Competency Based Questioning - part 4
08:30 Friday, 17 December 2021
UK Cyber Security Council
In this, the final part of our mini-series on Competency-Based Questioning, we'll look at one more example of a question that is likely to be thrown at a candidate for a cyber security position. This is, in fact, a question that this correspondent was asked in his final interview for his current role as head of cyber security in a bank (as I got the job, the response must have been reasonable).
Q: You haven't worked in our industry before: tell me about an occasion when you demonstrated the skills you think you'll need in this role, and why you think they're relevant.
In some respects this is a mean question and you need to be cautious: they are basically reminding you (as if this weren't at the front of your mind) that you don't know their industry but nonetheless are asking you to speculate on the skills you might need.
The first thing to bear in mind is something we said back in July 2021 in the first article in this series: "Although you will generally not be given the questions in advance of your interview, the pool from which questions are drawn tends to be shallow. There are many, many web pages dedicated to helping you predict what you might be asked and to give examples of the answers you could give". In short, you can second-guess most of the questions you're likely to be asked, and with a little bit of logic and deduction you should be able to figure out before the event the kind of thing you might be asked. (At the very least put on your most cynical hat and ask yourself the kind of thing you'd be asking if the interview roles were reversed).
The second thing to remember is that you know people. And this means you may know people in the industry you're looking to move into. So, ask them what they think, and what you might need to know that you don't know already.
My answer went something like this.
"I was wondering about what made this industry different from what I know, so I spent some time with two former colleagues who have worked in similar roles to this one."
This shows you've thought about it - you have demonstrated a keenness by taking the time to consider what you might be asked and, more importantly, reassure yourself that you're not leaping into the unknown.
"I was pleased to hear that although there are some nuances I'll have to get to grips with, the majority of cyber security in this industry is actually very similar to what I'm used to. Having thought about it, that shouldn't really be a surprise as the principles of cyber security are pretty universal, and in hindsight there's been a lot in common across the various companies and industries I've worked in. They also reassured me that the gap between what I know and the industry-specific things I need to know isn't great, and they seemed confident I'd soon step over it. And on the other side of the coin, there may well be concepts and techniques I've learned outside this industry that might not have been tried here but which could work well."
So you've taken the time to predict what might be asked, you've sanity-checked your skills and the needs of the industry with colleagues who know, you've stated that it isn't going to be rocket science for you to bridge the gap, and have pointed out that you may well know concepts and techniques that they've not tried but which might make a positive difference. No, you've not worked in that industry before - but you've made it perfectly clear that this shouldn't prevent you from doing so now.