names out and find you on Linkedin. They do to me all the time and I shouldn't have to tell you that it is unprofessional to have such pictures there. Keep them on Facebook.
- Relax, and get comfortable. Talk to me like you talk to your friends. I don't want to know the fake person you become during an interview to impress me. I want to know the real you. Be open and let's have a good conversation.
- Time Don't be late. If you're going to be late text me, tweet me, email me, etc. This is an automatic failure if I don't hear from you. However, if you let me know you're going to be late then I pretend it didn't happen. No harm, no foul. Shit happens. This applies to the person conducting the interview. Have some respect for their time as well.
- Can you hear me? Really...? You couldn't find a quite place to chat? Most interviews are scheduled. If you can't find a quite place within 3 - 4 days you got issues. I also don't like to be placed on speakerphone. If I keep saying, "hello, can you hear me..hello...hello.." there is a problem. Ask to call me back from a quieter place. I shouldn't have to tell you I am going to call you back because it's too loud.
- Resume. You know if you're not qualified. Don't overstate your resume. We are not stupid. We wouldn't be the ones tasked with interviewing you if we didn't at least know something. You will likely fool HR, but you wont fool us. I get the fluff thing and trying to stand out, but be reasonable. A bit of fluff i'm cool with. We have all done it and it shows you know how to play the game.
- Be honest. Please don't waste my time. I don't expect you to know everything. I don't know everything, how can I expect you to know it all? If you don't know, say "I don't know". You will typically make yourself look worse trying to come up with something. Example: When I ask about search order hijacking and you think i'm talking about search engine optimization (it's happened more than once). I respect people that say I don't know. I don't like people that always think they know everything.
- Ninja vanish quickly. If you're not a ninja don't put, "Malware Ninja" on your resume. It's not cute, and it's a bit arrogant. Especially when you're not even a brown belt. I'll likely make your interview much harder than I normally would. It's a double edge sword and ninjas don't cut themselves with their own swords.
- Staying current. When I ask you what blogs, news, etc. you follow to stay current with research, etc. don't tell me, "ISC2 news feeds". I've never received anything useful from them so I know you haven't either. I also use RSS feeds for my news, but I know some of the better sites inside my feed. I don't believe you when you say, "I forgot. I just use RSS feeds." To me that means you don't actually read up on things and stay current with trending threats/research.
- Invest in yourself. If you're not going to be spending time after work hours to become good at this (any) field you likely wont succeed unless you're a very gifted individual. I suggest you look for another career path that isn't quite so demanding. This goes for older people as well. You're never too old to learn something new. I'm likely to give you a free pass if I see you will put in extra effort to get up to speed on things. If you're an 8-5 and spend no time outside of the office i'll likely pass you up for someone else.
- We are Global now. If you haven't realized we are a global world you're likely not on this planet. You are no longer competing among people in your own country anymore. That talent pool just got bigger and a hell of a lot harder. With Skype, Webex, and International airports it's only going to get harder still. Kids in countries such as Asia don't play basketball and football after a weak 6 hour school day. They are going to secondary schools learning hard sciences and math. They also speak multiple languages (including English). If your parents haven't yet, let me welcome you to the new world.
- *Memory forensics. *If you don't know anything about this yet you're likely not going to be selected. There is no reason you haven't at least taken a memory image of a system and run Volatility and/or Redline against it.
- College isn't everything. I don't mean college is a bad thing, but if you're a new graduate and you haven't made any effort to better your skill set outside of going to college courses you're also likely not going to be selected. You will never have as much free time in your life so if you can't find spare time to research, study, etc. during college you're likely never going to do it and I don't want someone who doesn't want to get better.
- Coding. This is for the older guys. You're going to be passed up by the younger generation who is growing up learning how to program. For the younger generation. Learn to code.
- Blogs, Github accounts, etc. show that you're at least interested in learning more. It's not a job requirement, but it's nice to see when people have these things listed on their resume. Especially new graduates with not a lot of real work experience.
- Certifications. Don't mean much.... Sorry. They are nice to see and show a bit of motivation, but i've seen too many people with certs that are no good so I don't read too much into them.
- Small world. It's a VERY small world. Don't be stupid and get a bad name by doing dumb things. I can't express enough how small of a world it is. I've traveled all over it and lived in multiple countries. You never know who you will run into. You also never know when a positive referral will help you or a bad one will hurt you.
- Linkedin. I'm torn on this one actually, but i'll bring it up anyway. I don't personally like when people add me on Linkedin until after we hire/pass on you. You searched my name out because HR told you who you would be interviewing with doesn't really mean you should add them as friends before the interview process is over. I get it, as you want to network, etc. but maybe give it awhile until the decision is made. Then make an effort and let me know why you want to add me. For example, "I understand I didn't get the job, but I'm going to study, etc. and I would like to stay in touch for when i'm ready, etc. I also notice that you blog and I figured this would be a good location where I could find other posts/comments you make." Something to that affect. It's not Facebook so please apply some reason.
- Prefetch and Run Keys. Please read up on artifacts other than prefetch and run keys. When I ask, "what are some artifacts you can use to identify program executions on a system BUT let's assume prefetch files are turned off." Please don't tell me prefetch files and then pause without knowing any other ones. Likewise, there are more persistence mechanisms than "run keys".
There are others, and i'll add some more as I think of them, but I wanted to write down a few items I feel people tend to get wrong and then just some general tips/comments/words of advice.