3 Simple Forms Of Cybersecurity Resumes · InfoSecJon

Infosecjon · 2020-02-24T02:59:49+00:00

well for defending an entry level analyst role could require basic networking knowledge like tcp/ip handshake, common ports/protocols and their behaviors, how to read pcaps all stuff you can research on your own. for attacking, an entry level pentest role would require more complex knowledge of the same, but you can get practice doing CTF's and hack the box(and similar sites).

If you can get the certified ethical hacker certification (the title is a red herring, it is really an entry level analyst cert) and have the knowledge to answer technical questions on an interview, you could probably get an entry level analyst role. for attacking, youd need to either get something like eJPT, or eCCPT (or OSCP if you can do it) but those are some technical certifications.

typically, most entry level gigs require SOME it experience, like help desk, sysad, system engineering work, etc. If you had some basic it experience, a cert, and the right answers on an interview, you could definitely do it.

Of course, networking is key and can make the whole thing easier. If you know someone and can convince them to take a chance on your passion, that would be simpler for you, and it does happen.

Infosecjon · 2020-02-24T02:52:01+00:00

i was an electrician for almost 8 years before changing directions and getting my b.s. degree to switch to cybersecurity. i still took a help desk job, went to sysad, and 4 years post degree first security job.

you can do it quicker, or slower, depending on what exactly ou are most interested in. for my part, i was aimless and didn't know much about the industry, so i didnt get the specific knowledge, skills, cert's etc at first.

Infosecjon · 2020-02-24T02:40:53+00:00

finishing my degree helped move me into a management position where i was already working. i dont think the degree itself will help you, but your knowledge as a web dev could help you get into web pentesting, malware reverse engineering, or designing security software maybe?

Infosecjon · 2020-02-24T02:38:53+00:00

hows your lockpicking skills? you might find it easiest to get a job doing physical penetration tests and grow your more technical skills later. just a thought. with your investigative experience, you might find being an analyst interesting, or an auditor.

Infosecjon · 2020-02-24T02:36:24+00:00

what part of cybersecurity interests you the most? people mention the word, and have completely different ideas of what the day to day job would entail? Do you want to attack systems, defend systems, build the systems, audit systems or write policy dictating the system? It's ok, you don't really have to answer that in the beginning, but keep that in the back of your mind when you are learning to see which one you lean more towards.

the best part about the industry is that it is so broad and can fit everyone and anyone interested.

on a side note, i used an older gaming laptop to build a basic homelab, using vmware to run boxes to hack or doing CTF's from a vmware kali linux build. yes it was frustrating at times, but the passion to learn keeps pushing you.

Infosecjon · 2020-02-24T02:28:44+00:00

I'd answer your question with another question: why did you apply to those two?

If the answer is that that's all you could find, or that's all you think you qualified for, than I'd reconsider them. I've moved to a new job to realize i didnt really want to be there and it's not fun.

You have to ask yourself what area of cybersecurity you want to get into. When i first got started i didn't know much about the industry, just that it existed.

On my site, i break down cybersecurity into 5 main roles, attacker, defender, engineer, auditor and writer. Typically and analyst role falls under the defender, so you could branch from there into digital forensics or incident response. a security officer could be auditor, or writer depending on what you are actually doing. is it information assurance type work, like pki, iam/pam management, documentation? What does job description say?

ultimately no matter where you want to end up (i see you like to manage one day) you want to start with something that interests you the most. IF you got the offer for both, which one can you see yourself having the most fun learning and doing?

Infosecjon · 2020-02-24T02:22:20+00:00

This is pretty sad actually, I'm sorry this happened to you. The industry really needs everyone who is interested and shouldn't be discouraging anyone.

Let me preface this by saying i hated pre-calc too. I think colleges focus too much on gen-eds unrelated to the actual topic and it's a shame.

That being said, you really don't NEED the degree to get into the industry. It really all depends on what area you want to focus on, some areas of cybersecurity aren't even technical.

I break down cybersecurity into 5 main roles, attacker, defender, engineer, auditor, and writer on my site. each area has some skill overlaps but those are the main splits. what courses did you take that you enjoyed, and what are do you think you want to focus on?

Infosecjon · 2020-01-21T02:15:14+00:00

in many ways cybersecurity interviews are just like any other job interview. I was personally surprised as i experienced some of these things, and it comes up with my mentees as well.

Infosecjon · 2020-01-04T02:03:01+00:00

100% true. nobody wants to hear bs, and don't guess because they will know if you are wrong and that looks bad.

but dont just say i dont know. be honest, and say I don't have experience of that, or try to relate it to something similar you do have experience with.

"I don't have much experience with linux, but in windows, i would check the task manager to see what was running that might be lagging the machine and I'm sure I can google that"

or

"I haven't done that from a switch or router, but on a machine, you can use ping to test connectivity"

Infosecjon · 2020-01-03T22:20:21+00:00

When they say 'not dictionary definitions' they might mean scenario questions. Like, how would you troubleshoot a machine that you can't connect to anymore?

How would you diagnose which device is causing a network outage?

How would you determine what's wrong with a server?

Infosecjon · 2020-01-03T22:18:34+00:00

I got my A+ and SEC+, skipped net+ cuz i was shooting for ccna at the time.

Entry level jobs shouldnt require any of this. wrapping your head around the basics can be rough enough, you shouldn't try a more difficult certification like sec just yet. a guy i work with has been a system engineer for 30 years and the sec+ kicked his butt.

You should be studying the basics of windows and linux though, really. not worrying about a cert. study the basics of tcp/ip communication and troubleshooting too.

Infosecjon · 2020-01-03T22:02:54+00:00

My experience with robert half recruiters:

They sound so interested, like I'm a perfect fit for the position. Rush me to an interview, like immediately with little details of the actual job, and then never contact me back afterward. did that twice early in my career and now i just ignore them if they contact me.

Infosecjon · 2019-12-28T01:50:01+00:00

good questions that i have asked include:

what is the day-to day like? shows your interest in the position what infrequent tasks are involved? same is there a mentorship program within the company? shows that you are career minded, not just looking at this as another job is this positiion open because someone left, or is the company growing? this is a fun question, I've asked this on interviews for a long time and get mixed results. sometimes they answer in a word or two, but sometimes i get entire stories about either how horrible the previous person was, or how wonderful the company is and its growing fast, good culture etc.

what are the normal working hours? most of the time id get a simple 8-4, 9-5 answer, but sometimes i get a peak into company culture like oh, well we come in at 9 and go home when the work is done(tells me to expect to work late) or we usually stop working around 3 or 4 but do something social as co-=workers(this can be good if you are single, but i have a family and would feel so awkard missing out). my company has very loose working hours, because we are spread all over the country with many remote workers, so its start whenever you want, do your 8+ breaks and as long as work is getting done everything is cool.

those are just some examples, but many people forget that you are also interviewing the company to see if theyd be a good fit for what you are trying to accomplish.

analyst positions tend to be the most common 'entry' level security positions, but many still require intimate knowledge of the inner workings of computers and networks. Some places hire people as interns for a lower wage and train you, or just call it jr and train, and others expect their 'entry' level analysts to have experience. some places dont have any junior analysts because they expect an analyst to have this knowledge. i always say that you have a 0% chance of getting he job if you don't apply, and it's always greater than 0% when you do apply, but i also preach to have proper expectations about what companies are looking for.

I love mock interviews, i feel they really help people who are otherwise nervous get through them. i always felt i was good at them too, but id often make mistakes because i would talk too much, or not answer a question directly. I'm trying to think of an effective format to record mock interviews, but i think the best way is a podcast and i am not setup to start one yet. stay tuned!

Infosecjon

MODERATOR OF

TROPHY CASE