The interview process spanned three stages but ultimately didn't result in an offer. It began with a 30-minute phone screening by HR, focusing on my background and resume, which was a positive experience. The HR recruiter then arranged a follow-up interview with the hiring manager for the end of the next week.
The second interview, conducted via Microsoft Teams with the hiring manager, primarily involved technical, AI and general AppSec technology questions, with a noticeable absence of behavioral STAR (Situation, Task, Action, Result) questions. The interview was abruptly ended at the 30 minute mark, limiting my opportunity to delve deeper into my experience or the role. Despite this, I was invited for a third interview to engage with team members, which took place two weeks later.
This third interview, also on Microsoft Teams, consisted of technical discussions on AppSec and cybersecurity with two senior team members. It was brief, lasting 15-20 minutes, with about half of that time spent on my inquiries about the position and the company, again devoid of any STAR questions.
Two weeks after the third interview, I was informed by the HR recruiter that my application wouldn't be progressing. The reason cited was a concern about my ability to communicate with executives in non-technical terms—a skill I was never queried on nor had the chance to demonstrate during the 100% technical-focused interviews.
Had the discussions touched on my ability to communicate outside of IT, I would have highlighted my regular updates to my current CISO, CTO, CEO, and other executives about our security posture and vulnerability management efforts. I could have also discussed my almost daily interactions with our security champions outside IT and my contributions to our company's monthly cybersecurity newsletter.
For future candidates, I recommend proactively discussing your experience in communicating with senior management and executives, even if not directly prompted, to highlight your ability to translate technical information for a non-technical audience.
