Author: Chris Gebhardt
Depending on who you talk to, the candidate process for a new position will have you fighting against a myriad of other people. To stand out, you detail your resume with extensive experience and knowledge. But there is a catch! If you put something on your resume, be prepared to answer questions about that.
A recent candidate I interviewed had a basic resume. She was a mid-level help desk technician interviewing for a similar position. The skills identified included actively studying for a security certification. Even though she didn’t have the certification, she was demonstrating an area of interest. For entry to mid-level technicians, I look for their career direction. She stated it right on her resume which I thought was great.
During her in-person interview, we dove into specific technologies she used at previous positions. Standard interview questions. How do you handle password resets in ActiveDirectory? What is your troubleshooting methodology to resolve issues? Then it took a turn for bad.
I asked about her desire to get a security certification to which she said she liked security and thought the certification would help her chances in the future. She voiced she was actively studying for the exam. My next question was simply, “What is an example of a hash?” Her face was blank. She said she couldn’t think because she was nervous. Understandable I thought so I gave her multiple choice. “MD5, AES, DES, or TACACS.” Anyone who has been actively studying for an information security certification should know this. She couldn’t come up with the answer.
The moral of the story is simple: if you put a skill or knowledge on your resume, be prepared to answer questions about that skill or knowledge. Programmers/Developers see this frequently. If you say you are fluent in C#, you may be asked to develop a function on the spot. If you list Linux experience, you better know the various flavors (CentOS, Ubuntu, etc.). Information security and help desk operations are no different.
As a side note, those who have a security certification or knowledge will appreciate how easy I made the answer. MD5 is a hash function. AES and DES are encryptions while TACACS is an authentication protocol. No trick answers. We used the opportunity during the interview to share some test studying ideas for her future success. For this question in particular, even if you didn’t know MD5 was a hash yet you knew the other 75% of the answers, you could have ruled them out.
Don’t embellish your resume with half truths or creative points. It will certainly backfire on you. This rule applies to everything on your resume from schooling to experience. The embellishments may get you the interview, but you risk the chance of failing. Even if you were to get the position, how long would you last until your embellishment is discovered?