Cyber Career Centre - Mock Cybersecurity Job Interview

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] you Konoe is beastly you know ask you to walk me walk us through your resume didn't this give us a description of your walk us through this okay so hello my name is Ali I'm a recent graduate from UOIT I graduated generally here and I'm looking for employment and I think and the IT field so yeah an IT consulting those tickets will be amazing so I have some experience with CCNA isn't the networking I don't have a certificate could I have trained just that's what I was trained in in my sport my major was a never imagined security yes so as you can see these are some of my skills I was in school we we did Python Python programming for like three years and and C++ for the first year and I have security NASA so I took as screeners course which we you are introduced to pen testing so I've done my first pen test report okay it was a it was they came on the car because a university-level printers report egg it's not a it's not a real but everybody we just we just been tested our lab advisor right so it's just just for experience yep I have skills in web development we just took an empty on the course so I know I just know I know how to call it a quality website and and I have XQ experience to so etiquette database I have experience of the cloud so VMware is what we did in class and OpenStack give another sort of detecting that we also did in class so an experience with so yeah lots of wide variety of things here what would you say was like the biggest or the most interesting course of you you took the biggest most interesting one I would say was the pen test one well it was really challenging it was extremely hard especially the web part the web it was really tough and so in most big projects that we do in life we come across a difficulty a problem right either I can't find the resources that I need to do to do the job this is like really complicated and with the team of people it may be someone else on my team isn't pulling their weight isn't doing the part that they're supposed to do could you please walk us through a problem that you had in your pen test project and what you actually did to address the problem how you fixed it what actions you took and how you got things back on track today so in a vintage report we had a commode to finish it first we were done we just adapted to your ladders in the day just just to understand it passively or not every time but but hacking network exploitation is tough and we were taught us how to make the report at the last month we had asked to make the report so one month isn't really enough time to yeah is enough time to just take a look at the internal environment and you just him at everything so there was the four of us but still took a lot of time we were you were afraid that we weren't gonna complete the project I'm so I did I went to the I went to the prof I gotta try to finish it every day the prof say hey we there are some things we are missing in supposed to document - vulnerabilities that sin is aware and for no reason they're working in a tool under it all sorts of everything right so we were only we didn't get no 3t for everything you only get every D we didn't get three frames in public too so because the third ones really challenged way and there was 21 for this he wanted us to learn this he wanted he won this thing of seemingly the real world environment and then he said that yeah this is fine it was supposed to be hard you weren't supposed to get all of them you're supposed to get it absolutely perfect but you just had to show me what you can do in the time to do that so it's fine just do it just keep it up even if you pull on them to just do it to do the best you can and not beat you so that doesn't we did we just pulled all-nighters we didn't complete a 100% we didn't get everything of course but we were proud of what we did again actually what was this contesting course was it an elective course or there's a core course it was a mandatory element case so just just to get to know you like cybersecurity you like the cybersecurity what are some of the things that you know interest you about it but the plaintiffs of course in sorry go ahead I really interested me was how big it is insisting it's you especially weapon testing there's just so many ways he doesn't work for and many people are making websites right now there are no really training the security aspect of all things that's what that authority was eye-opening for me okay and yeah that's absolutely it's which is a very broad spectrum of things pen testing could be web app could use a single hard drive so it's very important that it within our field we stay updated and aware all the time so what are some of the channels that you have available to yourself that you're informed always about then using what's going on inside there is one resource called hack the box once I hacked bugs that you at least a website it helps you with basically pen testing or just just acting through this device right and the speed ease so that's more so like capture the flag yeah yeah but what about industry news what's going on sometimes I listen to the security podcaster security weekly podcast September pinkies into that and sometimes I've followed the hacker block yep so those two things I tend to get a bit technical at times mentioned he is so what exactly have you done he is crazy to the difference first let's see so what exactly so honestly with vcpr Kotaku feel that this will be see me on the subject ahead of you right now if your project was which those RSA there was he rapping like a rapper and there were two others but we had to code and it was basically just the youth the program was the user will input some sort of plaintext and you just have to show that this is the plaintext this is you rapping in the style of the rapper write it out put it oh right I understand don't know what forensics will take for instance so what would stick - for instance basically when the box is not really running great that the box is basically just extracted like a PM it's just just taken and then you can first analyze it may be perfect or CD rate some may be that some hacker came in yeah created some sort of file to do his sort of job and then directly the file yeah so how would you solve that so let's say it you take the environment I'll just take a copy of it off just extracted and maybe carve it and you can tell if this powers that we didn't over the was the code in this file and maybe you can track what the hacker was not to and then you can follow now just basically my okay yeah so this was another divorce I did posses course basically just going through the industry eight-day of what policies and procedures are expected this was an entire course yeah all the things like how do you do physical security how do you do how do you deal with people people security how do you deal with software security there were there were policies on all of those and each each day was a different things over our company here that we're in the hiring process for now we have a big problem over the last couple months now our company has packed a couple of times a couple of our web servers you can take it down we go in you know we restore backups and we bring the system's back up and your thing to clean and a few days later the hackers are back in the game you have to clean everything out of the game right if we were to hire you on to come in and help us what would you do to fix our problem for us clearly you haven't addressed the main problem which is how the hacker got in if you just back things up the even though you haven't fixed anything you just attack yourself compacting it again so you have to first see what the hacker is doing and maybe from their actions layer if you try to be nice where's the hacker if you might just do something crazy and then just delete something and then you have to roll back again you just need to find out how the higher cut in there if you know how you can stop that from happening and once you stop that they can roll back and that's that thing that you won't come back but exactly how would we go about once we knew the hacker had exploited XYZ vulnerability how do we fix that how would you fix that for us well to patch patch that vulnerability so mixer of course they look at every attack vector to see where the hacker is coming from and then just just patch it I try to minimize any risk to the company that way I it's hard to go anyway I mean anytime a mental example destitute general there's so many ways do you have any experience any vulnerability management uh no unfortunately I do not have any job experience per se all my experience of that authentic experience even my capstone with IBM it was just a research product an academic research project so yeah talk a bit about your capsule policy imagine what soft attribution means in 20 yeah so uh especially a security operation centers they just deal with activity music with fingerprinting is no matter who they are traditional fingerprinting the same thing I know attribution I believe by definition is what was was the main motivation oh no what's the main motivation of the person trying to do what they did so it's like why they doing it then that's what I'd be in my tradition with what they what they meant of course talk teams what they do is they take different people and they create statistics it's not a perfect science education can go into detail but there the philosophy is basically if you can find what kind of person this is you can preemptively try to stop it just maybe this way then let's say they have this sort of a pattern of behavior at the medical directive coming to the network from basically the electricity doctor social engineer one of our employees and make them click something and that's their mo but then they say if we see some this exact same MO but some other company we know that this could be them look at the high percentage shadows with this white play-doh pretty nice response but something happens we can provide at a time but we filled up in this person or this action and put it in a database and something else something similar we can say okay this could be this person and now we can predict what this person did last time and then we say okay this person's going to do this nice if so yeah it has some yes so you have a lot of you know technical experience a lot of penetration testing experience sort of this wall just to touch upon like network penetration testing so us you know we have a lot of clients that come to us and say I want you to test fly I want you to pet test by network so if you are giving a network port and a computer with all sorts of tools that you need what how would you begin the penetration testing process maybe start with the dudes like how you load your testing laptops you can you can talk about systems and then start of how you would use those two sir uh first I would just establish the scope okay what we're trying to do and I don't want to court I will receive something happy just like I feel something I can yeah let's say let's say let's say you're you didn't give you an IP baby mala kidding they didn't give you an IP but they give you a port think of your port and they said go at it sure I'll start by and mapping the port okay try to see what else is there what services already district like this is a physical food that they have given to connecting all that okay you don't have a goal to get on a server yet so right okay so I haven't done it this way already should say for example okay so your environment you plug in to the network boot over here I mean and then what's your next step if you don't receive the package of IDs as you say right what's your name out maybe like each other or something just a search what IPSec narrative is now maybe they're chucking a sickie we're not so they see telegraphic resistant although that is that are on least once I get that I know what devices are there may be able to communicate with these device to see if I like to be with them if I don't why not yeah what this device does sound like to on this machine is maybe with this example it's a was just this is on Facebook but you said a good thing to go out with kiss you will define the scope right so maybe there was in first and maybe there's a little funnier yeah those of harlotry right sometimes companies want to feed efficiency for example I see setting a password that t-shirt or music recommendation super password is very easy I think current booster standards just one a long password next sentence doe really cared much atomic numbers or capital and capital owners fathers are it's some sort of rejection or the door upon that just take a sentence sentence - sweetheart - great break ok I see you have a you know a lot of technicals skills that you've put here out of all the skills that you've put here what is your weakest skill I would say forensics because of our our IT pros of course it was outdated unfortunate with six seven years out of date so I don't really know any of the new tools hiding forensics it wasn't any questions you saw earlier what brought water sanitation so sorry the next step is you know we will kind of regroup as a team together we'll review your resume overall I think they work well and you know we will have someone from HR stay in touch I'm sure he's already been in contact with someone from HR so that's the person to followup with as well and we'll get back to you within the next couple weeks okay any other questions got the most yeah I will beautiful question like a lot of times what I feel is good is the other person who's been working at the company has has a lot of experience working at the company so why not ask them you know you've been working here for seven years you've been working here for ten years fifteen years what is your experience been like working with the company what do you like best about working here oh yeah right and so that's you know they're just just another question to kind of kind of think of you can come up with suitability of work all right you know so much is you know when we started then we'll see about it so okay don't take this as like negative these are this is this a reason we're doing this right as you go and do these things so one is don't when you give a resume in front of you we are really so to read it so you should know what's already in there you should know what experience you already have I mean this is not a lot of expense but you can always talk about it but not really like second I mean this way small things nothing second is when you're kind of answering questions I think that the very start you're a patrol officer you're rubbing your hands you do that when you're nervous but perhaps don't give out that bottle and erase it so if you didn't know this take it take some time you know we tell you it can add 80 depends extremely important it so don't fidget your hand like this don't like this it should be beat this is me confident by your right your body language - speaks a lot to the hiring managers is well especially you know again again I look for people who have got who can go on top top of the plants right so don't give up those kind of signals at the start and is the last one for mine very small one this is so when you talked about you know esri say you know when we talked about the path in library right so you make sure that you know what it's it's okay if you don't remember it but we should remember the basic tense range so for example if I tripped on it so that's one of the language that you use for right so make sure that you whatever you have written maybe half an hour one hour before the interview this go through it right just a do a refresh make some notes right it's okay to have moods with it you'll read from the notes but have the boots has read depends on your side so you can present a resume can have your notes in this Jeff orduno track so just a couple things from my side I think you just been a little bit more who here when we start to want to give information we want to talk about everything was explained every single angle and all right but if your response has kind of become a little bit longer the interview thought well you know first of all like mention very little time right and in context start to get bored as well right so some to the point sort of questions and and then another one was you know want to ask about the weakness you were starting to pick which one which one would be a good weakness to have right just be more bit more confident and you know we we generally also know our weaknesses right there are we deciding which weakness are I gonna say - I have a lot of weaknesses and if you do think is more than one it's okay to say that as well but just being a little bit more to the point and in just making eye contact with you know if there's three people just win just with everybody everyone and any nicer the problem Analects building out more ideas at once I still have a problem so that when I talk like you know he knows very well like it's tempered speak very fast at times yeah slowly and I give out more of ideas at once it's okay I have to stop you you already always have that kind of issue right but how will control that is this before like have no control on whatever sec against you know i think there are a couple times we said well I don't know if there's a lot of options right maybe you can say that in a you know in a better way like you know why didn't I realize a scenario as I say my options I will start to take different paths yeah right another saying I don't know there's a lot of options right so examine the way over E or C for example if this is what this were the case maybe it's not like what is right maybe this is the Eastern how you do it this don't ask for exactly exactly I think that shows that you already know many different ways and you know you've picked your one path and that gives you the opportunity to actually pick a more clear path than you're comfortable with because sometimes the sometimes the near they will go off the rails right interviewers will Glen the wheat somewhere right you have the initiative to put things back onto the rail again by taking more positive direction is to answering the questions you know well you know this would be one way to answer your questions love you to take more control all right well thank you
Info
Channel: Cyber Tech & Risk
Views: 37,916
Rating: 4.8813839 out of 5
Keywords: Cyber Career Centre, Interview, Cybersecurity Interview, Cyber Talent, Cybersecurity Job, Talent Development, Training, Cyber Tech & Risk, Career Development
Id: 38lSXK0PPmU
Channel Id: undefined
Length: 23min 48sec (1428 seconds)
Published: Wed Apr 17 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.