Phone interview for my ideal job next week

snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
It's for an IT Security Analyst role (quite junior) and it really ticks all the boxes for me. The only issue comes down to my experience. Apparently they want to get someone relatively junior in who they can train up and I was quite surprised that I got the invitation for the interview, considering I only have IT Support experience.

Has anyone interviewed for a Junior IT security role before? I'd appreciate any advice regarding the questions they may ask. Do you think they will be more focused on my technical ability, or whether I'm able to be trained easily?


  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    The problem is that titles don't mean a lot between companies, one company's junior is another company's Sr engineer. With that out of the way I'd say if they want to interview you and have admitted they want someone to train themselves you could be in a good spot, especially considering the limited number of true Jr level security positions. The company I currently work at listed a Jr sec analyst position and I saw the requirements, they mentioned MCSE, CCNA, CCIE and CISSP in there, someone in HR had a field day. In the end they picked someone from their current service desk to had desire to train up.

    For security specifically, since you mentioned this is your ideal job, what have you been doing outside of work? By that I mean have you played with open source security tools? Do you follow security news/blogs? Do you have VMs at home to test different things in security?

    They already know you don't have security experience and they want to interview you anyway so from that point you want to show them that this is the field you are really interested in. It's easy to say, "security sounds cool!" but if you walk in and say you really want to get in the field, you listen to these podcasts, read these blogs, follow these news sites and have been learning Kali linux at home and are excited to get started.. that's the person I'd want to hire.
  • Options
    TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Definitely hit it spot on. In security you have to show curiosity in learning about what is out there as far as tools, configs, and OS's. Certifications are helpful too. Even if you just dabble with something it shows motivation.
  • Options
    H3||scr3amH3||scr3am Member Posts: 564 ■■■■□□□□□□
    Can you share the actual position's posting? I used to be involved in the hiring process for Junior SOC analysts, and we made sure that they were technically capable, and we asked them some troubleshooting questions to see how they approached the issue and worked through it. We asked what ports were used for basic protocols like RDP, SMTP, SSH, SSL, HTTP, etc. Hope this helps, and if you share the full posting perhaps we can offer some more input into it for you :D
  • Options
    ampdeckampdeck Member Posts: 35 ■■□□□□□□□□
    It's for an IT Security Analyst role (quite junior) and it really ticks all the boxes for me. The only issue comes down to my experience. Apparently they want to get someone relatively junior in who they can train up and I was quite surprised that I got the invitation for the interview, considering I only have IT Support experience.

    Has anyone interviewed for a Junior IT security role before? I'd appreciate any advice regarding the questions they may ask. Do you think they will be more focused on my technical ability, or whether I'm able to be trained easily?

    go for it mate! as they say, since they are already aware that you lack experience and they still want to pursue to interview you then thats a positive and advantage side for your. you can do it....
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    @danielm7 - Thanks for your advice! At the moment I'm currently studying towards Security+, but I also have a laptop that is specifically for Kali Linux. So I run 2 or 3 VMs on it and play around with trying to access them etc. I listen to a few security podcasts as well, just to see what's going on. Do you have any blogs that you would recommend I should follow?

    @H3| |scr3am - To be fair the job seems to be a bit more on the compliance/governance side rather than the technical side which is why I was unsure what type of questions they would be asking. I've posted the job description below;

    • Responsible for the completion of all assigned Information security activity and

    associated reporting as defined within operational standards and procedures

    • Responsible for supporting the delivery of Information Security policy, standards and

    guidelines documentation across the organisation and client base

    • Assist with the delivery of the Information Security Awareness programme across

    the organisation

    • Responsible for the completion (with evidence) of any controls and checks that are

    assigned to them to support the Information Security operation

    • Responsible for processing deviations to policy via approved departmental

    procedures as required

    • Provide consultative Information Security support to the rest of the business

    (includes delivery of training materials as required)

    • Provides first line security resource to the business change programme, including

    the processing of specific information security artefacts ahead of go-live. For

    example live entry criteria.

    • Assist with the identify of Information Security Risks in conjunction with both the IT

    Risk Analyst and the business, assisting to qualify and support the risk owner in the

    development of appropriate controls by way of mitigation

    • Work with the client base as directed by the senior information security analyst in

    support of internal and external security assurance activity, and BAU security

    operations issues – includes hosting meetings and reviews as required in support of

    this objective

    • Undertake activities as directed to assure the operational effectiveness of controls

    that mitigate or otherwise manage Information Security risk within tolerance

    • Contribute to the production of accurate and timely management information as

    requested by IS management

    • Travel to other sites and completion of activities across shifts will be required.

    • Identify opportunities to improve service, quality and efficiency

    • Any other reasonable task within the scope of this level
  • Options
    Robertf969Robertf969 Member Posts: 190
    These are the kinds of positions I have been looking at. Know SOX, PCI-DSS, ISO27001, TCSEC, ITSEC, NIST, Ect, be an effective written and oral communicator (Probably most important). These kinds of positions are more concerned with you knowing how stuff works than just how you do it. Do you know the difference between a Threat, Vulnerability, Risk? Risk Assessments? I would recommend you at least have an understanding of these things, most of my phone interviews have involved these kinds of questions. Hope that helps, good luck and let us know how it goes!
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    Thanks for all your advice guys. It went quite well actually. They seemed happy with the interview. It was more of a 'get to know you' and there were a lot of questions about why I wanted to move into the security area. I think they were more interested in whether I'd fit into the team because they are wanting to provide the training needed. Fingers crossed. I'll hopefully hear by Friday! :)
  • Options
    N2ITN2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■
    I think they were more interested in whether I'd fit into the team because they are wanting to provide the training needed. Fingers crossed.

    This is 99.9999999999% of it. If you did well here you did well!

    I'll hopefully hear by Friday!

    Keep us posted! Gratz!
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    Got a second interview beginning of next week. Got good feedback and they pushed the interview in order to get me in ASAP. Fingers crossed!
  • Options
    CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□

    Only really "junior" role I interviewed for was for the NSA. They were literally looking for someone to train up from scratch. Good job, but the training was ridiculously long and the pay was only a little over 100k in DC. Questions were all personality focused and used the STAR format. They were looking for a "compatible" person... I don't know why I am adding "quotations" to every word but it "looks cool."

    GJ on the "2nd" interview
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    Had my second interview today. I think it went well. It was mainly behaviour type questions. It seemed to be a lot more about my personality and how I deal with situations rather than my technical ability.

    At the end, the department head started asking some technical stuff. Quite basic stuff like encryption etc. I answered them all (don't know how well considering I was a bit nervous) except one question that threw me a bit. I sort of panicked and didn't answer it very well. Ahwell, they seemed happy with my answers and I think the thing that may let me down is my technical knowledge. Although they do seem quite keen to teach people from the ground up.

    I find out tomorrow or early next week. I'll let you know how I get on!
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    I GOT THE JOB! :)

    They are hiring me as a Junior and have a training budget so hopefully I'll be able to get some certificates behind me. So excited that I actually managed to get my foot in the door and will be able to get the experience I need.
  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats on the new job! Make sure to take advantage of any training they provide and also on your own.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    Justin-Justin- Member Posts: 300
    Sweet! Congrats on the new position!! I would love to get into IT Sec. Do you have any schooling done / certs that supplemented in getting that job offer? 'Grats again.
  • Options
    coreyb80coreyb80 Member Posts: 647 ■■■■■□□□□□
    Congrats! I'm pondering this move as well as we have an opening on our Security team here and my old boss would like to interview me for it if I'm interested.
    WGU BS - Network Operations and Security
    Completion Date: May 2021
  • Options
    BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Congrats! I started out in the same type of position. It's all what you make of it really.
  • Options
    nelson8403nelson8403 Member Posts: 220 ■■■□□□□□□□
    Congrats! Welcome to the world of security!
    Bachelor of Science, IT Security
    Master of Science, Information Security and Assurance

    CCIE Security Progress: Written Pass (06/2016), 1st Lab Attempt (11/2016)
  • Options
    Dakinggamer87Dakinggamer87 Member Posts: 4,016 ■■■■■■■■□□
    Congrats on the new job!! That's awesome :)
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
  • Options
    DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    Congratulations on the job!! icon_cheers.gif
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • Options
    E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■

    P.S. Everyone thinks their issue is a firewall issue. :D
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Options
    snowchick7669snowchick7669 Member Posts: 69 ■■■□□□□□□□
    Thanks everyone! I really appreciate all your support. I don't think it has quite sunk in yet to be honest.

    I'm just going to absorb as much knowledge as possible. The team is quite new, so they are literally building up the team and implementing new systems towards the end of the year. It sounds like a really exciting time to be involved in the team. It sounds like the role is one where you can get involved in as much as you want, so that will be such a good learning situation.

    @Justin- I have a basic Microsoft security cert and I'm studying towards my Security+ at the moment. I think the fact that I have previous experience working in IT support and also I'm currently in a Systems Analyst role helped a lot. They focused a lot more on my soft skills and also whether I was willing to learn. The advice that I've seen on this forum is pretty bang on the money. If you can show that you're passionate about IT security, by studying on your weekends and you have a lab at home where you practice things then it helps (it certainly did for me). For this role though it was definitely more soft skills and whether I'd be a fit for the team.
  • Options
    DrethylDrethyl Member Posts: 121 ■■□□□□□□□□
    Congrats Snowchick. I also just landed my first Security role as a SOC analyst. Previously I had only done help desk support and technician work. I had no previous security experience except in school which I went into for Cyber Security. I'm so excited for you I bet you are just as excited as I am to start. My main love is security and I cant wait to get my feet wet. Like you I also got asked a lot about behavioral questions as well as why I wanted the job. Also they were very interested in where I get my security information from and If i keep up to date on the news.
  • Options
    [Deleted User][Deleted User] Senior Member Posts: 0 ■■□□□□□□□□
    Ditch Kali Linux. It is really overrated. Most professionals I see use a similar distro but has a cleaner appearance. Give BackBox Linux a shot in a VM or as your host OS. Home | BackBox Linux Congrats on the job offer btw! Security+ will be a good starting cert. Then consider moving towards CISSP.
    Best book and most recommended on this forum is Darril Gibson for Security+. CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide: Darril Gibson: 9781939136022: Amazon.com: Books
Sign In or Register to comment.