Turn interviews into offers with statistics

Plus: learning resources & the TikTok ban

Author

Cal J Hudson
March 19, 2024

👋 Good morning, Cyber Pros!

This week’s issue brings you:

  • How to turn interviews into offers with statistics

  • A cloud threat intelligence database

  • Key takeaways on the TikTok ban

  • Useful resources on AI & API security and job offer negotiations

Let’s dive in!

Read time: 5 mins

Turn interviews into offers with statistics

Today's job market is tough.

You get a LinkedIn alert on your phone that a new job is available. When you come back to it later that day, you see hundreds of applicants have already raided the job posting. You submit your application anyway with fingers crossed you get past the automated scanners and mountain of applicants.

Despite that huge volume, you land yourself an interview. Right now, you’re one of many with the required skills and experience. You need to set yourself apart from the crowd.

Your secret weapon: statistics

By effectively incorporating statistics into your responses, you can showcase your experience, demonstrate industry awareness, and ultimately impress the interviewer.

Today, I’ll tell you about two key methods for using statistics in a cyber security job interview to leave a lasting impression and increase your likelihood of receiving a job offer.

Method 1 - Performance statistics:

One of the most compelling ways to impress interviewers is by quantifying the impact of your past experiences using stats. Whether you're discussing previous projects, security incidents you've handled, or initiatives you've spearheaded, providing concrete numbers adds credibility and demonstrates the tangible results of your efforts.

For example, instead of simply stating:

  • "I improved the company's security posture."

You could say:

  • "Through the implementation of X system or controls, I reduced the number of Y by 30% over the course of six months."

By quantifying the improvement, you not only showcase your contribution but also provide context for your achievements. Metrics is the method for convincing an interviewer that not only did you do the thing, you did it well.

Method 2 - Security Statistics:

Hiring managers want to know you’re a serious player. Here are some questions going through their minds:

  1. Do they stay up-to-date with industry trends and current events that could affect our business?

  2. Do they understand the ‘why’ behind the work they do? (For example, it’s not to be compliant with a standard, it’s to stop X threat type)

  3. How do I know that their advice will be any good?

Staying up-to-date in this field is an essential skill. During your interview, you want to be able to reference strategies for mitigating emerging threats.

When doing this you could reference recent breach reports or threat intelligence data to support your recommendations. This not only reinforces the validity of your insights but also demonstrates your ability to translate complex information into actionable strategies.

Before using a new statistic, do the following:

  • Challenge its accuracy: look at the scope, check the cyber security maturity of the organisation’s involved, evaluate the data set and check if it stands on solid ground.

  • Contextualise the stat: Stats are often used as scare tactics to grab headlines. You need to think about how it affects you, the company you’re working for, or the company you’re interviewing for.

  • Apply it: what are the measures and actions we can take to positively influence these statistics?

Scenario:

You’re applying to a UK cyber security start-up with an annual revenue of £300M. You’ve got an interview and you want to demonstrate you understand cyber security in the context of their organisation.

Let’s say they ask you:

  • How would you defend against a ransomware attack?

You could list 3-5 standard measures to reduce impact and likelihood. But, you could also pack your response with value to stand out from other candidates.

Here is an example:

  1. Choose a statistic: ‘We know that the average cost of a ransomware attack in the UK was £9.44M in 2023’ (I made this up for demonstration purposes).

  2. Calculate the % impact: ‘The impact this would have on your organisation is around 3% of your annual revenue, based on 2023 numbers.’

  3. Contextualise the impact: ‘As a start-up, building a solid foundation of customer trust is critical for survival. Further, an incident of this nature would damage your reputation in the eyes of customers and investors. I understand that it’s paramount that we implement both preventative and corrective measures’.

  4. Show your worth: ‘Phishing campaigns are the primary vehicle for successful ransomware attacks. Therefore, by implementing measures around email security, monitoring, containment, and awareness for employees, we can significantly reduce the likelihood of their success, as well as limit their impact.’ (Add more detail around how you’d do this).

We always want to make sure we add context to statistics, so that they have greater value for those we’re communicating with.

Whether you're quantifying the impact of your past experiences or citing industry statistics to support your recommendations, incorporating data into your responses can significantly enhance your performance in a job interview.

Cloud Threat Intelligence Database

Last week I was quoted by Wiz:

You can access this free resource here:

Cloud Threat Landscape: A Cloud Threat Intelligence Database | Wiz

The Cloud Threat Landscape is a growing threat intelligence database of cloud security incidents, actors, tools and techniques curated by Wiz's Research team.

www.wiz.io/cloud-threat-landscape

The TikTok Ban

There’s been a lot of discussions on the TikTok ban in the US. Here are my key takeaways so far:

  • First Amendment Concerns: Critics of the TikTok ban are raising concerns over its potential infringement on the First Amendment. Rather than targeting TikTok directly, the focus is shifted onto Google and Apple for carrying the app, prompting calls for a more comprehensive and privacy-focused legislative approach.

  • Broader Data Usage and Manipulation: The ban has sparked conversations about the broader landscape of data usage and manipulation by social media platforms, both foreign and domestic. To be honest, I think singling out TikTok is a slight distraction from addressing similar practices prevalent across other platforms.

  • Data Privacy Concerns: There are legitimate concerns regarding data privacy and potential algorithm manipulation by China, as evidenced by disparities in content between TikTok and other platforms.

  • Influence on Political Opinions: TikTok's ability to shape political opinions has come under scrutiny, particularly with targeted notifications influencing certain groups. This raises huge questions about information control and its implications for democratic discourse.

As the debate surrounding the TikTok ban continues, these key takeaways serve as crucial points of consideration in shaping future policies and regulations regarding data privacy, national security, and the global digital landscape.

Helpful resources

Did you enjoy this one?

I want to create a newsletter that you can’t wait to open every week.

Your feedback will help me do that.

Share Cyber Pro Club!

If you found this newsletter valuable, share this link to others: https://www.cyberproclub.com/subscribe

Thanks for reading.

Cal J Hudson

@caljhud