Phone interview for my ideal job next week

snowchick7669

It's for an IT Security Analyst role (quite junior) and it really ticks all the boxes for me. The only issue comes down to my experience. Apparently they want to get someone relatively junior in who they can train up and I was quite surprised that I got the invitation for the interview, considering I only have IT Support experience.

Has anyone interviewed for a Junior IT security role before? I'd appreciate any advice regarding the questions they may ask. Do you think they will be more focused on my technical ability, or whether I'm able to be trained easily?

Danielm7

The problem is that titles don't mean a lot between companies, one company's junior is another company's Sr engineer. With that out of the way I'd say if they want to interview you and have admitted they want someone to train themselves you could be in a good spot, especially considering the limited number of true Jr level security positions. The company I currently work at listed a Jr sec analyst position and I saw the requirements, they mentioned MCSE, CCNA, CCIE and CISSP in there, someone in HR had a field day. In the end they picked someone from their current service desk to had desire to train up.

For security specifically, since you mentioned this is your ideal job, what have you been doing outside of work? By that I mean have you played with open source security tools? Do you follow security news/blogs? Do you have VMs at home to test different things in security?

They already know you don't have security experience and they want to interview you anyway so from that point you want to show them that this is the field you are really interested in. It's easy to say, "security sounds cool!" but if you walk in and say you really want to get in the field, you listen to these podcasts, read these blogs, follow these news sites and have been learning Kali linux at home and are excited to get started.. that's the person I'd want to hire.

TechGuru80

Definitely hit it spot on. In security you have to show curiosity in learning about what is out there as far as tools, configs, and OS's. Certifications are helpful too. Even if you just dabble with something it shows motivation.

H3||scr3am

Can you share the actual position's posting? I used to be involved in the hiring process for Junior SOC analysts, and we made sure that they were technically capable, and we asked them some troubleshooting questions to see how they approached the issue and worked through it. We asked what ports were used for basic protocols like RDP, SMTP, SSH, SSL, HTTP, etc. Hope this helps, and if you share the full posting perhaps we can offer some more input into it for you

ampdeck

snowchick7669 wrote: »

It's for an IT Security Analyst role (quite junior) and it really ticks all the boxes for me. The only issue comes down to my experience. Apparently they want to get someone relatively junior in who they can train up and I was quite surprised that I got the invitation for the interview, considering I only have IT Support experience.

Has anyone interviewed for a Junior IT security role before? I'd appreciate any advice regarding the questions they may ask. Do you think they will be more focused on my technical ability, or whether I'm able to be trained easily?

go for it mate! as they say, since they are already aware that you lack experience and they still want to pursue to interview you then thats a positive and advantage side for your. you can do it....

snowchick7669

@danielm7 - Thanks for your advice! At the moment I'm currently studying towards Security+, but I also have a laptop that is specifically for Kali Linux. So I run 2 or 3 VMs on it and play around with trying to access them etc. I listen to a few security podcasts as well, just to see what's going on. Do you have any blogs that you would recommend I should follow?

@H3| |scr3am - To be fair the job seems to be a bit more on the compliance/governance side rather than the technical side which is why I was unsure what type of questions they would be asking. I've posted the job description below;

• Responsible for the completion of all assigned Information security activity and


associated reporting as defined within operational standards and procedures


• Responsible for supporting the delivery of Information Security policy, standards and


guidelines documentation across the organisation and client base


• Assist with the delivery of the Information Security Awareness programme across


the organisation


• Responsible for the completion (with evidence) of any controls and checks that are


assigned to them to support the Information Security operation


• Responsible for processing deviations to policy via approved departmental


procedures as required


• Provide consultative Information Security support to the rest of the business


(includes delivery of training materials as required)


• Provides first line security resource to the business change programme, including


the processing of specific information security artefacts ahead of go-live. For


example live entry criteria.


• Assist with the identify of Information Security Risks in conjunction with both the IT


Risk Analyst and the business, assisting to qualify and support the risk owner in the


development of appropriate controls by way of mitigation


• Work with the client base as directed by the senior information security analyst in


support of internal and external security assurance activity, and BAU security


operations issues – includes hosting meetings and reviews as required in support of


this objective


• Undertake activities as directed to assure the operational effectiveness of controls


that mitigate or otherwise manage Information Security risk within tolerance




• Contribute to the production of accurate and timely management information as


requested by IS management


• Travel to other sites and completion of activities across shifts will be required.


• Identify opportunities to improve service, quality and efficiency


• Any other reasonable task within the scope of this level

Robertf969

These are the kinds of positions I have been looking at. Know SOX, PCI-DSS, ISO27001, TCSEC, ITSEC, NIST, Ect, be an effective written and oral communicator (Probably most important). These kinds of positions are more concerned with you knowing how stuff works than just how you do it. Do you know the difference between a Threat, Vulnerability, Risk? Risk Assessments? I would recommend you at least have an understanding of these things, most of my phone interviews have involved these kinds of questions. Hope that helps, good luck and let us know how it goes!

snowchick7669

Thanks for all your advice guys. It went quite well actually. They seemed happy with the interview. It was more of a 'get to know you' and there were a lot of questions about why I wanted to move into the security area. I think they were more interested in whether I'd fit into the team because they are wanting to provide the training needed. Fingers crossed. I'll hopefully hear by Friday!

N2IT

I think they were more interested in whether I'd fit into the team because they are wanting to provide the training needed. Fingers crossed.

This is 99.9999999999% of it. If you did well here you did well!

I'll hopefully hear by Friday!

Keep us posted! Gratz!

snowchick7669

Got a second interview beginning of next week. Got good feedback and they pushed the interview in order to get me in ASAP. Fingers crossed!

Cyberscum

@Schick

Only really "junior" role I interviewed for was for the NSA. They were literally looking for someone to train up from scratch. Good job, but the training was ridiculously long and the pay was only a little over 100k in DC. Questions were all personality focused and used the STAR format. They were looking for a "compatible" person... I don't know why I am adding "quotations" to every word but it "looks cool."

GJ on the "2nd" interview

snowchick7669

Had my second interview today. I think it went well. It was mainly behaviour type questions. It seemed to be a lot more about my personality and how I deal with situations rather than my technical ability.

At the end, the department head started asking some technical stuff. Quite basic stuff like encryption etc. I answered them all (don't know how well considering I was a bit nervous) except one question that threw me a bit. I sort of panicked and didn't answer it very well. Ahwell, they seemed happy with my answers and I think the thing that may let me down is my technical knowledge. Although they do seem quite keen to teach people from the ground up.

I find out tomorrow or early next week. I'll let you know how I get on!

cyberguypr

Best of luck!

snowchick7669

I GOT THE JOB!

They are hiring me as a Junior and have a training budget so hopefully I'll be able to get some certificates behind me. So excited that I actually managed to get my foot in the door and will be able to get the experience I need.

JoJoCal19

Congrats on the new job! Make sure to take advantage of any training they provide and also on your own.

Justin-

Sweet! Congrats on the new position!! I would love to get into IT Sec. Do you have any schooling done / certs that supplemented in getting that job offer? 'Grats again.

coreyb80

Congrats! I'm pondering this move as well as we have an opening on our Security team here and my old boss would like to interview me for it if I'm interested.

BlackBeret

Congrats! I started out in the same type of position. It's all what you make of it really.

nelson8403

Congrats! Welcome to the world of security!

Dakinggamer87

Congrats on the new job!! That's awesome

cyberguypr

Congrats!

DoubleNNs

Congratulations on the job!!

E Double U

Congrats!

P.S. Everyone thinks their issue is a firewall issue.

snowchick7669

Thanks everyone! I really appreciate all your support. I don't think it has quite sunk in yet to be honest.

I'm just going to absorb as much knowledge as possible. The team is quite new, so they are literally building up the team and implementing new systems towards the end of the year. It sounds like a really exciting time to be involved in the team. It sounds like the role is one where you can get involved in as much as you want, so that will be such a good learning situation.

@Justin- I have a basic Microsoft security cert and I'm studying towards my Security+ at the moment. I think the fact that I have previous experience working in IT support and also I'm currently in a Systems Analyst role helped a lot. They focused a lot more on my soft skills and also whether I was willing to learn. The advice that I've seen on this forum is pretty bang on the money. If you can show that you're passionate about IT security, by studying on your weekends and you have a lab at home where you practice things then it helps (it certainly did for me). For this role though it was definitely more soft skills and whether I'd be a fit for the team.

Drethyl

Congrats Snowchick. I also just landed my first Security role as a SOC analyst. Previously I had only done help desk support and technician work. I had no previous security experience except in school which I went into for Cyber Security. I'm so excited for you I bet you are just as excited as I am to start. My main love is security and I cant wait to get my feet wet. Like you I also got asked a lot about behavioral questions as well as why I wanted the job. Also they were very interested in where I get my security information from and If i keep up to date on the news.

[Deleted User]

Ditch Kali Linux. It is really overrated. Most professionals I see use a similar distro but has a cleaner appearance. Give BackBox Linux a shot in a VM or as your host OS. Home | BackBox Linux Congrats on the job offer btw! Security+ will be a good starting cert. Then consider moving towards CISSP.
Best book and most recommended on this forum is Darril Gibson for Security+. CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide: Darril Gibson: 9781939136022: Amazon.com: Books