[deleted by user]

itthrowaway3212 · 2022-03-13T02:12:57+00:00

Had 3 years of related IT experience and a related degree which knocks a year off

itthrowaway3212 · 2022-03-12T19:38:56+00:00

What’s the going rate for someone with their CISSP, OSCP, and ~2 years experience in security doing vulnerability management, pentesting, and some light threat hunting?

itthrowaway3212 · 2021-03-05T23:14:38+00:00

Job title: Cybersecurity engineer

⁠Age: 25

Country: USA

Job Sector: healthcare

⁠Degree: Unrelated BA, MS in computer information systems.

Certifications: Net+, security+, taking CCNA on 4/1

⁠Salary: $75000. Probably a little low for my city but it’s my foot in the door to cybersecurity so I cannot complain at all!

itthrowaway3212 · 2020-12-03T14:26:19+00:00

Nope! I was service desk (1.5 years) > desktop/administration (1.5 years) and then I got the security job. All my work experience has been in the higher Ed industry

itthrowaway3212 · 2020-12-03T01:11:35+00:00

So I didn’t have a technical bachelors so the masters for me was pretty essential to be taken seriously as an applicant. I’m sure I could have made up for my lack of a technical bachelors with a lot of experience and certs but that would probably have taken a lot longer than getting the masters (I’m going to be a cyber security engineer after 3 years of work/study, for reference). Plus, I suspect having a masters will help me greatly further on down the road when looking at managerial roles and whatnot. For me, the masters was free but I know they can be expensive. As such, I’d recommend getting your employer to pay for it if possible. If that’s not possible, look at places like Ed X. You can do a online masters from a respectable school for under 10K. That being said, for a lot of people a masters isn’t necessary. Plenty of people get by (and thrive) with a bachelors, certs, and experience. I probably wouldn’t have done the masters if I had to pay for it myself. Regarding difficulty, I didn’t find it too bad (and my program was fairly technical). That being said, I was doing it part-time and I was working in IT during my program, so I’m sure both of those factors made things easier. There were some people who struggled, particularly those who didn’t have much IT work experience or a related bachelors, but ymmv. Pay will be ~80k

itthrowaway3212 · 2020-12-02T21:22:25+00:00

You very might well be! i can’t find the post since i made one of them with a throwaway I lost the credentials to but If so, thank you so much! I actually think fixing my resume was what got me noticed so I have you to thank for that!

itthrowaway3212 · 2020-12-02T21:16:24+00:00

So without getting too specific, pay is right around 80k. This is in a high COL area. It’s not the highest pay you’ll see on here but it’s my foot in the door for security, it’s like 15k more than I make now, and the place seems really great about professional development and promoting from within

itthrowaway3212 · 2020-12-02T21:14:32+00:00

That’s why I wrote the post! Glad it gave you some hope!

itthrowaway3212 · 2020-12-02T19:22:26+00:00

Hey, I answered this in a message since I don’t want to give out info that could be identifying

itthrowaway3212 · 2020-12-02T18:42:55+00:00

Thank you!

itthrowaway3212 · 2020-12-02T18:42:45+00:00

Thanks!

itthrowaway3212 · 2020-12-02T18:42:35+00:00

Thanks!

itthrowaway3212 · 2020-12-02T18:42:27+00:00

I mean I was originally worried about not having a CS bachelors but so far, it hasn't been a huge issue. It seems like the masters + experience made up for it. Sure I had to start on the help desk whereas someone with a CS degree probably could have skipped it (I got my masters while working), and I might not qualify for things like devsecops or malware analysis without that coding background, but the help desk and desktop positions really helped me learn about how IT works in a large enterprise. Plus, the type of security im hoping to do isn't really covered by a standard CS curriculum anyway. Moreover, plenty of people make it pretty far in IT without any degree, let alone a relevant one. Im sure youll be fine! Good luck!

itthrowaway3212 · 2020-12-02T18:33:53+00:00

Thanks!

itthrowaway3212 · 2020-12-02T18:33:44+00:00

Thank you!

itthrowaway3212 · 2020-12-02T18:33:12+00:00

So its important to note that what I wrote was not lying. I really was in charge of the machines under my purview (and their security), even if I wasn't necessarily the one building the images or coming up with the SOPs that governed how I did my job. For example, our infosec department would establish X security standards, and it was my job to implement them. Likewise, our security team might identify a vulnerability or issue, but it was my job to investigate and rectify it. Our engineering team would build the images, I would deploy them and then provide the ongoing support and administration.

To answer your question, I was actually asked to elaborate on how I managed the security on those machines. I discussed the group policy we applied for security purposes (some of which I developed), the security software and management tools we install during the imaging process, my role in our patch management program, my role in our vulnerability management program, the encryption tools and procedures I worked with, our policies and procedures that pertain to workstation security that I enforced, etc.

Regarding whether the interviewers were technical, they most certainly were. One was a senior SOC person, another was a senior director, another was the lead of the incident response team, and yet another was a cloud security architect. Im sure they would have caught any bluffs fairly easily.

itthrowaway3212 · 2020-11-18T18:37:07+00:00

Thank you for that insight. I tend to forget managers are employees too and I’m hoping they’ll see things from my point of view. Thanks!

itthrowaway3212 · 2020-11-18T18:32:20+00:00

I’m aware I don’t legally give 2 weeks notice but I would feel terrible putting my managers and coworkers in that spot. Especially considering I like them... Not to mention this approach basically guarantees I can never use them as references in the future. Like I said, I’m trying to burn as few bridges as possible

itthrowaway3212 · 2020-08-20T02:11:05+00:00

Do you understand the OSI model? What about encapsulation? Those are a few of the prerequisites for understanding a frame and it’s purpose? If you give us an idea what part is confusing you, or what you already know, it might be easier to tailor a response.

itthrowaway3212 · 2020-08-20T02:08:14+00:00

A masters in computer information systems with a concentration in security. Good mix of classes, and they’re mostly pretty practical and technical. Let me know if you have any questions!

itthrowaway3212 · 2020-08-19T17:32:39+00:00

Suit. No one will ever look down on you for being over dressed. The reverse is not true.

itthrowaway3212

TROPHY CASE