The Kitchen Sink Approach to Security Engineering Interview Prep
If you came across this post in search of guidance, I empathize with you. I have found security engineering interviews to be treacherous terrain. And if you are to navigate your way to a job offer, you need a good map. Unfortunately, nobody has made one yet.
I don't mean to dismiss past contributions made. If you look hard enough, you can find hard-won insights and lessons learned from your peers who have also been through the interviewing gauntlet. I am baffled, however, that a rant and a sprawling list of security concepts are passed around as the most authoritative resources for interview prep. They are models for what I am calling the Kitchen Sink Approach. According to this strategy, the only way to prepare for interviews is to learn everything and anything remotely relevant to security engineering. This may work for some, but for me it was a fast path to burnout.
The gift and the curse of security engineering is that there is always something to learn. Time and again we are told our curiosity is esteemed and that it is better to declare your ignorance than inflate your expertise. Yet, as anyone who has bombed an interview knows, there is little tolerance for gaps in our knowledge. What is a security engineer to do?
There is little consensus on what we should know. As a result, most advice given by advice givers is too vague. Hence, the Kitchen Sink Approach, which doesn't tell you how to prepare for interviews so much as it encourages you to be anxious about not doing enough.
The busy security engineer does not have time to study everything. They must prioritize. Given that ambiguity is at a max, how does one tackle their study resources in the right order? How does one manage the flow of content they could be consuming? In short, how can you plan your study in such a way that you can be confident you are doing everything that could be reasonably expected of you?
I wish I could tell you I had the answer to these questions. But I don't. Not yet, anyway. It is my hope in the coming weeks and months to use this space to work out where a busy security engineer should invest their time. So stay tuned!