Interviewing for a technical job is hard, and companies do not interview candidates the same way. In this post, I would like to express my personal feelings about two interviewing processes in particular: Google and Facebook.
My experience with Google
My experience with the Google hiring process began in February 2011, when Marion, working in the staffing department at Google Sydney, sent me an email explaining she found my LinkedIn profile interesting and asking if I was interested in an internship in one of Google global offices.
At the time I was not interested in an internship, was about to leave for Chicago for my double degree program, so I declined the offer, adding the recruiter on LinkedIn.
Fast-forward to December 2012. I get a mail from Sunil about a Site Reliability Engineering role, but, after a brief phone call, we decided to postpone the thing to the summer.
In the summer, however, not a word from him. I try to send him an email, but it bounces. His email address was disabled. He left Google.
So I wait some months and contact Marion, who was really kind and helped me in getting in touch with a proper technical recruiter in Zürich, Terry.
Terry is an awesome recruiter.
Supportive, clear, helpful and insightful. We had several informal phone calls, and he even suggested me to apply for a different position that he believed would be a better match for my skillset.
So, after a review of my profile by the engineers, they asked to setup the first technical telephone interview.
The calls should last 45 minutes, but mine have actually been 50 to 55 minutes longs.
In the first one, the interviewer was calling from Zürich, and was a Security Engineer.
The interview was completely technical and straight to the point. He asked me several technical questions about security from the beginning, and I really appreciated that, because it made me feel confident and motivated. The questions were logically linked and I could tell that the interviewer was actually enjoying the discussion that arose about different techniques to, for example, overcome the Same Origin Policy (such as CORS and postMessage in the HTML5 Web API).
No silly brain teasers, no Fermi questions.
I was actually expecting some kind of Fermi questions in the first screening interview (questions along the lines of How many gas stations are there in Chicago?) and I’ve been told that they actually ask them for different roles, such as Marketing and Sales. They are about breaking down a problem, making reasonable assumptions, and doing a little bit of arithmetic.
Back to the interview. When there were about 10 minutes left, they ask you to come up with some code in your favorite language to solve a problem. You have to code on a dedicated Google Docs document that they link to you before the call. It’s not easy, especially if you use Python or other languages that assign semantics to indentation, but it’s still easier than whiteboard coding. And, guess what, that is something you’ll have to do if you manage to get to the on-site interview.
In the first call I was asked to implement a very popular input sanitization function from scratch. The interviewer was much more interested in following my initial thought process than to read my actual code, and this is a very good thing in my opinion.
The second call was really similar, with the interviewer calling from California. It was maybe slightly more focused on handling of scenarios.
After two weeks, Terry sent me an email congratulating me and inviting me to Zürich for an on-site round of interviews. Google pays for every expense, and books an hotel for you to stay overnight. They also offered to book a flight for me, but I preferred to take a train from Milan.
The day I had to leave for Zürich I had an university exam in the morning, so I had to quickly jump on the train after that. I arrived in Zürich in the early evening, I walked to the hotel, which was about 3km far from the station, had dinner, and then directly to bed.
The next morning, I woke up, had an abundant breakfast and checked out from the hotel.
I wandered around the city for a while, slowly heading to Google offices.
Zürich is pretty in the morning.
I arrived to Google offices a full hour early, so had plenty of time to hang around and take photos:
I also found a parked Google car!
Ok, so, maybe I wait a bit on the benches in front of the building…
Ok, it’s time! Let’s walk into it!
The office is awesome.
It has a different design theme on each floor, massage stations, restaurant-quality food, slides, billiards, aquariums, gondola lifts used as conference rooms, and so on.
The person at the front desk pointed me to a touchscreen, on which I had to agree to an informal NDA (I won’t specify details of the questions I’ve been asked) and I had my interviewee badge printed. I remember I had to put my name and my recruiter’s, and I thought of trying to inject something there, but I decided to be a good guy :) .
Here’s my badge:
After five minutes, my recruiter came and welcomed me. I was brought directly to my interview room, called Blueberry, and was asked if I needed anything. Everybody there was really kind to me.
Terry explained what was the schedule of the day, and, in less than ten minutes, I was being interviewed by the first engineer.
On-site interviews are more in-depth than the telephone ones. I was asked very precise things about protocols, RFCs and specifications. I can’t go into details, but, for example, if you never thought of studying the bit representation of a float number, well, you should.
The first two interviews were similar, and I was also presented with snippets of very vulnerable code, and I had to spot all the vulnerabilities I could. They used C, Python and PHP, and expected me to understand and know the security aspects of functions in the standard library of those languages.
I was also asked to code myself, but nothing too difficult, mostly operations with lists and numbers and string manipulation. The interviewers chose the language this time - for example, I was explicitly asked to use plain C for a string manipulation task.
Questions about security were increasingly difficult, and they tried to push my limits, for example by asking things such as the parameters that common functions take or which OS used to use static canaries (yes, it is Windows XP!).
I was asked to use the whiteboard for drawing things all the time. Don’t expect to vaguely hint about Return-oriented programming (ROP) without having to give a concrete example of a gadget chain ;).
After 90 minutes of non-stop interviews, I had a 30 minutes break to eat something and rest. I was reminded I was not being interviewed during that time, and another engineer showed me a lot of features of the office and perks.
Impressive, indeed. And the desserts are amazing.
Back to Blueberry, next interview was with two interviewers. One of them was shadowing, as he was learning to become an interviewer himself. He took notes and sometimes commented and took part to the discussion.
Everything went smooth, I was asked about advanced aspects of SQL injection and other security stuff (sorry for being generic here). No coding assignment this time.
Last interview was different.
The interviewer looked much more interested in assessing my organizational and coding skills (as a software engineer more than a security engineer), so he asked me to draw organization charts, discuss about incident response, the connection with marketing and decision making levels, and, finally, to code routines in a machine language with just one instruction (enough for making the architecture Turing complete).
I was really exhausted in the end, and I feel I underperformed in the last assignment.
After that, I was accompanied to a micro-kitchen for a refreshment and finally left.
Wrapping up my Google experience
My interview experience with Google has been really awesome, so thank you Google for that! :)
Everybody has been really kind to me, and the questions have been very challenging and stimulating - I enjoyed every single minute there.
I could tell that the interviewers were all very smart, stimulating and open to discussion.
Also… good news! I received positive feedback by the hiring committee in exactly two weeks after the on-site interview :).
Facebook is… different
A week before the Google on-site interview, I was contacted by the head of Facebook Security in Europe.
He convinced me to try their interviewing process too.
I just got the first screening phone call from them, where an engineer with an incredibly strong accent used CollabEdit to simply paste the text of a coding puzzle, and asked me to solve it. No questions, no introduction, nothing about security. I was really surprised, but I managed to tell him how I would have solved that problem. He agreed with me, but insisted that I actually wrote compiling code it while on the phone.
I tried to keep explaining my thought process, but he stopped me and insisted on the code. So I started writing some Python code, but I was disappointed by that interviewing technique.
So, it’s very different. I might have been unlucky - after all, I’ve just been interviewed once - but it looks like Facebook is more into hiring coding gurus than engineers.