Advice needed : Security Analyst job interview

cluelessITguy

Hi Folks,

I have a interview for an IT security analyst role in two weeks time and i am currently studying like a mad man to try give me the best chance of getting the job, unfortunately i don't have any idea of what questions they will or will be looking for etc.

I have 2 years of experience in General desk side support and 1 year on a helpdesk beforehand.

I have the following certs( albeit not much but thankfully enough to get me the interview )

CCNA
Comptia Security +
MTA security fundamentals


Any advice on what to brush up on or try gather as much information on before the interview would be much appreciated as i really need this job

Thanks in advance !!

cluelessITguy

Anyone ??

dustervoice

no one can tell you what the interviewer will ask we cannot predict that. Only advice i can give is:

1. Be yourself, confident
2. Always asks questions to show your interest in the role
3. focus on your strong skills
4. Dress appropriately, smile
4. Google generic interview questions for infosec. i.e. Top 50 Information Security Interview Questions - InfoSec Institute

Good luck mate.

TheFORCE

Depends who you are meeting with really.

alias454

Be honest. If you don't know something, don't try to BS your way through it. I second the point about asking questions. it isn't a bad idea to research the company you are interviewing with so you can tailor some of your answers/questions to them specificly.

Good Luck

scaredoftests

Also, this might not be a 'technical' interview and could be one that deals with the basics. HOWEVER, research the company before you go and bring a notebook full of questions...

goatama

I found this article awhile back and have referred to it several times, and even gave it to my old CSO to find my replacement. It covers the full range of what a competent security manager might ask to determine if you know what you're doing. https://danielmiessler.com/study/infosec_interview_questions/

Sawedoff

Don't BS your way through it.

I interviewed for a position, that come to find out the main requirement they were looking for in an applicant, I had ZERO experience with. I was honest, straightforward but expressed SOME familiarity and interest in it, and I was hired.

You are who you are, you know what you know. Anything else will come back to haunt you.

beads

Much good advice above - run with all those things.

This is part of what people want to say about 'researching the company'.

Best places to get a feel for what the interviewer will be looking for are ironically, readily at hand. Look at the job description you have been given. Anything stick out one way or another? Know something of those tools, likes, dislikes, constrasts between tools - all that. Next look at past JDs for the same company. You'll see a good deal of overlap plus items likely not on the JD for this position. You can get an overall depth and feel for what the organization uses tool wise and if they are adopting cutting edge tools or sticking to say Server 2003 or R2 - whatever.

Do the JDs match culturally? If not the organization is likely to be siloed by individual managers. If it all sounds like HR wrote the past 14 JDs (any job description not just IT or Security) you can figure out that HR is really central to the organization and you can use that to your advantage as well.

Read the complaints on Glassdoor and other review sites. Don't take much of it seriously but it does give you a feeling as to what you might be in for. Many times people will post their venting negative reviews like its the worst place in the world save h-e-ll to work. Rarely something good but that's human nature.

Since your entirely new to the field and hopefully not a recent (*Poof!*) CISSP, go in with the attitude that your willing to do what it takes and learn everything. Know a bit about what is HAPPENING in security for the past few days and something INTERESTING that is or has happened that day. Being up to date is the hardest part of security and a certification isn't the same as being able to apply an odd bit of interesting news to your position. Today and over the weekend my company became vulnerable to 9 different zero day vulnerability. Communicate that to upper management in the right way at the right time and someone is going to become dependent on your knowledge.

Security and Intelligence go hand in hand. Civilians just do a worse job than the government pros.

- b/eads

Danielm7

beads wrote: »

Know a bit about what is HAPPENING in security for the past few days and something INTERESTING that is or has happened that day. Being up to date is the hardest part of security and a certification isn't the same as being able to apply an odd bit of interesting news to your position.

This part is so true. I know I've told this story on here before but I interviewed at my current company and was competing against a number of other people. Some new big named vulnerability had hit the news less than two weeks before. Not just the nerd news, but yahoo, CNN, etc. They asked me if I had seen/read anything interesting in my field in the last few weeks, I told them all about it, how it functioned, why it was bad, etc. They were happy and explained that the last few people had more security experience than me but had no clue about big major news so it showed a clear lack of interest/passion. Long story short, I got the job.

UnixGuy

beads wrote: »

....Today and over the weekend my company became vulnerable to 9 different zero day vulnerability. Communicate that to upper management in the right way at the right time and someone is going to become dependent on your knowledge.
..
- b/eads

^^ Ha this is gold. I'll definitely do that in the future.