Home

Search
Close this search box.
EPISODE 66
 
How to Be Irresistible to Hiring Managers
 

HOW TO BE IRRESISTIBLE TO HIRING MANAGERS

About this episode

In this episode, we are focused on how to make yourself into an irresistible candidate for hiring managers. Today, Naomi Buckwalter, another hiring manager, joins Kip and Jason.

What do hiring managers really look for candidates? What makes them irresistible to hire? All the hiring managers in this episode are saying that soft skills, aptitude, and integrity matter. Hence, to be irresistible, you should be the person you have written on your resume.

Experience is also important. If you want to be a penetration tester, then you need to collect some experience (either paid or unpaid) in this field so that a hiring manager will take a chance on bringing you onto their team. From day one, you need to bring value to the company through your existing knowledge and experience, which is why hiring managers primarily value your past experience.

What you’ll learn

  • What qualities hiring managers are looking for
  • What soft skills are
  • How important integrity is in the hiring process

Relevant websites for this episode

Other Relevant Episodes

Episode Transcript

Kip Boyle:
Hey, welcome to Your Cyber Path. I’m Kip Boyle, I’m here with Jason Dion, co-host. Hey, Jason, how’s it going?

Jason Dion:
Hey, Kip. How’s it going, man?

Kip Boyle:
I’m freezing my butt off. I’m in Seattle, okay? And we have this unbelievable fog that’s going on right now. And it’s really cold, it’s like 33 degrees out. So I call this freezing fog. It is the weirdest thing ever, because it’s like walking around with ice crystals just ready to jump onto your skin at any moment and at all times. I want to come back to Puerto Rico. Can I come back?

Jason Dion:
I don’t know, man, it’s getting pretty cold here. I think it was 76 yesterday, so-

Kip Boyle:
Yikes.

Jason Dion:
Nearly had to pull out the jacket. So yeah, I’m definitely not going to go visit you in Seattle.

Kip Boyle:
Oh my gosh. I’m thinking about my recent visit there and I’m just trying to stay warm remembering just what it was like with the palm trees and the warm breeze and all that stuff. Anyway, I’m just super thinking about that right now, but [crosstalk].

Jason Dion:
That’s why you were asking when we’re doing the next course. Okay, I got it now.

Kip Boyle:
Yeah, that’s right. Okay, well I’m going to set that aside. I’m going to focus on the episode here. I have ways to stay warm. So we’re going to talk today with our guest Naomi Buckwalter, and she’s an experienced hiring manager, just like we are. And I am just excited to have her here today, because Jason and I talk a lot about how to make yourself an irresistible candidate, how to understand what it is that a hiring manager’s looking for so that you can take those qualities of yourself and your skills and really get them out there so the hiring manager can really see you as being irresistible. That’s what we want for you. That’s our vision.

And so Naomi’s here to talk about that today. And we all hire people, and it’s a highly regulated activity. There’s government rules and that sort of thing, and we want to be fair. But still we do things differently and we work in different contexts. So I think this is fantastic to bring Naomi here and to listen to how her context is a little different and how she focuses on hiring a little differently. But Naomi, welcome. Thank you for being here.

Naomi Buckwalter:
Guys, thank you so much. I am so excited to be here. I’m a huge fan.

Kip Boyle:
Oh, thanks a lot. Really appreciate that. It’s always good to have a fan. Now, listen, we’re going to have some creative tension here, so don’t let the fan part of this get in the way, okay? You need to speak your mind. I think you do that, right?

Naomi Buckwalter:
I am happy to be the bad guy. I love saying my mind. Actually, I just don’t know how to shut up. I’m from New Jersey, everyone, so that’s where I get most of it. But I love just saying what I feel is the truth, and when I ever see an injustice happen, I need to say something. I need to do something. And so this is to me a very pure form of injustice, why we don’t hire the next generation, and why we can, and what are the truths behind why we think we can’t. So yeah, I’m totally here. Let’s do it. Productive conflict, let’s go.

Kip Boyle:
Yes. Creative tension, right?

Naomi Buckwalter:
Creative tension. Yes.

Kip Boyle:
Creative tension. That’s what we’re going to do is creative tension today. All right, so the topic is how to be an irresistible candidate, and Naomi, one of the reasons why we invited you to be on the episode today is because you do a lot of truth telling, you do a lot of catching and calling. If anybody follows Naomi on LinkedIn, for example, she’s talking a lot about gatekeeping and the importance of realizing as a hiring manager when you’re doing gatekeeping, when the gatekeeping you’re doing is completely unnecessary and you’re actually shooting yourself in the foot by doing too much of the wrong kind of gatekeeping. But some gatekeeping I think is necessary, and so we want to talk, explore all of this today, but I want to start with soft skills. So Jason and I really try to emphasize the importance of soft skills. What do you think, Naomi, of how important is it that candidates and then people that you ultimately hire have soft skills versus hard skills? What does that look like for you?

Naomi Buckwalter:
Oh, man. This is such a great topic, but I do want to throw it back at you. How do you define soft skills? What is a soft skill?

Kip Boyle:
Ah, yeah, that’s great. Okay, so I’ve got something I can say on that, but I’ve been talking a lot. Jason, you want to hit the ball back?

Jason Dion:
Yeah, sure. Yeah, so when I think about soft skills, I think about those intangible things that are outside of the technical position. So if I’m hiring somebody to be a chief technology officer or a cybersecurity analyst, I know that they need to have those technical skills where they can read logs, analyze traffic, find the bad guy in the systems. But that’s not enough. The soft skills are things like how they interact in a team, how they work with other people, how they do proper time management, how are their communication skills; all of these things that really go across every job in the organization, not just a technical job. And that’s how I see soft skills. How about you, Kip?

Kip Boyle:
So soft skills to me, yes, are how do you interact with each other, and do you have emotional intelligence? Do you know yourself, do you know when you’re having a feeling and are you aware of that? How do you manage or emotions or do you just let it all blurt out whenever you want to? I think that’s a part of so-called soft skills. Emotional intelligence on the team, can you sense when somebody on your team is having a bad day and can you navigate around that, or do you just walk up to somebody and just blindly dump something on them without any regard to what they may be struggling with or that? So I would add those or other soft skills.

One more thing, and then I’ll let Naomi talk about it. But another really important soft skill for cybersecurity people in particular is we change the way people work all the time. So we’re saying to them, “Use a different password. Use a password manager. Here, use a two-factor authentication. Here’s how you can get your codes. Here’s the new app for you to download,” whatever it is, we change people’s work all the time. And I think a really important soft skill is recognizing that you can overwhelm people with too much change in too short of time. And so are you paying attention to that? Are you actually helping people as opposed to just throwing edicts over the wall? I’ve certainly seen a lot of that. And I think that’s an important part of soft skills for our profession. But Naomi?

Naomi Buckwalter:
Oh, you won’t hear me disagreeing at all, because I’m just nodding away like a bobble head. I completely agree. Soft skills is just another way of saying people skills, and at the core of people skills is understanding how to be human, empathizing with one another and understanding being in someone’s shoes and seeing what they need, what they want. And so if you think about security as an enabler of the business, a service for the business, we are absolutely here not to stop the business from doing something dangerous, but we’re here to enable the organization that we work for, the company we work for, to do their jobs more efficiently and in an as risk free manner as possible, because security is just risk management. So we are here to help the business, if you think about that.

So like you said, Kip, if we’re just throwing edicts over the wall… And yes, I’ve been in technology for over 20 years and I’ve seen this where the security person just walks in, struts down, throws their notebook on the table and it’s like, “Hey, we’re going to do it this way,” and then leaves. I think the popular way of saying this is like you’re a seagull, you drop the little droppings and then you fly away. So I’ve heard this. And security people, in the past I would say, it’s not as true I don’t think, but in the past in those larger organizations, security just had the run of the kingdom. They could just do anything they want. They just come in and say, “This is the right way, we’re going to do it our way, and our way or the highway.” And everyone says, “Okay, yes sir, yes ma’am, you are the security person.”

And then that’s not really working. Think about the number of breaches that we see. Think about all the breaches that aren’t published in the newspapers. I don’t even want to know how many actual breaches are happening. But think about like the things that we’re doing might not be working. So can we at least have a conversation about maybe why things aren’t happening? And I really do think it comes down to the soft skills. If we can empathize with the people that we work with, the service that we’re trying to enable, people are going to start understanding, “Hold on, stop for a second. They’re just ignoring everything we’re saying. They’re going to do whatever they need to anyway or whatever they want to anyway. And we need to be part of the conversation, and they don’t want to include us, why? Is it because we’re being mean, or is it because we don’t empathize? What’s going on here.” And so I think it really does come down to understanding people, understanding how to be human, people skills, soft skills. All of that is true, at least to me.

Kip Boyle:
Yeah. Yeah, absolutely. I think we’re all on the same sheet of paper at this particular moment. But we’ll see if that creative tension crawls into the episode. Okay, so given that soft skills are so important in all the dimensions that we talked about them, these people skills, so Naomi, how exactly are you searching for these skills in the candidates that you’re considering? What is that like for you when it’s time to hire somebody? And you know how important this is, how do you screen for that? How do you look for that?

Naomi Buckwalter:
Oh, man. I mean, really just comes down to having a great conversation with somebody and getting to know them as quickly as possible. I know it’s kind of hard to do this, but once you get in, you’ve done the screen already, hopefully the HR team has done that for you, you already have an idea of what their basic technical skills are and what kind of things they’ve done in the past. Now it’s time to get to who they are as a person. So you start with a pretty basic question, “Hi, it’s so great that you’re here. Thanks for applying. We’re really interested in your background. Can you please tell me why you’re here? Why are you interested in this job?” And I think that’s a very good opening question. It’s not a hard one.

And so people answer different things and then you dig into the why. So they answer, “Hey, I’d like this job because I’m interested in cloud security.” Okay, why? What about cloud security? And then they just tell you more and you keep asking why and what is this that drives you, and why do you like this thing, what is it at the core of their being? And again, trying to understand the person on a human level as people, and I think it brings out great conversations. And the more you get to know people, the more you realize, “Hey, this person could fit in really well with my team because I understand them as humans. Instead of seeing them as two dimensional pieces of paper on a resume, I see them as fully fleshed out 3D humans that I can actually talk to and have a conversation with.”

And I think that’s what a lot of hiring managers would love to see, they just don’t know how to do it, because guess what, Kip? We’re great at cybersecurity, but we’re not great at hiring. We’re not great at interviewing. We’re not great at reading resumes. Because we’re not trained to do that. So a huge part of it is being self-aware as hiring managers and be like, “Hey, wait, maybe I am terrible, and maybe I do suck at hiring. Let’s take a step back, take myself out of it.” Don’t even take it personally, but just go in there and try to learn more and have that growth mindset. I really wish more people would say that. What about you? What do you think?

Kip Boyle:
Well, so I think that it’s really important to screen for these, and you do have to interact with people in order to do that. So we’re at a bit of a disadvantage in most cases, because all we are getting is these two dimensional little pieces of paper. And often these days, it’s not even a piece of paper, it’s just a record on a screen. And so it could be very difficult to get any sense of what a person’s people skills are before they even show up. And that’s too bad. I think people screen for hard skills because, well, it’s easier, to be honest with you. And I think some hiring managers are just focused on, “Hey, I need to get a well qualified butt in this seat because I got work to get done. All that fluffy, hoo-hoo people skills stuff, whatever. That’s not going to get me promoted. That’s not going to check tasks off of my list.” And so they tend to really lean over it in that direction. But Jason, what are you doing to screen for people skills?

Jason Dion:
Yeah, so I think it’s twofold. I think one thing we need to realize, and we’ve talked about this before in other episodes, Kip, but just for those who are joining us new; it’s important to remember that hiring managers aren’t a person who does this day in and day out, 800 times a day, that’s all they do. Generally they have a real job. So they are the chief technology officer, they’re the SOC director, they’re the SOC manager, whatever it is. And now they have to hire for a position, and they’re being thrown into this hiring manager role on a temporary basis to hire for those new positions. If you’re in a really large company, you may have somebody who is a hiring manager and that’s all they do. But in most companies, that’s not the case. And so, as Naomi said, there’s a lot of people who just aren’t good at hiring. They’re not used to it. They don’t know exactly how to do that.

I think when it comes to finding soft skills, there’s a couple of things you can do. There are some assessments out there so you can find out, are they going to be a good cultural fit for your organization? For instance, the DISC assessment is one that a lot of organizations will use. They’ll have you take a DISC assessment and find out, are you a D, I, S, or C? And then based on that, they can find, are you going to be a good fit in that particular team? I personally don’t use that as much, but I have been at companies that have. The other thing that we personally do is, like Naomi said, we sit down and we talk with people. And when we get down from the large stack of resumes down to those we’re going to interview, then out of those people we’re going to interview, we’ll usually go through two or three or four interviews with them.

And we do interviews not just with the candidate, but we’ll also do interviews with the candidate and their spouse if they’re married to figure out a little bit more about that person. And again, we’re a small company, so we can do a lot of things that necessarily large companies might not do, but it gives us an opportunity to see that person. And what I’ve noticed is that when you have their spouse in the call, or in the old days we’d take them to lunch, COVID makes that a little more difficult, nowadays we do a lot more Zoom meetings; but even just having their spouse sitting next to them, when you’re talking to them, they let their guard down a little bit and they’re going to release a little bit more of what they really are like under the surface and what you’re going to be dealing with on a daily basis as opposed to that perfect pristine person they tend to project in that first initial interview when you meet them. So those are some of the things we’ve done.

Kip Boyle:
Yeah. So I can’t tell you, it’s happened several times, it’s shocking to me that the person who went through the interview process with me was not the person who showed up for work.

Jason Dion:
And the other thing I find with spouses is sometimes if you find that they’re married to a crazy spouse, that could be a bad indication for them working at your company because crazy attracts crazy. And even if they’re not crazy, just having that extra craziness in their life can really distract them from the work that needs to get done. And so I’ve actually seen where the spouse can actually be a hindrance or a help to that person getting the job.

Kip Boyle:
Right, right. And now we’re really getting down to the fact that we’re seeing people as fully fleshed, three dimensional people, not just who shows up at work, but who’s supporting them at home. And so if we can get those kinds of insights, I think that’s really good. And by the way everybody, this isn’t just Jason and Naomi and Kip saying soft skills are so important. We obviously believe that, but there’s data that says soft skills are really important, right, Naomi? I think you were talking about that, weren’t you? When we were doing show prep.

Naomi Buckwalter:
Yeah. That’s right. A recent ISACA survey shows that soft skills is actually the number one attribute not only lacking in the candidates for cybersecurity, but what hiring managers are looking for. The number one skill, soft skills. I think this is 2020, the ISACA survey. Or 2021, sorry. What year is this? Year three of the pandemic. And this is pretty recent, so 2021. So Google ISACA, I-S-A-C-A, what is that? Stanford Information Security… I don’t know, association or something.

Kip Boyle:
Well, it used to stand for something, but these days they just go by the acronym.

Naomi Buckwalter:
The acronym. Yeah. Well, they do the CISM, the CISA, those kind of certifications.

Kip Boyle:
Yeah. They’re very reputable, been around for a while.

Naomi Buckwalter:
And they’re very good. Very reputable. Yeah. Probably better than ISC2 at this point.

Kip Boyle:
There’s the creative tension.

Naomi Buckwalter:
That goes my CSSP. So yeah, I mean, they did a survey and it’s very thorough. They ask a lot of great questions, what’s the number one skill missing, and it really is soft skills. And I wasn’t surprised, but I was just happy to see the data because I know it intrinsically, but just to see the data, I know that’s going to win over a lot of people who are like, “Oh no, our soft skills are great.” What’s that principle? The thing where you don’t know… Dunning-Kruger. The one that says you don’t actually have the skill to recognize that you don’t have the skill that you need, or something like that. You need soft skills to recognize that you need soft skills. What is it?

Kip Boyle:
Yeah. Well, okay. And so how do you know if you’re dealing with that? Well, here’s a simple test. If you think everybody else is the jerk, huh.

Naomi Buckwalter:
Or that, yeah.

Jason Dion:
Conflicting.

Naomi Buckwalter:
And the same thing for candidates. I get this a lot. You’re like, “Oh, I applied to 100 positions, no one wants to give me an interview.” Like, so what’s the common denominator here? Lets think.

Kip Boyle:
Yeah, yeah.

Jason Dion:
Generally what I find is it’s not that they won’t give you the interview, it’s that you never get called in for a second interview. Because if you’re not getting called in for an interview, it means your resume’s not working. But if you’re getting the interviews and they never call you back again for a second interview or a negotiation, you’re saying something in there that’s just making the hair on the back of their neck stand up and go, “I don’t want to work with this person.”

Kip Boyle:
Yeah, yeah. What you’re saying isn’t penciling or how you’re saying it isn’t penciling. Could be your body language isn’t penciling. This is a big part of fit. So people talk about do you fit here, what does fit mean? And there’s fit in terms of soft skills. I mean, just that you get along, you think kind of the way that folks at this employer think, you understand their value system, it’s inside of you, and that you’re not going to have to fake it all the time every day you show up for work. I can’t imagine what a horrible, worst job, where you have got the hard skills, but you have to come in to work every day and fake that you’re a people person to get a paycheck. What an awful situation to find yourself in.

Naomi Buckwalter:
I mean, that’s just kind of society in general. You got to play nice in order to live in a society.

Kip Boyle:
Well, you do. I mean, there is a community, and I think you do have to fit into a community. But I would suggest that if you can be your authentic self in that community, that’s going to be the best thing for you. And if your authentic self just doesn’t line up with an employer that you thought you wanted to work at, it’s much easier and better, I think, to give up the idea that you’re going to work for them, than it is to conform somehow your personality to the way they do things. I mean, to me, it’s not sustainable. I just don’t see how a person can live a fake life like that for a long period of time. Eventually I think the cracks are going to show.

So here’s another question for you, Naomi. So we’re looking for soft skills, and that’s important, but we can’t forget and we have to acknowledge that technical skills are very important as well. Now, some people talk about a percentage, like when they’re evaluating candidates, they might say like, “Well, I think it’s 60% culture, 60% soft skills, and 40% tech skills.” I’ve heard a lot of people advocate that. What would you say? What’s your percentage?

Naomi Buckwalter:
The correct answer is always it depends. It just always depends. But when I hire for entry level people, for example, soft skills are overwhelmingly the majority in that little pie chart, I would say even 90%, because I don’t expect somebody to have technical skills. I want to hire someone with great potential and someone with great soft skills and people skills. I want them to have the ability to learn quickly and have critical thinking. These are things that I can’t teach. The technical skills I can teach, because there’s reams of resources, white papers, protocols, or just things that you can use out there that other people have created. So all you have to do is be like, “Here they are, go ahead and learn them,” or, “Here, I’m going to spend a few minutes to teach you. Here’s some resources to learn more.”

And don’t even be surprised, I’m not even surprised at this point. The people these days, they’re so technically savvy, we call them digital natives. They don’t need to struggle through learning how to type and learning how to open a web browser and going to a different web server or whatever it is. People these days, they intuitively know how to do that. They’re very digitally native. They grew up with this kind of technology. I’m talking about the next generation, really. But even people in the older generations like us, I know we’re kind of a little older, but even people who are career changer, mid careers, they’re also comfortable with technology. And that’s all I’m saying, you don’t need a foundation of like 10 years in IT help desk or databases or network. You can learn all that.

What you need is a very high level comfort of technology. And there are some people who just don’t like technology. Don’t get those people, they’re very scared of technology. I’m talking about the people who don’t mind being the IT help desk for their family. They do their patch updates for their computers and for their phones. They know how to do basic kind of security things. And those are the people that I really hire for those entry level. But then when we get to more of the senior level, I do get very, very crazy about the technical skills. You must know what you’re doing, I can’t hire you and train you. And there’s always a continuum. My team is made up of very strategic different level. So I have a handful of entry level people, a handful of mid-level people, and then like a couple of senior people who are now training those younger folks. So it is a balance. It’s always a balance.

Kip Boyle:
Okay, so it’s a sliding scale.

Naomi Buckwalter:
Yeah.

Kip Boyle:
And you’re emphasizing people skills more heavily in people who are earlier in their career, and then you’re adjusting that as they show more career progression and are being given positions of greater responsibility, is that a fair assessment?

Naomi Buckwalter:
Yeah. Yeah. But I will say, you don’t have the technical skills, you’re probably not going to be a senior level person anyway. So I do ask more questions about soft skills, even in the interview, because by the time they get to the hiring manager part, they already have proven that they have some technical skills. They’ve probably gone through a technical interview with a technical person. So I’m less worried about them having technical skills and more worried about them having soft skills at the end.

Kip Boyle:
Yeah. Jason, I think this is an incredible luxury in some ways, us in the private sector, where we can focus on soft skills. I have a background being in the military, so do you, and I got to tell you, I’ve had people assigned to my team who I would never have hired.

Jason Dion:
Yeah. I mean, that’s one of the biggest struggles, I think, especially in the world that I came from, working for the government in the defense sector, is that I didn’t get to hire my own team for the most part. Anybody who was wearing a military uniform, I got assigned them because somebody back in Millington, Tennessee decided that person was going to be sent to my area of the world. Now, I got to have some talks and hiring when I was hiring government civilians or working with the contract companies on who they were hiring. But for the military side, they just showed up in uniform and that’s who you got. And you had to work with what you got.

And some people were great with soft skills and horrible with technical skills, some had great technical skills, horrible with soft skills. And it was really a leadership challenge to work with those people and figure out who were going to be the people that have the soft skills to work with the customers, and who are the people that need to be locked in the basement, dealing with the servers, and not talking to another human being.

And I think a lot of people have this vision over the last 20, 30 years, if you think back in the 1980s and ’90s, the hackers and the system administrators were these nerdy folks sitting in the basement, nobody talked to them. And so everybody thought, “Eh, computers, nobody needs soft skills. It’s not important.” But as we’ve been discussing, it really is an important thing, because so much of what we do now is talking with customers. You’re not normally just dealing with a server or dealing with software, you’re dealing with people. And so those soft skills do become important.

Kip Boyle:
Yeah, absolutely. And so these days in your hiring, you get to put as much emphasis on that as you want, for Dion Training-

Jason Dion:
Definitely.

Kip Boyle:
For your organization. But I know you’ve got some people on your team who are in different parts of the world, so talk about the difficulty of screening for people skills, so you’ve got to do it all over Zoom these days. Is that working for you?

Jason Dion:
Yeah, I mean, right now our team is about 12 people. We just hired number 13, who starts next week. And so we are a relatively small team, but even with our small 12, 13 people, we cover 1, 2, 3, 4, 5, 6 countries with the 12 or 13 people we have. A lot of those people I’ve never gotten to meet in real life, except for over Zoom and over Google Meets and things like that, because I had planned a trip to go meet some of my folks, I have a large percentage of my folks in the Philippines, and COVID happened. So I had to cancel that trip. I have a large percent of my folks here in Puerto Rico, I’ve met with all of them personally, we’ve done interviews in person with those folks, because they are local and I can do that. And Puerto Rico’s not that big, I can drive across the island in two to three hours and meet with anybody here.

But yeah, it is one of those challenges. And I think soft skills are really hard to determine over a Zoom interview. It’s a lot easier to fake it. And you will start seeing over time how people become a different person. We had one person on our team who during the interview was very shy, very reserved, had really good technical skills. We knew that she was good from a customer service perspective over email and things like that. But she was very, very shy. After about three or four months of working with us, she kind of, I guess got comfortable, and realized, “Oh, I’m not getting fired or anything,” and kind of let herself out of her shell. And she’s like our company joker now. But it’s just different how people start acting over time. Like you said, you can fake it for so long, but you’re not going to be able fake it for three, four, five months. So over time you are going to see the real person come out.

Kip Boyle:
Yeah. So let’s talk a little bit more about the technical skills. I want to go back to something Naomi said. When you’re hiring for somebody more in the entry level, somebody more junior, you talk about how you really increase the amount of people skills that you’re screening for, because you expect that the technical skills can be learned. And you talked about digital natives and that sort of thing. But there’s some cybersecurity work that requires the ability to think abstractly for long periods of time, and to be able to visualize for yourself things that cannot be touched, like you got to be able to read data flow diagrams and that sort of thing.

And so to me, I think there’s also a dimension of aptitude. There’s this phrase, hire for attitude, train for skills; but I can tell you from firsthand experience, I’ve had some people with fantastic attitudes show up and they couldn’t actually acquire all the skills that I needed for them because they just didn’t have the full aptitude. And we didn’t find out until we started down the training path. But how do you see that, Naomi? What’s that like for you?

Naomi Buckwalter:
Well, in this case, asking those great questions, and I love this because what is it, the past is the best predictor of future success or something. So I do ask questions like, what have you learned recently? What do you do in your free time? What are those kind of things that you really wanted to learn, and how did you go about learning it? Most recently, when I hired a opera singer, I asked her, “What have you learned recently?” And she goes, “Well, I learned another language.” I was like, “What? That’s really awesome.” She learned German. So she speaks three different languages. Even singing opera, I think it’s very hard, but I don’t know anything about opera. So I’m like, “Okay, tell me about the language learning.” And so now she fluent in three languages because she’s put in the effort and she understood that it takes effort and a lot of resources to learn.

In terms of aptitude and critical thinking, that’s when you’re going to have to get a little creative. So we do take-home projects here. So in this case, we needed her to come in as an intern to help us with our IT incident response playbooks. So I said, “Hey, here’s a whitepaper from SANS, and then go ahead and read the whitepaper.” It’s maybe like 10 pages long. Then I ask questions about it. So I think one of the questions was like, what is the general theme of this paper? And again, she had no technical background, no idea of what cybersecurity was.

“Go ahead and read, what do you think this is saying? Can you summarize for me the three main points of what this paper is?” And then I asked her, “What do you think is the most important step in security incident response? What do you think that is, and explain why?” And it’s those things, you can just ask the right questions and then you’ll figure out if they have the mindset to analyze something. Or again, like you said, they have the aptitude to do something that you need them to do. And in my case, I needed someone who can read and digest information and put together some playbooks for us. And was her first internship project.

Kip Boyle:
Okay. Yeah. And that’s very process focused. It’s a very process focused piece of work. Okay, what about you, Jason? How do you screen for aptitude if you’re going to hire somebody and you want to train them?

Jason Dion:
Yeah, so I’m going to go back to my military career here for a second, because I think they do a really good job of this. The military is one of the places where you can come in with zero skill, zero knowledge, and they’re going to put you through school and teach you what you need to know. So for instance, when I joined the Navy way back in the day, I had to take a thing called the ASVAB, which is the Armed Services Vocational Aptitude Battery exam. And it has lots of questions on mechanics and math and physics and chemistry and English and all sorts of things across lots of different subjects.

And no one is expected to know all the information. What they’re trying to do is identify, how does your brain work? Are you more mechanically inclined or more electrically inclined or more logic inclined, because you want to be a programmer? Whatever those things are. And based on that, they then put you into a career field. So when I tested, they said, “Hey, you’d make a great a nuclear engineer.” And they made me a nuclear reactor operator. And I spent two years going through learning chemistry and physics and nuclear power and running large scale nuclear reactors for the Navy for several years. And when I came in there, I had no nuclear background. I didn’t know anything except for maybe E = MC2, talking about things like that. And so I think they do it really well where they’re able to identify that.

In our company, it’s a little bit harder because we’re smaller. We don’t have those type of tools. There are some good assessments out there that you can find and you can pay for, for your candidates, that you can go through and test their aptitude. One of the things that we currently do, I’m working with a company here in Puerto Rico, and they’re taking in people to work in a security operation center and they’re re-skilling and retooling these folks from other careers. And what we’ve done is we’ve created a large assessment of about 50 questions that each candidate takes. And based on their answers, we can identify where their current level of knowledge is and then where we want to build them out in a training plan to put them forward as we put them into one of those roles. So that helps identify where they are, but it’s not necessarily helping identify what they’re going to be able to do. So it’s kind of a current gut check of where they are.

Kip Boyle:
Yeah. I don’t see a lot of organizations in the private sector doing aptitude testing before they bring somebody in. I’ve seen it happen on an exception basis, on a few occasions. But I think as a rule, I don’t really see that very much. But if you are trying to get into cybersecurity and you don’t know if you have the aptitude, I would spend a little bit of time trying to figure that out. So for example, if you want a really technical cybersecurity role, I think a good proxy is there are some actual aptitude tests that you can get access on the internet that test your aptitude for software development, programming, that sort of thing. So if you want to get a heavy, technical cybersecurity job, you might try and take one of those assessments and just see what you think about that test.

I had somebody one time who said they wanted to get into cybersecurity and I said, “Well, you should take one of these tests just to see.” And so they went off and took the test. And then later on, I said, “Well, how’d that go?” And they said, “Oh, it was awful. I got to the second question and I realized that there was no way I was going to sit around and do this kind of work.” So it was a good reality check for them, because they could have spent a lot of time and money and investing in something and then suddenly found out way into this journey that this is an awful fit based on the fact that they didn’t want to think about algorithms or they didn’t want to solve logic puzzles and scripting and all that stuff, just they were completely uninterested. But they didn’t know that that was a big part of the job that they were contemplating. So anyway, there’s a tip I hope that helps.

So listen, as we’re coming down to the last few minutes in the episode here, I want to talk very quickly about interviewing, because again, what’s the topic here? We’re talking about how to become an irresistible candidate. And we’ve talked about how important interviewing is because it’s where the hiring manager is really starting to get down to, what kind of people skills do you have? Do you have the aptitude that I’m looking for? Or do you have the hard skills that I need, depending on where you’re at in your career progression? But Naomi, what would you say is a make or break moment in front of the hiring manager during the interviewing process?

Naomi Buckwalter:
Oh man. I could think of some. Just in particular, I mean, if you show any times where you don’t have any integrity, that’s definitely a break moment. I’ve definitely had people just admit straight up that they lied on a resume and stuff like that, it just all comes tumbling out, or they paid someone to do their take-home project. I’m just like, “What?” Integrity is definitely a break.

In terms of a make, I would say if you’re great at conversations and telling stories about yourself and explaining why you’re interested in a job, that to me is an absolute make moment. Because if any hiring manager is worth their salt, they understand that you’re not above anybody. You’re very much equals. As humans, you’re equals. And so you should very much think about a conversation as a two way conversation. Every interview is two ways. You are also trying to get them on your team to hire them. They’re going to say, “Why should I work for you? Why should I give my time, energy, and talent to you?” So you as a hiring manager should be putting on your best self and being able to be a great person, have a great conversation with somebody. And the other person should be doing the same thing. So you have an equal or respectful conversation, and that’s absolutely a make moment when I can see them just bringing their full self, being confident, asking me questions, and getting me to prove that I’m worth working for.

Kip Boyle:
Yeah. Yeah. Okay, Jason, make or break moments in interviews for you. What do those look like?

Jason Dion:
So for me, I would say the make moments are when I find somebody and I ask them a question and they’re able to not just answer the question, but make it so that it’s so relatable and so understandable to anyone. So a great example of this is I might ask you, “Hey, Kip, explain to me how when you go to bankofamerica.com, you create a secure session between you and that server to transfer information.” Now, if you go in there and you start telling me all about SSL and TLS 1.3 and how there’s a PKI handshake that occurs and how we create this tunnel, all the technical details; that’s great from a technical perspective, but it really doesn’t help me understand if you can communicate to a non-technical audience. And a lot of what we do in cyber is explaining things to non-technical audiences.

And so I would like to hear somebody kind of say, “Well, it’s kind of like this, and here’s an analogy of how it works.” And you can still cover the technical aspects, but you’re also making it very relatable. I find that to be really a make moment for us in most careers and most places I’ve been, because when you’re dealing with the end user, even if you’re doing customer support, you’re dealing with an end user who doesn’t know all that terminology and jargon. They want to understand what does it mean behind it.

A break, I definitely agree with Naomi. If you lie and I find out about it during the interview, that’s pretty quickly you’re not going to be a candidate for me. That’s pretty much the biggest break for me is, if I find out you lie, cheat, and steal, I just don’t have time for that. We’re too small. Or I get the feeling that you’re looking for a J-O-B and not a career, I want somebody who wants to be with me for a while, because hiring is time consuming. And so if I ask, “Why do you want this job?” And your answer is, “Because I like money and money can be exchanged for goods and services,” that’s a cute answer, but that’s not the guy I want working on my team.

Kip Boyle:
It’s not enough.

Jason Dion:
I want somebody who wants to be here, because we’re mission driven, we have a thing to do, and we want you to be on board doing that. How about you, Kip? What’s your make or break?

Kip Boyle:
Well, so first of all, I’ll agree on the break. This is a high integrity environment. It’s your reputation at risk here. And our community, although it’s growing, is actually still pretty small. I keep running into the same people over and over and over again. And if you’re interviewing for me, I can pretty quickly figure out who’s supervised you the past, and I go ask them about your integrity. So integrity is huge.

A big make for me, although I wouldn’t disagree with anything you guys said as a make moment, but one thing that people don’t really understand is that from my perspective as a hiring manager, why am I hiring you? Well, I’m hiring you in part because I need you to make my life easier. I’ve got all this work that needs to be done. I need reliable people that I can assign work to and to know that they’re going to get that work done with quality, on time, hit the deadlines. And it just seems to me like a lot of folks don’t really understand that that’s a huge part of why people hire other people.

And I don’t blame them necessarily for not understanding that, because if you’ve never been in a position to hire somebody, how can you know that? Deep down in your soul, how can you know that? But that’s kind of why Jason and I are doing our podcast is to share things that candidates probably can’t see, is to share those with you. Because when somebody in an interviewing process expresses any sense that one of the big things that they’re here to do is to make my job easier, boy, that’s a make moment for me.

Jason Dion:
Yeah. I think one of the other break moments for me is when a candidate comes off as what can you do for me? So you always get to that part of the interview and it’s like, “Hey Naomi, what are the questions you have for me?” And then the candidate’s going to say, “Oh, well I want to know about this in your company culture. I want to know about this or that.” If the candidate immediately starts asking about how much time off I’m going to get, when our pay raise is happening, what are the bonus structures like, all that kind of stuff, it starts going, “Well, you don’t really care about what we’re doing. You’re caring about what our company can do for you.” And those are all good things to ask, maybe in third or fourth interview as you’re going down negotiations. But if we’re in the first or second interview, it’s probably not a good time to bring all that stuff up.

Kip Boyle:
Yep. Cool. All right, so as we wrap up the episode, I just want to give folks one last opportunity to say anything that they wanted to share with the audience here, that they haven’t had a chance to share yet. And I’m going to start with our guest, Naomi. Naomi, was there any other really interesting thought or tip that you wanted to share as far as how people can be an irresistible candidate?

Naomi Buckwalter:
Oh gosh. Yeah. So for sure if you’re interested in cybersecurity, really try to figure out what exactly in cybersecurity you’re interested in. The field is so broad, there’s so many domains and sub domains. All you have to do is have conversations. So find somebody who might be doing that job, reach out to them. You might get a couple nos, but keep reaching out to people. I’m sure somebody’s going to want to talk about themselves. Say, “Hey, I want to talk about yourself, can you do that?” “Sure, I’ll talk about myself for 30 minutes.” And then ask them what they do, what they like about their job, what their day to day is like, how they actually got there. So have conversations and try to figure out if that’s something you want to do. Because I think definitely the number one issue that I see with people trying to get in is they don’t really know what they want to do. They just know it’s a great field, it’s growing, it’s good paying, and challenging and all that fun stuff.

Kip Boyle:
Pen testing. Pen testing. Pen testing.

Naomi Buckwalter:
Yeah, yeah. They just don’t understand that they’re is more to cybersecurity than just pen testing. And then having those conversations and really putting in the effort to figure out what you want to do in cybersecurity is going to help you hugely.

Kip Boyle:
I like that. I want to help people with that by giving you an opening line, because sometimes it’s like, well, how do I ask somebody for their time? How I exactly do that? What’s my opening line? So what I say is, I would say something like, “Naomi, hi, it’s good to meet you. I really want to know more about you and your work. Would it be okay if you tell me a little bit more about who you are and a little bit more about the work that you do?” I find that that’s a very successful way to say it. And to your point, Naomi, people really do enjoy having an open invitation to talk about themselves. They don’t get that very often. And it’s naturally the most interesting thing they can think of.

Naomi Buckwalter:
That’s so true. “Talk about yourself.” Okay. Yeah, instead of, I do get a lot of messages that are like, “Hey, can you help me with my resume?” Or, “Hey, can you just tell me about how to get this job?” I’m like, “I don’t think that’s a great approach, because you can find that out yourself. You can go out and get your own resources.” But to really understand the position and what it’s like to be in my position, I can gladly tell you what my job is like and what I do.

Kip Boyle:
Right. And what’s interesting, and then I want to give Jason his shot here, but what I think is going on when people say, “Can you help me with my resume?” Or whatever, and they ask you a very task-oriented thing, I think underneath that request is they want to connect. They really want to connect with you, but they just don’t know how to ask for a chance to connect. And so they put it in the form of a task. I honestly think that’s a lot of what’s going on there. Jason, any last words, how to become an irresistible candidate?

Jason Dion:
Yeah, I think it just comes down to you as the candidate need to think about what can I do to make the person on the other side of that table who’s doing the hiring decisions, make their life easy. They have a problem to solve. And you need to realize that if you’re going to be able to give them more value than you’re costing them, they’re going to want to hire you. Some things I’ve used in the past when I go to interviews is, what is the biggest challenge you’re having right now in the organization? And when they tell you, is that something I can help them with? If they go, “Hey, the biggest challenge we’re having right now is we don’t have enough Node.js programmers.” I’m like, “Well, I’m not a Node.js programmer. I’m not going to be your guy for you. I program in Python instead,” or whatever it is. And so I think that helps you figure out, are you a good fit there? And are you going to be able to add value? Because if you can’t add value, you really don’t want to have that job either.

Kip Boyle:
Right, exactly. Okay, cool. I have nothing to add, because I think you two have said some great tips for being an irresistible candidate. I think this whole episode is really brimming with ideas for how to be irresistible in the eyes of a hiring manager. So I’m just going to close it there, but Jason, you want to wrap us up?

Jason Dion:
Yeah, I want to thank everybody again for listening to another episode of the Your Cyber Path podcast. As always, we’d really love it if you could take the time to leave us review on iTunes or your favorite podcast player. Those reviews help the show get seen by more people and spread this word to others so we can help more people. Thanks, and we’ll see you next time.

Kip Boyle:
See you next time.

Headshot of Kip BoyleYOUR HOST:

   Kip Boyle
    Cyber Risk Opportunities

Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!

Headshot of Jason DionYOUR CO-HOST:

   Jason Dion
    Dion Training Solutions

Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.

Wait,

before you go…

Don’t forget to sign up for our weekly Mentor Notes so you can break into the cybersecurity industry faster!