How to source and shortlist {role_name}

Where can you find qualified {role_name}?

  • Professional networks
    • Leverage your professional network and reach out to former colleagues, industry peers, and tech community members to ask for referrals.
  • Educational institutions
    • Partner with universities offering cybersecurity programs.
    • Engage with bootcamps like Flatiron School or General Assembly that train cybersecurity professionals.
  • Your company career page : Use company career pages. Make sure your company’s career page is up-to-date and highlights the specific technical skills required for the role.
  • Role-Specific Job Boards:
    • AngelList: For startups and tech-savvy candidates.
  • Geography-Specific Job Boards:
    • US: Indeed, Glassdoor, Simplyhired
    • India: Naukri, Shine, Monster India
    • UAE & KSA: Whitecarrot.io, Bayt, GulfTalent, Naukrigulf
    • Remote Positions: We Work Remotely, Remote.co, Working Nomads

What are the best practices for headhunting {role_name}?

  • Utilize Professional Networks: Reach out to potential candidates through LinkedIn and other professional networks.
  • Leverage Referrals: Ask for referrals from current employees and industry contacts.
  • Participate in Industry Events: Attend cybersecurity conferences and meetups to connect with potential candidates.
  • Engage with Online Communities: Join forums and communities like Reddit’s r/netsec or cybersecurity Discord servers to find active professionals.
  • Highlight Growth Opportunities: Emphasize career advancement and professional development opportunities in your communications.

How to shortlist candidates?

Once you have started to get applications from applicants, a thorough screening process and shortlisting of prospects will help you make the most of your time spent with the most qualified ones. 

Automated shortlisting tools :

Automated screening quickly filters out unqualified candidates, saving time for manual review. This allows the manual process to focus on the most promising candidates, ensuring the best ones are considered for further evaluation.

Screening questions to auto-shortlist based on predefined criteria

like qualifications, location, experience, and skills. Either use job board or use an ATS such as whitecarrot. Here are some questions for {role_name}

  • Question: How many years of experience do you have with network security?
    • Auto-Reject: Less than 1 year
  • Question: How many years of experience do you have in a cybersecurity role?
    • Auto-Reject: Less than 1 year
  • Question: Are you located within [specified location] or willing to work remotely?
    • Auto-reject if not willing to work remotely or relocate if required
  • How proficient are you in using security tools such as firewalls and SIEM?
    • Auto-Reject if Not proficient

Skill based question to auto shortlist candidate

Analyze the skill test data to automatically shortlist top-performing applicants. (recommended screening test time - 15 minutes). Here are some skill test questions for {role_name}

Security Tools and Technologies

Familiarity with various security tools and technologies. Some sample questions:

  • Which tool is commonly used for vulnerability scanning
  • Options: some text
    • Nmap, 
    • Nessus, 
    • Wireshark, 
    • Burp Suite
  • What is the function of a SIEM system
  • Options: some text
    • Collect logs, 
    • Monitor network, 
    • Analyze data, 
    • All of the above
  • How do you use Wireshark in network security?
  • Options: some text
    • Capture network traffic, 
    • Analyze packets, 
    • Detect anomalies, 
    • All of the above

Cybersecurity Fundamentals

Understanding basic cybersecurity principles and best practices. Some sample questions:

  • What is the CIA triad in cybersecurity?
  • Options: some text
    • Confidentiality, 
    • Integrity, 
    • Availability, 
    • All of the above
  • Describe the process of penetration testing.
  • Options: some text
    • Planning, 
    • Scanning, 
    • Exploitation, 
    • Reporting, 
    • All of the above
  • What is phishing and how can it be prevented?
  • Options: some text
    • Email filtering, 
    • User education, 
    • Anti-phishing tools, 
    • All of the above

Network Security

Knowledge and expertise in protecting network infrastructures

  • What is the primary purpose of a firewall?
  • Options: some text
    • To monitor network traffic, 
    • To block unauthorized access, 
    • To encrypt data, 
    • All of the above
  • How would you mitigate a DDoS attack?
  • Options: some text
    • Use a WAF, 
    • Increase bandwidth, 
    • Implement rate limiting, 
    • All of the above
  • What tool would you use for network intrusion detection?
  • Options: some text
    • Snort, 
    • Wireshark, 
    • Nessus, 
    • Metasploit

Note - Auto reject candidates if scores less than 70% in this section

One way video interview

Recruitment Bullet

Use tools like hirevue, whitecarrot.io to ask candidates pre-recorded questions about their experience and skills.

Recruitment Bullet

Use sample question given in scorecard.

Collect other information 

Recruitment Bullet

Collect data from shortlisted candidates, such as salary expectations and visa status.

Manual candidate profile shortlisting:

Recruitment Bullet

Thoroughly review the CVs of the top scoring candidates from the automated process

Recruitment Bullet

Look for evidence of the required skills, experience, and achievements

Recruitment Bullet

Review the candidate’s portfolio or GitHub repositories to see examples of their work.

Schedule recruiter calls with the candidate

Recruitment Bullet

Use a tool like calendly or whitecarrot to allow candidates to self-schedule calls based on your availability

Recruitment Bullet

Confirm the call details (date, time, dial-in info) with the candidate via email

What questions to ask in the recruiter phone screen?

Recruitment Bullet

 Use scorecard for rating candidates for recruiter

Recruitment Bullet

Sample scorecard : 

Criteria Sample Question Rating (1-5) Comments
Experience How many years of experience do you have in network security?
Technical Skills What tool would you use for network intrusion detection?
Problem-Solving Skills How would you mitigate a DDoS attack?
Communication Skills Describe a time when you had to explain a complex security issue to a non-technical stakeholder.
Cultural Fit Why do you want to work for our company?
Recruitment Bullet

Check for consistency in responses from the candidates.

Recruitment Bullet

Record such scorecards in an ATS like whitecarrot or use google doc