Cyber Security Interview Questions You Must Know (Part 1)

Рет қаралды 202,986

4 жыл бұрын

DO NOT go into an interview for Cyber Security without watching this video first! Join me for Cyber Security interview questions that you must know in order to land a job!
Start learning Cybersecurity today ➡️ www.cybertrainingpro.com/
You have gone through submitting your application for a job and now you must interview with the hiring manager. Consequently, it is at this time that you start to panic because for many people interviews are scary and there are always unexpected questions that get asked. Likewise, this fear causes people to freeze or lockup in an interview and get discouraged. Look, I am not saying that this video is going to answer every Cyber Security interview question that might come up, but I am going to walk you through ten (10) questions that have a high probability of coming up in an interview.
Above all, I am going to give you a strategy to answering questions that includes the real purpose why an interviewer might ask these types of questions. You might not always know the answer to a question, but your mindset and how you think through things is crucial to giving an employer insight into your thought process. As a result, you will have a higher chance of increasing your odds of crushing an interview and most importantly you will decrease your fear of interviews!
Join me in this video to level-up your interviewing skills for Cyber Security!
Watch my entire playlist on Cyber Security Interview Preparation: • Prepare For Cyber Secu...
Job Interview Guide: amzn.to/3bUkh31
Amazing Interview Answers: amzn.to/36oLh9J
=============================
Today’s Video Sponsor
=============================
Are you interested in sponsoring content? ➡️ jongood.com/sponsor
=============================
Popular Cybersecurity Resources
=============================
Getting Started Resources & Free eBook ➡️ www.jongood.com/getstarted/
Cybersecurity Q&A ➡️ • Cyber Security Q&A
Cybersecurity Projects ➡️ • Projects (Cybersecurity)
Cybersecurity Training & Career Services ➡️ www.CyberTrainingPro.com/
=============================
Cool Tech that I Use in My Studio
=============================
Gear List ➡️ jongood.com/affiliates/amazon/
=============================
Connect with me!
=============================
LinkedIn: ➡︎ / jongoodcyber
Twitter: ➡︎ / jongoodcyber
Instagram: ➡︎ / jongoodcyber
⏰ Timecodes ⏰
0:00 Cyber Security Interview Questions You Must Know (Part 1)
=============================
#CyberSecurityInterview #InformationSecurityInterview #InterviewTips
DISCLAIMER: I am an ambassador or affiliate for many brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty-free music and sound effects.

Пікірлер: 332

@JonGoodCyber 4 жыл бұрын

Watch my entire playlist on Cyber Security Interview Preparation: kzbin.info/aero/PLErQ2qAXz3rrMDlGQDHFit-behgq3Krtl Here are a few general resources on preparing for interviews: Job Interview Guide: amzn.to/3bUkh31 Amazing Interview Answers: amzn.to/36oLh9J

@markpfeffer7487 3 жыл бұрын

No joke. I watched this the night before my info sec analyst interview. Crushed it. My resume had network support experience but 0 cybersecurity job experience besides personal projects. I crushed the interview and got the job. Thank you. Literally changed my life.

@JonGoodCyber 3 жыл бұрын

Excellent and congratulations! I'm glad that I could help!

@theanjolaa9753 2 жыл бұрын

CONGRATULATIONS 🎉 I will use this for my interview on Monday! Praying for an offer!

@abdukiyaga7723 2 жыл бұрын

@@theanjolaa9753 how did it go?

@okegs4real 2 жыл бұрын

@@theanjolaa9753 how was it? Sending good luck your way

@okegs4real 2 жыл бұрын

How's the job going? If you don't mind me asking, what is avg salary for someone with no experience and a sec+ cert? I plan to build a homelab to do some practice

@auto117666 2 жыл бұрын

As a person who has been a part of many technical interviews, for some of these questions, you should start of by saying... "it depends.." Be thoughtful in your answers. Being articulate in your thought process is half the interview. Take a moment to gather your thoughts if needed.

@JonGoodCyber 2 жыл бұрын

"It depends" is definitely relevant in a lot of situations and it doesn't hurt to ask for clarification. On the other hand, if you ask for clarification and the employer stumbles, you might have just uncovered an undesirable work situation.

@joshstewart1649 2 жыл бұрын

I’m a IT Security Analyst and I do check out at the end of the day. Love what I do but I’m not going to spend loads of time outside work doing cyber security especially with a family. You need down time but you should when you have time/energy try and advance your skills.

@JonGoodCyber 2 жыл бұрын

Life is all about prioritization and deciding where to spend your limited time. Obviously the more time that you can dedicate to learning the more expertise that you can gain, but even just a few hours per week will help. The biggest thing is absolutely maximizing whatever time that you can put towards it and keeping a healthy work/life balance.

@takahashicanada 2 жыл бұрын

Thank you so much. I got a job offer as an information security analyst (Tier 1) in Toronto, Canada. Luckily I watched this youtube. The interviewer asked me some questions that were very close to your below questions: 5. Which security Framework is best? 6. What is the primary goal of information security or cyber security? 7. What is risk? What is a Threat? What is a Vulnerability? I am about to graduate from a college's online cybersecurity program soon. I do not have any IT certification. I never worked in the IT industry. My academic backgrounds are MBA and law. I have been working in the legal field almost a decade. I'm in my late 40. Never afraid of changing your career even you are above 40 years old. I believe there are many employers appreciate people with passion and willing to learn even they never work in the same industry. By the way, I have a good reference. She has been working in the cybersecurity industry for more than a decade and currently working in a fortune 500 companies. This was one of the most important factors I got the job offer.

@JonGoodCyber 2 жыл бұрын

Awesome and I'm glad that the video help! There are absolutely people of all ages switching into IT and Cyber Security all the time so definitely don't let age discourage you. Also, even with good references, you still have to sell yourself and it looks like you did successfully so congratulations!

@takahashicanada 2 жыл бұрын

@@JonGoodCyber Thank you

@chimdiihenacho4985 23 күн бұрын

@takahashicanada Hi Takashi, Glad to see and hear this. I was hoping I could use your reference land a job in the field?

@CeeBoogEee 3 жыл бұрын

Great video and I like that you actually respond to comments and give good feedback.

@JonGoodCyber 3 жыл бұрын

I'm glad you enjoyed the video and I try to give the best possible feedback to everybody!

@kaymeraki 10 ай бұрын

Just had an info sec interview, it was a Junior role so they didn’t go super tech heavy with questions but they did ask what am I doing outside of work to stay up to date. I was so glad I subscribed to security weekly! Thank you for the tips!

@JonGoodCyber 10 ай бұрын

The amount of technical vs non-technical questions will definitely vary based on the interviewer and the job, but any wise interviewer will understand that a lot of the technology aspects can be learned/taught. Thanks for sharing and I'm glad that you enjoyed the content!

@claudiabucknor7159 3 жыл бұрын

Thanks so much, I recently did an interview and came across 4 of these questions. Thanks so much. It’s was so helpful and important and this contributed to my cyber knowledge. Thanks 🙏 grateful

@JonGoodCyber 3 жыл бұрын

Glad it was helpful and thank you for the feedback!

@Traff92 3 жыл бұрын

@Claudia Bucknor, how'd you go?

@rmcgraw7943 2 жыл бұрын

PCI DSS is not a framework. It’s a standard that defines a compliance level. NIST CSF, COBIT, CIS Controls, ISO 27000s, and Mitre Attack are frameworks, each covering a specific realm of cybersecurity concerns. NIST and ISOs are the most comprehensive.

@JonGoodCyber 2 жыл бұрын

It's not uncommon for the terms framework and standard to get used interchangeably. For example, by the logic that you've described, there are plenty of compliance requirements based on NIST RMF that would be labeled as standards, however they are still considered frameworks. Ultimately it really doesn't matter in the context of this video because I was referring to the broader picture and exposure to at least some aspect of compliance. I absolutely agree with you that NIST and ISOs are the most comprehensive examples.

@leathiciayounsi6922 3 жыл бұрын

LIFE SAVERRRRRRRRRRRR, 5 of these questions were asked on my interview LAWRDDDDDDDD> i made it to my second round soo lets hope for the best

@JonGoodCyber 3 жыл бұрын

I'm glad this video helped! Good luck and make sure to let me know how it goes.

@htooaungwin3417 3 жыл бұрын

What happened in the sound round? What kind of questions you get in the SR?

@leathiciayounsi6922 3 жыл бұрын

@@htooaungwin3417 they ask more of customer service , how u respond to issues, like for example how do u make a PBnJ. Tbat baaically tella them how u work and efficient. And u just basically get scénario questions. Easy logic stuff. For example. U see someone doing stuff on a computer they are not supposed to speciall on government machine, saving passwords all over chrome. These are simple examples

@themonkeymantra 10 ай бұрын

Thanks so much for making this series!

@JonGoodCyber 10 ай бұрын

Glad you enjoyed it and you're welcome!

@abinthomas 3 жыл бұрын

Very good advice here. Thank you!

@JonGoodCyber 3 жыл бұрын

You are welcome and I’m glad you enjoyed the video!

@chickenpotthighs9387 2 жыл бұрын

Hello, I really appreciate the information u have reviewed so im subscribing for more of your content :)

@JonGoodCyber 2 жыл бұрын

Awesome, thank you!

@ZadeMeadowsLittleMouse 8 ай бұрын

Thank you for posting this video!! I will definitely be rewatching this a few times so I can practice these questions and scenarios!! 😃💗

@JonGoodCyber 8 ай бұрын

Glad it was helpful! Remember that if you want to up your game and create a solid strategy, we also offer Career Services on Cyber Training Pro ( www.cybertrainingpro.com/ ).

@ZadeMeadowsLittleMouse 8 ай бұрын

@@JonGoodCyber Thank You and will do!!

@ahmedshaban5204 4 жыл бұрын

We need more video like this . I love it . Thank you very much for your effort❤️

@JonGoodCyber 4 жыл бұрын

I'm glad you enjoyed the video! As long as people watch the videos, I'll keep making them!

@michaellee9652 4 жыл бұрын

I am on my last year of cybersecurity grad school. This video has been very helpful.

@JonGoodCyber 4 жыл бұрын

Glad it was helpful!

@techwithbecca 4 жыл бұрын

Yes! I loved this video, so helpful!

@JonGoodCyber 4 жыл бұрын

Thank you! I am glad you enjoyed the video and that it was helpful.

@MrAchilles5169 2 жыл бұрын

What is a DRP and BCP? Super valid questions, and I felt dumb when I realized what they were after, but knowing the jargon and what not makes a huge difference. I understand cyber security concepts, but never, not once, in my entire education for a BS in cyber operations, have we discussed either of those things.

@JonGoodCyber 2 жыл бұрын

Knowing the terminology and acronyms is absolutely vital since we have a lot of them but luckily it becomes easier over time. That's pretty interesting that your program never covered DRP or BCP because they are in all of the major certifications and if you're in the U.S. they are definitely part of the NSA curriculum that most schools are adopting. Either way I'm glad that I get to help people out!

@ahmedalsanosi5538 3 жыл бұрын

Thanks for shareing this information , very helpfull 💙

@JonGoodCyber 3 жыл бұрын

Glad it was helpful!

@jonathantant9611 2 жыл бұрын

Question on port mirroring through wireshark got me the best

@JonGoodCyber 2 жыл бұрын

Thank you for sharing!

@adetutumebude8538 10 ай бұрын

This was very educational, thank you.

@JonGoodCyber 10 ай бұрын

Glad you enjoyed it!

@hungariannerd8445 3 жыл бұрын

Thanks! I have an interview tomorrow for Cyber Security analyst!

@JonGoodCyber 3 жыл бұрын

Best of luck! Let me know how it goes.

@HeyAprz 4 жыл бұрын

Thanks for the video!

@JonGoodCyber 4 жыл бұрын

You're welcome! I'm glad you enjoyed the video.

@citriadoria1483 3 жыл бұрын

Great video buddy, many thanks! Thought popped in my mind: Encryption: retrieval possible by decryption, for confidentiality Hashing: retrieval impossible, for integrity

@JonGoodCyber 3 жыл бұрын

Glad it helped!

@HerrKapitaen 2 жыл бұрын

Since you only got a generic answer, I would like to appreciate your comment. This is the perfectly condensed and scientifically correct answer to that question. 🥂

@ptk1040 Жыл бұрын

Thank you for this video.

@JonGoodCyber Жыл бұрын

Glad it was helpful!

@petrolhead007 4 жыл бұрын

Excellent - Please continue doing such videos - short questions and answers.

@JonGoodCyber 4 жыл бұрын

Thank you for the feedback! I will keep my eyes out for additional questions that are common but unfortunately I can't hit every possible question that will come up. If you have a specific question feel free to ask in the comments, on the Discord server, or in the forums on my website (membership required).

@petrolhead007 4 жыл бұрын

@@JonGoodCyber I tired to join discord and created an account. However i don't know how to join relevant channels. Also, as a beginner I can't even post any questions or posts. Don't know if doing a discord beginner tutorial will be a good idea for your channel.

@JonGoodCyber 4 жыл бұрын

When you join the server, you are automatically added to any channels that are allowed for general users. Most of the channels allow users to make posts so you might be trying to send a message in a channel that does not allow you to add posts. I would recommend starting out in the daily-chat channel where I have put a few things to get you started. Discord has quite an extensive support section that might be of us to you ( support.discord.com/hc/en-us ).

@amygonzales103 2 жыл бұрын

Great video, thanks for the tips. I have my interview in two days, will report back if I get any of these questions!

@JonGoodCyber 2 жыл бұрын

Glad it was helpful and good luck!

@superduper1121 2 жыл бұрын

Great video thanks so much

@JonGoodCyber 2 жыл бұрын

Glad it was helpful!

@comrontiana2257 3 жыл бұрын

Hopefully this helps me out with my network security analyst interview! Feel confident that I was able to answer all of these questions.

@JonGoodCyber 3 жыл бұрын

It definitely depends on the interviewer but I cannot recall an interview where at least a few of these questions didn't come up.

@azerealm6616 2 жыл бұрын

How was the interview?

@citriadoria1483 3 жыл бұрын

Great! Nice video. Just thought popped in my head; Encryption - original data retrievable Hashim - original data not retrievable

@JonGoodCyber 3 жыл бұрын

Great tip!

@karthicseshadri5570 3 жыл бұрын

Calm and collective.. Makes sense.

@JonGoodCyber 3 жыл бұрын

Thank you for the support and I'm glad you enjoyed the video!

@HealthyHuman-vb6gb 8 күн бұрын

The guy who never blinks...that in itself is good content

@JonGoodCyber 8 күн бұрын

LOL! It's definitely a skill that can come in handy.

@TRAVESIAA 4 жыл бұрын

This was good 👍👍👍👍. Thank you.

@JonGoodCyber 4 жыл бұрын

Glad you enjoyed it! You are welcome.

@abhiraghav007 3 жыл бұрын

Spot on.. question no 7 is my favourite. Its my must for any interviews i do and then i build it from there. Most people say that all are same..😂😂

@JonGoodCyber 3 жыл бұрын

It is definitely interesting what you can tell about somebody's experience with even the most basic questions.

@sefa8626 Жыл бұрын

Thank you so much for this! I got an offer a week right after my interview! And today is my first day in! Thank you so much. Thank you!

@JonGoodCyber Жыл бұрын

Awesome! I'm glad that my content was able to help. Which kind of job did you land?

@breadwinner2297 10 ай бұрын

Hi can you help me ive been doing my training and studyin for security and network plus

@JonGoodCyber 10 ай бұрын

I recommend checking out the training at Cyber Training Pro ( www.cybertrainingpro.com/ ) for both the Network+ and Security+.

@lukesky7934 6 ай бұрын

I'm currently a Server administrator interviewing for a Cybersecurity and Fraud Engineer position tomorrow. This video was extremely helpful!

@JonGoodCyber 6 ай бұрын

Awesome and I'm glad that you found the content helpful! Let me know how it went/goes after the interview!

@jesusbanda5227 3 жыл бұрын

A lot of these topics/questions are so relevant to the CISSP

@JonGoodCyber 3 жыл бұрын

I appreciate the feedback and I'm glad you enjoyed the video!

@LOSisBEAST2 3 жыл бұрын

Hardest question I've had is... how many years cyber security experience do you have? Lol

@JonGoodCyber 3 жыл бұрын

That must have been a pretty easy interview. It definitely matters who in the organization does the interviewing and the maturity of the organization as far as what types of questions you will get.

@MartianMoon 3 жыл бұрын

Jon Good that was obviously a joke lol

@rmcgraw7943 2 жыл бұрын

I’ve done cybersecurity since DOS, when Windows didnt exists. ARM Assembler was my first language. Yours? Clearly, your humor profile is as advanced as your assessment baseline. LOL

@CasusBelli1000 2 жыл бұрын

Did you get it right ? ( i would have failed it)

@LOSisBEAST2 2 жыл бұрын

@@CasusBelli1000 lol no....my answer was negative 0. But after this Comptia cysa+ cert and some labs it'll be like .5 lol

@bowlbuddiesyum 3 жыл бұрын

Thanks for sharing!

@JonGoodCyber 3 жыл бұрын

No problem and I'm glad you enjoyed the video!

@CurtDiesel81 3 жыл бұрын

Thanks for this.

@JonGoodCyber 3 жыл бұрын

My pleasure!

@Nate_Vee 10 ай бұрын

Thanks for this video. I want to pivot into Cybersecurity.

@JonGoodCyber 10 ай бұрын

Awesome and I'm glad that you enjoyed the video!

@petrpinkas1137 3 жыл бұрын

Thank you for mentioning Feedly

@JonGoodCyber 3 жыл бұрын

You're welcome! I personally love Feedly.

@boogabooga223 2 жыл бұрын

Nice man, thanks a lot

@JonGoodCyber 2 жыл бұрын

Happy to help!

@DanciZg Жыл бұрын

Very helpful! Was there another entry-level interview video? I have found only mid and top level. Thanks!

@JonGoodCyber Жыл бұрын

Currently there are only the three videos but maybe I will look at doing a follow up since people enjoy this video so much.

@rashmig2110 3 жыл бұрын

Can you please do a part 2 of this and cover more questions in upcoming series

@JonGoodCyber 2 жыл бұрын

Part 2: kzbin.info/www/bejne/gnnMk3yPZ82omdU Part 3: kzbin.info/www/bejne/inO1h42bgaiMg68

@patrickchan2503 2 ай бұрын

I don't know how much experience you have but you are one of the most authentic cyber person. Are you senior as you give that vibe. Thanks.

@JonGoodCyber 2 ай бұрын

I appreciate the feedback and you're welcome! All of my experience is documented on my LinkedIn but I have well over a decade of experience in the career field. From analyst all the way to leadership roles, I've done just about everything in all sizes of companies.

@pkelly20091 3 жыл бұрын

The question which threw me is "what is cybersecurity ?" I wish I was articulate enough to say that it's is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

@JonGoodCyber 3 жыл бұрын

One video you will definitely want to check out is "What is Information Assurance vs Information Security vs Cyber Security?" ( kzbin.info/www/bejne/mXXOhqGEd9F4f6s ). People commonly misuse the term "cyber security" and if you can distinguish the major differences then you will be in a better position. A major teaser point is that cyber security by definition is only focused on the digital realm.

@bob94607 7 күн бұрын

The hardest question I was asked in an interview was "What happens when you type in a URL and hit enter." Had me stumped other than it doing a DNS look-up and routing me to the URL.

@JonGoodCyber 7 күн бұрын

It's amazing how questions that seem easy in theory tend to be difficult when we actually try to break them down to answer.

@swagmuffin9000 Жыл бұрын

Hardest question I've been asked was at the end of an interview, it caught me off guard, and had a response that I wasn't happy with. I was asked what my favorite supper hero was. I'm not big on them, but i do like a few. None came to mind, but the best defense in an interview is to just talk like a person. Talk like you do with someone you already know. It helps me at least to respond with something well thought out because the nerves are mostly gone.

@JonGoodCyber Жыл бұрын

I hate when people ask questions that have absolutely no relevance to the interview or job. More often than not, they are being random for the sake of being random and it's more of an annoyance than anything.

@swagmuffin9000 Жыл бұрын

@@JonGoodCyber right?! I mean it's fine if it happens to be in conversation. To have it as an actual interview question? Come on

@CyberBoo 4 жыл бұрын

Thank you !✨

@JonGoodCyber 4 жыл бұрын

Glad you enjoyed the video!

@psytron939 3 жыл бұрын

If some wants to write down the questions: 1. How is encryption different from hashing? 2. Describe your home Network/Lab ? 3. What is the OSI model? 4. Which is more secure: open source or closed source software? 5. Which security Framework is best? 6. What is the primary goal of information security or cyber security? 7. What is risk? What is a Threat? What is a Vulnerability? 8. Where do you get your security news from? 9. Why are preventative controls better than detective controls? 10. Should you compress or Encrypt first?

@dhaneshv71 3 жыл бұрын

You made it really easy.. Thanks !

@vibez321 3 жыл бұрын

I apricate you writing this down so I don't have the watch a socially awkward, unblinking man slowly talk in an attempt to hit the 10 min mark.

@corbingovers7559 3 жыл бұрын

Wow number 9 is a bit of a loaded question lol.

@psytron939 3 жыл бұрын

@@corbingovers7559 It can be, but I just look at it as its better to have preventative controls because prevention is before infiltration and detection. So if we can prevent the threats before they happen, it will be better than detecting an already infiltrated threat and deal with it. Damage may be done already.

@corbingovers7559 3 жыл бұрын

@@psytron939 The problem lies in seeing them as a scale. If you can't detect, you can't prevent. Just like an IPS vs IDS discussion, detective controls and preventative controls are largely the same controls just the preventative control has extra functionality. That's why I said it was a loaded question. A door lock may nominally prevent entrance but if you can't detect when the door lock is being picked or when the door is opened you are putting far too much trust in that system. IMO they're complementary, one informs the other. The detective controls allow you to smartly place preventative controls.

@manfrombritain6816 3 жыл бұрын

this is why i suck at interviews and exams. i knew all of this about encryption and hashing, but i couldn't bring it to mind until you said it... all i could think was "um well i know when i would and wouldn't use them, i know vaguely the processes involved, i know some algorithms and their relative strengths, i know encryption is for hiding data and hashing is for making a kind of placeholder". i KNOW that hashing can be used for integrity checks and that encryption makes data confidential, but that is not what pops into my mind ffs. its just like in school, if you don't spend hours robotically memorising the exact right wording people write you off even though you have the aptitude and practically ability

@JonGoodCyber 3 жыл бұрын

Knowing the information is definitely important but being able to speak to it confidently and think critically are also very important.

@JoeHendersonOfficial 8 ай бұрын

I feel like I'm watching an AI stair into my soul... Other than that awesome video!!

@JonGoodCyber 8 ай бұрын

I was trying to replicate the interview process lol! I'm glad that you enjoyed the video!

@ShivamSingh-og7lw Жыл бұрын

thanks for this content

@JonGoodCyber Жыл бұрын

Glad you enjoy it!

@cyberspacemanmike 11 ай бұрын

I recently interviewed for a pentesting internship with a top 5 consulting firm. Their CTF machine was down so they had me verbally role play a pentest DnD style. No joke. It didn't go well.

@JonGoodCyber 11 ай бұрын

Tabletop exercises certainly can have value but it's curious that such a major consulting player would have that kind of issue...let alone disclose it to an interviewee.

@jewelbennett7325 3 жыл бұрын

I'm going with cyber forensics. After listening to your videos a little more than I thought it 😏

@JonGoodCyber 3 жыл бұрын

Awesome and I'm glad you enjoyed the video!

@MastermindRell 3 жыл бұрын

Can you do one geared specifically for soc analyst interviews and landing those roles.

@JonGoodCyber 2 жыл бұрын

I will look into making this!

@itohjoe 4 жыл бұрын

Lol thanks for the video, but you might want some more expression and body movement Commander Data lol

@ernst559 3 жыл бұрын

Ikr

@JonGoodCyber 2 жыл бұрын

I think I've gotten a lot better in newer videos! Thank you for watching and the feedback.

@teecordelshow 3 жыл бұрын

I’ve been asked all these questions during my Cybersecurity career for nearly 10 years they’ve asked the same questions LOL

@JonGoodCyber 3 жыл бұрын

It is amazing how things in the field change quite often yet the ways that interviews are conducted do not really change.

@Blastros01 3 жыл бұрын

The eye contact was intense and intimate

@JonGoodCyber 3 жыл бұрын

I'm glad you enjoyed the video!

@santyoviedo8468 4 жыл бұрын

great content

@JonGoodCyber 4 жыл бұрын

Thank you for the feedback!

@angeldiaz8685 3 жыл бұрын

Good video!

@JonGoodCyber 3 жыл бұрын

Thank you for the support and I'm glad you enjoyed the video!

@mikeavila6921 3 жыл бұрын

I have a cyber security engineer interview today. I'm glad I found this.

@JonGoodCyber 3 жыл бұрын

That's great and I'm glad I could help! How did it go?

@mikeavila6921 3 жыл бұрын

@@JonGoodCyber it went pretty good. It was much better than an interview I had 6 months ago. I'm hoping to hear something thing week. They did ask some of the same questions in this video. Some were worded different though.

@JonGoodCyber 3 жыл бұрын

Awesome to hear! Hopefully it works out for you.

@mikeavila6921 3 жыл бұрын

@@JonGoodCyber damn I didn't get it. They found someone with more experience. Thanks thought. They said I was the Top 2 candidates. This was definitely a better interview

@JonGoodCyber 3 жыл бұрын

Darn, well that does happen sometimes unfortunately. At least it went well and it should give you more confidence for the next time. Were there any surprise questions that they asked?

@FosterMyoThu 2 жыл бұрын

Very good 👍

@JonGoodCyber 2 жыл бұрын

Thank you! Cheers!

@ihameed 2 жыл бұрын

i think I found a gold pot with your videos. about to break into cybersecurity so just going around on youtube looking into different videos.

@JonGoodCyber 2 жыл бұрын

I'm glad that you enjoyed the video and thank you for the support!

@CraftyZA 2 жыл бұрын

0:57 This is actually one of the questions I ask when I interview developers. Not even security staff. If a developer is willing to encrypt a password and save it in his database, there are some alarms starting in the interview

@JonGoodCyber 2 жыл бұрын

Absolutely a great question and thank you for sharing! I'm glad that so many people continue to get value from this video.

@juliosantana1646 Жыл бұрын

I don’t understand. What’s wrong with encrypting a password and saving it in his database? Why would that set off alarms to you?

@SurrealExposure12 10 ай бұрын

@@juliosantana1646 maybe you already figured it out, but encrypting passwords is not a good idea! as encryption is reversible (decryption) , its not as safe as Hashing (not reversible) a password and storing it. When a user enters their password, you hash that input and compare it with the hash value in your database. This way is secure.

@umutsatur7963 7 ай бұрын

You should read Confıdentiality and Integrity

@wassanaye6118 Жыл бұрын

I got my first job and aced my interview after I watched this video it was so useful 🙏🏼

@JonGoodCyber Жыл бұрын

Awesome! I'm glad that I could help.

@krm2767 10 ай бұрын

thank you bro

@JonGoodCyber 10 ай бұрын

You're welcome!

@leoliu6883 2 жыл бұрын

I'm graduating Rutgers with a Econ bachelor's degree this January. I'm 36 years old and have been working with my family's computer store for 15 years doing mainly hardware and software services. I would like to get into the cybersecurity field but have no experience. I am currently taking Udemy online course on Python. I was hoping for guidance on how to get started in the career path the right and most efficient way.

@JonGoodCyber 2 жыл бұрын

I wouldn't discount your hardware and software services experience because it's still relevant. I recommend checking out my eBook ( www.jongood.com/getstarted/ ) where I provide a roadmap of skills and certifications to pursue. There are also a lot of videos on my channel that will be relevant in your journey!

@tylerbell705 Жыл бұрын

Should I also be prepared to do a CTF of some sort alongside these questions? This may be an obvious answer, but I’m very new to this field and trying to cover all bases! Thanks in advance to anyone who replies!

@JonGoodCyber Жыл бұрын

The majority of interviews today do not have a practical componenet to them and are primarily discussion-based. That doesn't mean that there aren't interviews that require you to do certain tasks but it's not really something that I would stress about. Roles like penetration tester at consulting firms have a higher likelihood of having a practical interview component but most of the time previous candidates will make it known if an organization has a practical piece. In the future, it's possible that we will see more practical assessments during interviews but that's probably several years out where it's mainstream.

@tylerbell705 Жыл бұрын

@@JonGoodCyber awesome, thanks so much for replying!

@timmyhuynh3859 2 жыл бұрын

comment for youtube algorithms! thank you for your content

@JonGoodCyber 2 жыл бұрын

Thanks for watching!

@taohuang6535 3 жыл бұрын

Any advice for an entry level job seeker? What makes me seems prepared for the job?

@JonGoodCyber 3 жыл бұрын

Apply to as many jobs as possible. You never know who will call you back and the path you will end up on. Also, look at job postings because if you don't know any of the terms in the posting, then you probably aren't ready for that job but you know what to research.

@Henoik 3 жыл бұрын

Remember I got the "Should you encrypt or compress first" question. I obviously had no clue what I was talking about there, but nevertheless, I got the job. I guess my math teacher wasn't wrong when he said "show your work"

@JonGoodCyber 3 жыл бұрын

Honestly, that question will mess up a lot of people especially early on in their careers and is probably one of the trickier questions that an employer could ask a junior analyst. I'm glad that everything worked out for you though.

@endrialbo 3 жыл бұрын

Always compress first. By encrypting first, that generates random bits and compressing random bits will not function and has no pattern since it is a random bit

@AlexS-ub9de 2 жыл бұрын

@@endrialbo I found the same question in the net and the answer was : "When using encryption to secure data, you should always encrypt the data before compressing it. If you compress the data first, you could not encrypt it properly or decrypt it when received by another device" I'm confused here.

@dontkillmejay8570 Жыл бұрын

@@endrialbo No, always encrypt uncompressed data first.

@jeremeymanuelpillai1674 2 жыл бұрын

I have to do a report on a cyber attack for my course, which one would you recommend I choose, I would like to research an attack which already has plenty of information surrounding it already.

@JonGoodCyber 2 жыл бұрын

Your best two resources are going to be: 1. owasp.org/www-project-top-ten/ 2. attack.mitre.org/

@kennethrutt7986 2 жыл бұрын

My team has asked, what is the difference between reactive and preventative controls

@JonGoodCyber 2 жыл бұрын

Thank you for sharing! Knowing the difference between the types of controls is extremely important.

@rmcgraw7943 3 жыл бұрын

Hardest question: What are the phases of the Unified Kill Chain, and at what phase in the UKC does the threat cross from local machine to network access?

@Yaoifangirl626 2 жыл бұрын

Step 3 Delivery it crosses to the network access.. (Reconnaissance, weaponize, delivery, exploitation, installation, command and control)

@JonGoodCyber 2 жыл бұрын

Great to see the preparation!

@rmcgraw7943 2 жыл бұрын

@@Yaoifangirl626 Kinda, but it’s a bit of a trick question. It could be 3, but usually 3 is infection of the first computer. Lateral movement, enabled via Escalated Privilege, is generally where it spread across a network via Execution of code under that newly established privileged access. But, if you are Darkside and attack Colonial Pipeline, you can go from Step 1 to 16 without doing any of the other steps. LMAO. But, basically, there is no one right answer to any cybersecurity question. It’s always situational, dependent upon your organizational needs at the time. There is no right or wrong path, no ‘best’ framework, no best product, no best technology, no silver bullet. The best is defined by a process of determining your unique needs, and basing your decisions on the empiricial, hopefully quantitative, data available and derived by your knowledge of the organizational as a whole. A cybersecurity program is a large operational entity, with many parts (of which a framework, a control library, detection and mitigation [SOC], etc. are just one part) that create a solution synergy with one part providing inputs for another part’s output. The entire structure supports itself and each other via this unified effort, much like a car’s carburetor supports its engine, and the frame supports the engine, and the tire supports the frame. In doing this, the whole of a cybersecurity program creates a synergistic entity that is greater than the sum of its parts. :)

@neocloak 3 жыл бұрын

3:29 The question of which is more secure, open source or closed source? - I would've instantly answered open source without a 2nd thought. Closed source only delays the inevitable in terms of security. Since No one has access to the code but the company, bugs and security features only get fixed when the company makes it a priority. Hackers can use fuzzers to find bugs, and exploits can be developed and distributed. Since the company isn't making security a priority, and old code is left for dead, Hackers get to do what they want to the closed source software and they know it won't get fixed unless the hackers make a big enough stink to get the company to change their priority back to security. The only reason closed source makes sense is for a competitive advantage over other companies. Security shouldn't be a reason to be closed source. Open source is viewable and can be improved by everyone. There are coders out there who love to find bugs and fix them. Quality code will be submitted to your project for free, and catch things that your company originally did not. That's one of the reasons that Linux is so secure. Linux won't need an anti virus, because as soon as an exploit is made known, they patch the Kernel or OS to be immune to the exploit. Open source may reveal the code, but it only makes the code stronger and more resilient. Making code open source will allow for improvements on the code even when its not the original authors priority to improve it.

@JonGoodCyber 3 жыл бұрын

Thank you for your response! There is no question that both open source and closed source have pros and cons. Even though open source makes the code available, that doesn't guarantee that submissions are quality nor does it guarantee a speedy fix. On the flip side, closed source software companies can offer bug bounty programs where skilled researchers can still contribute to the improvement of an application. Interestingly enough, encryption that is open to the world is seen as the most secure because it's based on extremely complex math but I don't necessarily agree that is an absolute truth when it comes to software. With this specific question it's really important to consider all pros and cons without bias because it will really make you think critically.

@pancakesuperior 2 жыл бұрын

I agree, though the only time closed source is recommended is likely proprietary or confidential software.

@JonGoodCyber 2 жыл бұрын

In a real situation, you have to evaluate the available options because making blanket determinations can also get you in trouble or potentially force you down the least optimal path. With interviews, this question specifically shows how well you consider multiple options based on your answer. Ultimately when answering this question, make sure you explain both sides to show your full understanding.

@AraceliDeleon-lg8eg Ай бұрын

Hi thanks for these tips it helped with my cyber internship. Do you have an tips for cyber internship? How to get an offer during the internship?

@JonGoodCyber Ай бұрын

I'm glad it was helpful! Network with people, volunteer as much as possible, do your best in everything you are assigned and continue following my eBook's roadmap ( jongood.com/getstarted/ ). Getting offered a job is never guaranteed, but those will certainly help your chances!

@youngking3539 Ай бұрын

Got a network administrator (cyber security) interview tomorrow no experience just got my associates degree.

@JonGoodCyber Ай бұрын

Nice and I hope it went well! Make sure to let us know how things went.

@NarciGH 2 жыл бұрын

I have never had an interview in my field and even had not any Mak Interviews to practice, and I have 2 real interviews on Monday.

@JonGoodCyber 2 жыл бұрын

Good luck! Hopefully the video helps you in your interviews.

@NarciGH 2 жыл бұрын

@@JonGoodCyber Before watching this video, I was confused, but after watching, I gained confidence. Thank you very much!🙂

@adambreitenbach7936 2 жыл бұрын

I’m a cybersecurity manager at an MSP about to take my CISSP next week - I would be taken out at Q2. My home network consists of a wireless router and a few Ethernet cables. I can’t stand looking at IT equipment or a computer screen when I’m off work. Work is for work - home is for my family time, gym, cooking, reading, and yard work. I keep a healthy distance, and it’s kept me a much more happy and stable person. Hit me with all those knowledge questions all day long, but if you’re excited about my home environment, you’ll be sorely disappointed!

@JonGoodCyber 2 жыл бұрын

Good luck on the CISSP! I think that if people are expecting managers to have some elaborate home network then they are probably going to be disappointed in general simply because it requires different skills and not necessarily to be experimenting all night long in your lab.

@adambreitenbach7936 2 жыл бұрын

@@JonGoodCyber Hey Jon - thanks for the reply! I passed that CISSP exam last month and have been absorbing your content as I plan my next IT move. Appreciate your hard work!

@JonGoodCyber 2 жыл бұрын

Awesome! I missed that it said next week but I'm glad that you were able to clear the exam...that's a ton of weight lifted off of your shoulders. Thank you for the support!

@nixcutus 4 жыл бұрын

Awesome

@JonGoodCyber 4 жыл бұрын

I'm glad you enjoyed the video!

@boiiwizzy7809 4 жыл бұрын

How do you prevent the BOF from network exploit ???

@JonGoodCyber 4 жыл бұрын

Was that a question directed at me or one for interviews? Since this particular video is about interview questions, I'm guessing it was meant for that. Although it's an interesting question that can get very technical, most jobs aren't going to benefit from that question unless they are specifically for jobs in security operations, exploit development, penetration testing, or software development. If you are interviewing for one of those types of jobs I would definitely research buffer overflows.

@MadeItHappenDaily 4 жыл бұрын

nice shirt!

@JonGoodCyber 4 жыл бұрын

Thank you! I'm glad you like it.

@butchpinkham6129 Жыл бұрын

Love your T-shirt. GO Royals!

@JonGoodCyber Жыл бұрын

I'm glad that you like it!

@callmebigpapa 10 ай бұрын

I do Cybersec interviews ....if you don't know say you don't know because WE KNOW. It is ok, just say you would use the available tools to find out or consult a senior etc. The scope of what you need to know is huge.....

@JonGoodCyber 10 ай бұрын

Funny enough I've been asked interview questions where I knew the interviewer didn't know the answer...and I knew they didn't know.

@callmebigpapa 10 ай бұрын

@@JonGoodCyber That was likely the HR rep doing a screener ....but yeah they should not do that !

@JonGoodCyber 10 ай бұрын

I know the difference between an HR screen and actual interview as I've been in the career field for quite some time, but no this has happened on actual interviews.

@callmebigpapa 10 ай бұрын

@@JonGoodCyber Well if you got the job hopefully you were to help them with their P&P! Great videos thanks for sharing.

@JonGoodCyber 10 ай бұрын

Win some and you lose some lol! I'm glad that you are enjoying the videos!

@gopiguduru8591 3 жыл бұрын

Hi this is Gopi I finished masters in cyber security what courses I need to learn for getting into that job sector

@JonGoodCyber 2 жыл бұрын

I recommend checking out my Getting Started page ( www.jongood.com/getstarted/ ) and grab a free copy of my eBook where I provide a roadmap of skills and certifications to pursue. Degrees are great but there is still a lot of emphasis put on certifications in the job market.

@kartikmehta541 4 жыл бұрын

awesome!!!

@JonGoodCyber 4 жыл бұрын

Thank you for the feedback!

@cyberspacemanmike 11 ай бұрын

It's not always best to compress and then encrypt as it can undermine security. "Re: The CRIME attack: Many web servers and clients at the time supported data compression to improve performance. This compression was applied before encryption, meaning that the plaintext data was compressed and then encrypted. This order of operations allowed an attacker to exploit potential information leakage."

@JonGoodCyber 11 ай бұрын

That is an incorrect statement. If you are able to compress encrypted data then your encryption is not good because of how both work. Also a CRIME attacks exploit a vulnerability in SSL compression itself...NOT the fact that you compressed data first and then encrypted it.

@cyberspacemanmike 11 ай бұрын

@@JonGoodCyber My understanding is that the order of operations (compressing and then encrypting) was integral to the attack and that the attack relied on "observ(ing) the effects of the compression and encryption interaction."

@rariehlani1344 2 жыл бұрын

About open and close source. For example, Linux, an open source, would have less loop holes due to the idea that millions can access its code and fix/improve it. Imagine .NET of windows that a small group has access to its code. They will obviously find less loop holes.

@JonGoodCyber 2 жыл бұрын

In theory that's true but open source doesn't necessarily mean that somebody can just fix a bug themselves. What if something is open source but the vendor is slow to fix issues or approve the changes? Also, you're assuming that a closed source company doesn't use third party companies of experts to do code review in addition to what they do internally. I would probably put more reliance on massive companies like Microsoft but it's when you get to small to mid-size vendors that you might find corners being cut or much more risk.

@rariehlani1344 2 жыл бұрын

@@JonGoodCyber thank you, makes sense

@user-hw4td5zc1g Жыл бұрын

yes actually software bugs are depends on the engineers who made software no matter if its open source or closed source and hardware also can be vulnerable if its outdated

@anasshah5147 3 жыл бұрын

It helps me to crack a interview

@JonGoodCyber 3 жыл бұрын

I'm glad that you found the video helpful!

@anasshah5147 3 жыл бұрын

Hey Jon I want to know more about cybersecurity, I m from India and I pursuing masters in Cybersecurity. Plz guide me what I do in this field 🙏

@JonGoodCyber 3 жыл бұрын

I would highly encourage checking out my website ( www.jongood.com/getting-started/ ) and all of the resources that I've listed. There might be slight adjustments you will have to make such as if a specific certification is in more demand for jobs in India since I am in the United States, but the majority of the information is going to be relevant regardless of your country.

@adel-np1yl 6 ай бұрын

Interesting

@JonGoodCyber 6 ай бұрын

I'm glad that you enjoyed it!

@dcrz 2 жыл бұрын

Got a technical interview for a information security analyst tomorrow morning. I hope I crush it. Pray for me y’all.

@JonGoodCyber 2 жыл бұрын

Hopefully you get a lot of these questions and it goes well!

@dcrz 2 жыл бұрын

Update: the interview was pretty relaxed and just conversational about my back ground. (3years of being an information security analyst) I hope I got the job!

@KBBoomin Жыл бұрын

@@dcrz You got the job?

@averagebeing_com 3 жыл бұрын

Completed my b.tech want to enter cybersecurity field what to do? Pursue masters in cyber security? Or find an entry level IT job and go for ms after 1 year? Small problem here is that entry level jobs also need 1-3 yrs of experience. Thinking to do ceh and basic certifications and pursue Master as we cannot get any entry level desktop support, technician or system administrator jobs in India as they require experience, any other alternatives? what to do guys ?

@JonGoodCyber 3 жыл бұрын

Simply getting a masters degree won't necessarily qualify you without experience and on paper it might "over qualify" you in some peoples eyes. On jobs that say 3 years experience or less, I would apply because they might be willing to take a chance depending on who applies for the job. While you apply or even get into the job, start working on certifications and then after you have a couple years of experience then go for the Masters degree if you still want it. The hardest job to get is the first one and from there things start to fall into place.

@averagebeing_com 3 жыл бұрын

@@JonGoodCyber thank you for the guidance

@marcelusbowles6310 Жыл бұрын

What is a good beginner level job to look for experiences a cybersecurity professional?

@JonGoodCyber Жыл бұрын

I recommend grabbing my free eBook ( jongood.com/getstarted/ ) where I provide several different jobs that can have junior or entry level positions. Additionally you should be considering helpdesk and entry level IT jobs if you do not have any experience. You never know who will give you an opportunity regardless of how much you have studied and ultimately, getting some experience is better than waiting for a dream job to appear.

@callmebigpapa 10 ай бұрын

Get a helpdesk job but dont stay too long. It will teach you troubleshooting and how to think fast to narrow down the issue. Invaluable

@jk-te5hp 3 жыл бұрын

sweeeeet:)

@JonGoodCyber 3 жыл бұрын

I'm glad you enjoyed the video!

@random-ig6tp 9 ай бұрын

Does this apply for a information security engineer position?

@JonGoodCyber 9 ай бұрын

Yes, I would argue that it applies to all Cyber Security roles.

@CasusBelli1000 2 жыл бұрын

hardest questions : Describe SSL TLS handshake steps / SAML methods / Differences between Open Id and SAML. etc... I would have dreamed of "only having so OSI model questions there....

@JonGoodCyber 2 жыл бұрын

It really depends on the interviewer and their understanding of the role. I've had interviewers that ask me extremely difficult questions that have nothing to do with the role and then easy questions in higher level interviews.