 A lot of times people ask, what does it take to become a hired in information security? There are a few things that, you know, possibly you don't want to do when looking for a career in information security. People aren't necessarily looking for the best skill set. They are really looking for someone who really fits in with their team. So bear that in mind. One of my favourite things about a CV is I start at the back and go through people's favourite interests and hobbies because that's normally quite telling and a lot of people put down reading or reading, you know. So tell me, what's a good book you've read lately? Any book? Also try to check your CV for punctuation, grammar, vocabulary, that sort of thing that, you know, if you are a good reader or regular reader you might pick up on some of these things. Certificates are great things but if you're going about listing them all, well yeah, I've done a CISSP, a CISA, a CISM, I've done an MBA from a top ten business school, I've done a MSc from Royal Holloway and all that tells me is you once worked for an organisation that had a training budget. Photos and CVs? Now it's extremely likely, no matter what the ethics are behind it or the legality that a future employer would want to Google you, so they might look at you, try and find you on Facebook, try and see what sort of things you're saying on Twitter. So just be conscious of that and if there is something untoward on it, just make sure you have a really good excuse. No, that's not me, that's my twin brother, yes. He looks just like me but he's just nothing like me at all, I mean I'm not nothing like, no, no, no, that's not me. Hmm, late for an interview, have a really good excuse for that. A guy died on the tube and I had to bring him back to life, I do that. If you're doing a telephone interview, not to do it in a noisy place. You're talking for 20 minutes and there's no response from the other end, chances are no one's paying attention. I was issuing these tokens and then there's cryptography going on. People are really looking for people who they like to work with. So an employer might look at you and say, is this the sort of person I could be stranded in an airport with overnight? I'm actually warmer than a blanket, I can give you a big hug and yeah, it's more comfortable than a blanket. Sometimes in a security job interview you might be asked a question such as, what's your past? Apples with a cap to lay. Sometimes I mix it up, it's A, P, P and then the L is a one and that really confuses people, I think that makes it really strong. If you can't stand the social engineering pressure of divulging your password for a security interview, then maybe information security isn't the career for you. You might get asked a question such as, have you ever engaged in any illegal hacking activity? Well, I mean, define hacking, it's a loose term. I mean, who hasn't doubled in a bit of like, you know, war game type activity every now and then? The answer is no. It was for an orphanage. This orphanage needed this money and this big company they had like just lying around on their PayPal account and I just helped them out. It wasn't an illegal hack. I mean, yeah, let's not get into semantics here, but yeah, OK, it was slightly grey, but I wouldn't say I was ever a black hat. No. There is no, no, no. And at the end, when you're asked, do you have any questions, try to actually have a genuine question prepared. How many days holiday do I get? Oh, that is not a question. Don't lie about your experience. People can check it up. Don't slag off your previous employer. That's my old job because my boss there, you honestly, he was just a big fat useless piece. Finally, and most importantly, if you get a rejection, don't argue. I mean, I want to go and be successful elsewhere. You're going to end up with bad security. That's going to be in your head. You hear me? That's going to be in your head. I don't care.