Cybersecurity engineer

Cybersecurity engineer interview questions and answers

July 17, 2019 by Graeme Messina

Sitting down in a room full of strangers under stressful conditions isn’t anyone’s idea of a good time. Very few people enjoy job interviews because of the pressure and formal atmosphere that they often generate. But as a cybersecurity engineer, you will be expected to deal with high-pressure situations while remaining calm and knowledgeable, so interviews are an excellent method of assessing potential candidates.

You don’t have to stress yourself out, though, as there are many different techniques that you can use to overcome your interview jitters. The main method of strengthening your interview technique is to practice some interview questions. 

Our list of sample questions below applies to your role as a cybersecurity engineer while also addressing the wider topic of cybersecurity as a whole. There are far too many example questions for us to create a fully comprehensive assessment for you to practice with, but the following ten questions should help to prepare you for the interview.

1. What is a man-in-the-middle attack?

A MITM attack is carried out when a third party secretly intercepts or redirects communications between the two parties that are communicating with one another. The attacker can inject their own data packets into the conversation, or they can listen in and steal data without the two parties realizing that a breach in security has occurred. This occurs most commonly on wireless networks where an attacker is able to impersonate either one or both of the endpoints of the connection.

Insight into the question: Common cyberattacks are good to know, and a man-in-the-middle attack is important to understand. If you are asked about the attack, then you should be able to explain it properly.

2. What are encoding, encryption and hashing?

Encoding ensures that data is formatted correctly so that it can be interpreted properly by applications and recipients. Think of it as data being transformed into a scheme that is easily read so that communications are possible.

Encryption makes data unreadable to anybody else except for the parties that have the secret key used to decrypt the data. This makes it secret and secure and is used for securing data over private connections.

Hashing is a method that ensures that data integrity is maintained. A data hash is a string of data that is generated against the information that is being preserved. By generating a hash and comparing it to the original after transmission, you can verify that the data has not changed if the hashes match. If they don’t match, then the information is no longer in its original state and should not be trusted.

Insight into the question: Knowing when to use the right terminology is important in any scientific field, and cybersecurity is no exception. If you hear someone mixing the terminology up, then that is a red flag. It shows that they might not understand what they are talking about, which is a bad sign in an interview.

3. What is ARP and when would you use it?

Address Resolution Protocol is used when incoming packets of data that are destined for a specific host get to the router or gateway of a network. The gateway translates the MAC address associated with the IP address that it is looking for and then configures the packet to the correct length so that the data transmission can occur. It then allows the communications to start.

Insight into the question: Understanding how network communications work is a prerequisite if you are going to be working as a cybersecurity engineer. You need to understand how a network operates under normal conditions if you are to detect any changes when a system is under attack or detect whether it has already been compromised.

4. How do you deal with high-pressure environments?

Speak about your past experiences. Perhaps you were in a situation where you had to deal with critical systems being attacked, or demanding managers needed answers for the executives while you were still troubleshooting an issue. Think about all the things that would make you a great fit for a high-pressure working environment where you need to act quickly. If you are new to the working world, then explain how you think you would fit in and draw from your past experiences.

Insight into the question: This is one of the most critical questions that you could be asked because it not only shows how well you would do in the position that you are interviewing for, but also how well you are suited for such a role in general. Dealing with pressure is a big part of what some of these roles demand, so be sure to tell your interviewers that you have the right stuff. That will go a long way towards showing your suitability for the role. 

5. What is a three-way handshake?

The basic three-way handshake is used by the Transmission Control Protocol (TCP) when it needs to set up a TCP/IP connection. This is necessary when the connection is made over an IP-based network. 

Other terminology associated with a three-way handshake includes SYN, SYN-ACK, and ACK. The reason for this is that there are three messages being transmitted by the TCP to negotiate and start a TCP session between two hosts or computers.

Insight into the question: This is a basic theory question that shows your understanding of how a TCP connection is established over an IP network. This connection method is the most common that you will find over the internet and most modern networks, so showing that you understand how it works is important.

6. What is cross-site scripting?

Cross-site scripting (or XSS) is a client-side code injection attack. An attacker will execute malicious scripts that perform negative actions in a website or web application that is not expecting that kind of input. This allows the attacker to perform a number of actions that they would otherwise not be authorized or able to execute.

Cross-site scripting is one of the most common exploits carried out on the internet through web applications at present, mainly because vulnerabilities are inadvertently written into the code of these resources. This happens due to a lack of security considerations during the development cycle, and these vulnerabilities have a serious negative effect on business if they are not mitigated. 

The best way to combat an XSS vulnerability is with data validation, both on the client and on the server side.

Insight into the question: You want to show that you understand how common this attack is and how serious it potentially is for an unprotected web application on the internet. The key message is that a web application inadvertently uses unvalidated, unauthorized or unencrypted input as code, causing negative outcomes for the user and for the business that is hosting the web application.

7. What techniques can be used to prevent a brute-force login attack?

This is quite a simple answer. In order to avoid a brute-force attack, you need to ensure that password best practices are in place and strictly adhered to. The easiest way to do this is through policy enforcement on a system level, meaning that even if a user wants to circumvent these measures and use a weak password, then they will not be allowed to.

Insight into the question: Brute-force attacks are less common in environments where proper password policies are enforced, so you need to show the interviewer that you understand this and that you recommend always following best practices when it comes to information security.

8. You find a USB flash drive in the parking lot with a “2019 salaries” label on it. What do you do with it?

If you said “Take it back to HR,” then the interview will probably be over for you. Cybercriminals know that people are curious when it comes to salaries, so what better way to ensure that their malware makes its way onto your network that to leave a tantalizing object that could potentially be plugged into a computer in the building? 

The correct answer is to report it to the information security department and to never plug it into a computer. Destroying the USB drive is also not the proper approach, because a proper and thorough investigation by trained forensics specialists could help determine who the attacker is, which can then be relayed to the proper authorities.

Insight into the question: An interviewer could be curious about how well you understand social engineering and user training. According to some studies, it’s actually quite likely that such discovered devices are inserted into company computers after being discovered. It is therefore a good idea that you show that you understand how real the risk is and how important user training as a solution could be.

9. How would you prevent this kind of attack from being successfully carried out?

Preventing attacks requires ongoing user security training. This training shows how susceptible your users are to such attacks. 

Another option is having standalone computers segmented off the network and designated as scanning computers for suspect media to be inserted into. However, that is still not recommended for media that comes from an unrecognized or unknown source. Scanning stations are generally there for BYOD electronics like USB flash drives and portable hard drives, in order to ensure that you don’t infect your own computer if you HAVE to plug it in at work. (With permission, of course.)

Insight into the question: Again, user training and awareness should be a big part of any organization’s cybersecurity strategy, so showing your understanding is a good way of demonstrating that you are aware of the challenges that organizations currently face.

10. Have you ever experienced a serious breach?

This is a question that only you can answer effectively. You can explain all of the scenarios that you have been involved in, which is a great way of demonstrating your capabilities and your understanding of how to act during a breach. How you choose to deal with specific threats could also be of interest to the interviewers, especially if some of the experiences that you share with them relate to their own environments and systems.

Insight into the question: If you feel that sharing your experiences makes you sound like you were unable to protect your environment adequately, then don’t fret. You can explain why you fell victim to a certain attack, and you can also elaborate on how you fixed the issues afterwards. If you decide not to share and tell the interviewers that you have never had a system breach while working, it could mean that you are either not being honest with them or that you don’t have enough experience.

This doesn’t mean that you need to lie or make up stories about system breaches if you really have never experienced one, be aware that the interviewers might prefer candidates that have actively worked with security breaches if the role requires it.


Going for a job interview is a rollercoaster ride of emotions, from excitement to nervousness. Often the preparation for an interview will make you doubt your skills and experience, but this is totally normal. Many people suffer from interview nerves.

The key takeaway from any interview process is that you are either the right person for the job, or you are not. Always remember that if the job that you really have your heart set on doesn’t work out for you, then there are always other opportunities out there that you’ll eventually find. Cybersecurity is such an in-demand skill that you are likely going to find interviews for open positions quite often in the coming years.

With a little practice, you will be an interview expert in no time. Just be sure to regularly go over as many interview questions as you can and don’t only focus on the technical aspects of the job. Many times, a curveball is just a simple question such as “What are your expectations for this role?” or “Where do you see yourself in five years?” 

Soft skills are a definite advantage too, especially if you have a user- or manager-facing role that requires face-to-face communication. 

Lastly, make sure that you have some questions of your own ready for the end of the interview. It isn’t a great sign to an interviewer if you don’t know what to ask when given the chance to ask your own questions. And there’s nothing worse than leaving an interview and then suddenly realizing that you didn’t ask any of the questions that you really would have liked to know the answers to. 

Good luck and happy practicing!


Posted: July 17, 2019
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.