PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Tech Writer Interview – Phase 2

Congratulations on making it to Phase 2 of PEN Consultants’ Technical Writer interview process!

Phase 2 Overview

This next phase allows you to tell us what you know about the information and cybersecurity industry.


  • Don’t overthink this! We’re just looking to make sure you understand some general security topics. Each question should only take you a couple of minutes – a couple of sentences (max).
  • When you are finished, please respond to our original email with a PDF of your responses and a copy of your resume.
  • Honesty and transparency are always best. If you get into this and realize it’s not the type of work you were hoping for, it isn’t in line with your career goals, etc., feel free to respond with a “Thanks for the opportunity, however, I don’t believe I’m interested at this time” email.


  1. Tools
    1. What are some common sys|net admin tools you are familiar with?
    2. What are some “hacker” tools you are familiar with? (“hacker tools” == tools that are commonly used by attackers, whether intended by the creator or not.)
  2. Networking
    1. How well do you understand networking and protocols?
    2. How are IP and TCP different?
    3. What service usually runs on ports: 22, 25, 53, 80, 443?
    4. Do you know CIDR addressing? How many IPs are in a /24?
    5. What are the three most common private, non-routable, IP ranges?
    6. What is the difference between a filtered and blocked port?
  3. Web
    1. What is OWASP? Name some of the top-10 weaknesses listed (any year)?
    2. What is: (1) XSS, (2), SQLi, (3) clickjacking, (4) CSRF?
    3. Is WordPress a good framework for a client’s basic, customer-facing website? Why or why not?
  4. Operating Systems (OSs)
    1. What OSs are you familiar with? Favorite/most used?
    2. Windows
      1. What is a common location of OS and global application settings?
      2. What command: (1) displays the IP address(es), (2) lists the routing information, (3) displays file contents on the command line?
    3. Linux/macOS
      1. What is a common location of OS and global application settings?
      2. What command: (1) lists files in a directory, (2) changes file/folder permissions, (3) displays file contents on the command line?
      3. What does “chmod 0777 *.sh” do? What are some security implications?
  5. Encryption
    1. For web traffic, is TLS 1.3 or SSL 3.0 more secure?
    2. Are MD5 or SHA256 password hashes harder to crack?
    3. What is the difference between encoding, encryption, and hashing?
    4. What are some common ways user passwords are stored in a database? Are certain ways better than others? Why?
    5. What is the best way for service account credentials (i.e. something the web app needs in order to interact with a 3rd party service) to be stored in a database?
  6. File Analysis / Reverse Engineering (RE)
    1. What are some tools people use to perform RE of a binary?
    2. What is UPX and why would one use it?
    3. Is a cryptographically secure file hash a good way to identify the majority of malicious files? How about identifying known good files? Why?
  7. Coding
    1. Do you have experience with programming?
    2. What are some common programming languages?
    3. What are the advantages and disadvantages of compiled, JIT compiled, and scripting languages?
  8. Password attacks
    1. What is a brute force attack?
    2. A dictionary attack?
    3. What is a password spray and how is it different from the above?
    4. Where are password hashes stored in Windows and Linux/macOS?
    5. What are some common tools used to extract and crack password hashes?
    6. What is the difference in using (for example) JTR vs Hydra?
    7. What are rainbow tables, and what weakness are they exploiting?
  9. Wireless
    1. Is WEP or WPA more secure?
    2. What sets WPA-PSK/personal apart from WPA-enterprise?
    3. With WEP, all users’ traffic is encrypted using the same key, and, it is, therefore, easy to eavesdrop on other’s traffic. WPA-2 uses temporal keys (unique key for each client). Can one client still eavesdrop on another’s traffic? If so, how?
    4. Assuming all wireless clients have line-of-sight, is it better to have a small number of massively powerful APs, or a greater number of lower-powered APs? Why?
    5. What are some tests that cannot be performed efficiently on a remote-only wireless assessment versus on-site?
  10. Sysadmin
    1. What does GPO stand for, and why is it important?
    2. What does AD stand for, and why is it important?
    3. What are the pros and cons of using AD as the back-end authentication source/authority for all services across an organization?
    4. What is LLMNR and NBT-NS, and how can they be exploited?
  11. Cloud
    1. What are some of the most common cloud vulnerabilities, and how are they mitigated?
    2. Is it more secure to run a custom web app in the cloud or from an on-prem server that you manage? Why?
  12. Mobile
    1. Why would a developer use “AppUpdateManager”? What is the equivilant for iOS?
    2. Why would a developer use “textNoSuggestions”? What is the equivilant for iOS?
    3. Why would a developer use “FLAG_SECURE”? What is the equivilant for iOS?
    4. Is code obfuscation important or not? Explain.
  13. Social engineering
    1. Remote: What is the most common type of remote social engineering? Provide a convincing theme/pretext.
    2. Physical: If someone was asked to social engineer his/her way into the data closet of a bank in the middle of the day to surreptitiously insert a hardware implant into their network|system, what pretext do you think could be successful?
  14. Misc / Split hairs
    1. How do you keep up with cybersecurity news, trends, new attacker techniques, etc?
    2. What, in your opinion, is the difference between a vulnerability scan, penetration test, and red teaming?
    3. What is the difference between Vulnerability, Threat, and Risk?
    4. Should passwords be force rotated every 90-120 days? Why or why not?
    5. Are windows in a data center okay? Why or why not? If existing windows are present, should anything be done? If so, what?