"The candidate should avoid cramming for knowledge, and focus on interviewing to demonstrate attitude, not as much infosec aptitude. Infosec is baked into nearly every business and tech process, so the candidate should be prepared to identify the infosec activities within their existing strengths, and explain how they can be improved or exploited," says K. C. Yerrid, senior security consultant at FishNet Security, regarding entry level positions.
Know the business
Almost universally our experts stressed how important it is to research the organization where you're interviewing. Martin Fisher, director of information security at WellStar Health System says it's important to at least know something about the business and/or the industry of the interviewing company. "Research what's going on in that industry when it comes to regulatory compliance and information security," Fisher says. Fisher stressed the importance of studying the language the enterprise uses, and knowing the basics of the enterprise itself — its size, number of locations, nature of the business. Anything to show interest in the organization.
Adams agrees: "When interviewing for positions with Halock or our workforce clients, the bare minimum a candidate should do to prepare for an in-person interview is research the company, its history, and culture," she says.
Learn something about the interviewer
Knowing something about the company also needs to include knowing something, whenever possible, about the person conducting the interview. "This includes their work history, technical background, and any published research," says Amit.
Such research can also prove a way to kick off a valuable, rapport-building conversation. "You might just learn something about her background which could prove a talking point: perhaps you both love open-source software, or went to the same school, or are passionate about wearable technologies. This will also help you feel more confident going in, so you're not interviewing with a stranger so much as a colleague you haven't met," says Adams.
Dress the part
Not unsurprisingly, with the vast difference in business culture today, selecting the appropriate dress for an interview isn't as straightforward as it once was. "I love the culture of information security, in which your CISO may well have a Mohawk," says Adams. "My own image is far from suit-and-tie. But even if you're a kilt-and-Vibram kind of person, be aware that a job interview is still a semi-formal event," says Adams. "I've had candidates do Skype interviews sitting in hotel bathrooms, roll into on-site interviews wearing jean shorts and t-shirts, and use language I won't repeat during technical screenings," she says.
Others relayed similar, and surprising experiences with candidates. "[A] recent college graduate came in dressed like they were about to go to a rave. They hadn't bathed in a few days. [The candidate] was selected for non-continuation of the hiring process," says WellStar's Fisher.
Sign up for CIO Asia eNewsletters.