The job search continues (Car crash interview)

si20

Sorry i've posted a few threads recently about seeking a new job. The thing is - i'm not looking for a quick 5 minute gig - i'm looking for a long term career and i'm struggling to find that kind of place. Somewhere where I can learn and grow over the next 10 years+. I currently work as a security analyst and although I detest security analyst work - I happen to be quite good at it (not to blow my own trumpet!).

So I currently do a 40 mile round trip every day to my current place of work. I found a security analyst position advertised for a large global company which was only 10 miles from me. This would reduce my mileage by 50% and pay very similar. Perfect. That I was prepared to do. So I applied for the job and was lucky enough to get a telephone interview (stage 1). I passed that with flying colours and got invited to a face to face interview (stage 2).

I turned up to the building 20 minutes prior to the interview time slot. As I got there, there was a fire alarm. I walked into the building to see if it was a drill, or whether it was a false alarm etc etc. There was no security, no fire marshal to stop me going in. I walked into the building to see reception empty, the building empty - I quickly realised, ok, this isn't a drill. I walked back to my car and called HR. HR told me to wait around and it will be ok to go in late.... first red flag (complete lack of security).

I eventually got into the interview room around 10 minutes later than planned. I was greeted by an "ITIL" woman and a "Security" gentleman for the interview. The woman asked about my background in IT. I told her how I started as 2nd line and did that for 5 years, then I told her about getting a first class degree and getting certs etc. She looked a bit confused (second red flag) but I thought nothing of it.

The security guy (let's call him Bob) was asking about the certs. "OSCP? I've never heard of it" (third red flag). I couldn't quite believe a security guy had never heard of the OSCP, but I told him about it. His response? "i'll have to google it." Ok, fair enough. Maybe he genuinely hasn't heard of it. The woman asked me what I do day to day. I told her how I run reports and speak to clients and provide security consultancy. In my previous security analyst role, I was the guy monitoring log sources and fighting off malware, insider threats and the like.

She looked completely and utterly confused. I was about to ask "is something wrong?" when she picked up her book, folded it in half and said: "This job isn't technical. This job is all about policy and procedure" (forth red flag). I told her how I do that in my current role and she opened the book and continued the interview (I got the feeling she was going to end it there and then unless I did something special). I managed to get back on track.

Then the guy asked about my degree "What made you do that degree? What is computer forensics?". This was the fifth red flag and I really, really didn't want the job by this point. Here is a guy, working in security, who doesn't know what the OSCP is, doesn't know what computer forensics is and is asking me to explain the very basics about what these things are. At the end of the interview, I asked "what would I be doing day to day?" and the ITIL woman gave me 10 minutes of what I can only describe as "waffle". She was trying to impress me with acronyms she'd learned on the ITIL course and mentioned i'd be "signing off projects" and "using the development lifecycle" - but failed to tell me what i'd actually be doing day to day and in the grand scheme of things. Signing off what projects? If the job isn't technical why would I be using a development lifecycle? What about the ESM's? What about Splunk? Arcsight? Alienvault? How can you have a non-technical security analyst? etc etc.

I received an email today saying they wont be taking the application any further, but in my defence, I genuinely didn't want it. I've said it before on this forum and i'll say it again. ITIL is the devil. I was 99.9% convinced before, but i'm 100% convinced now. ITIL is a course for non-techies. I'm convinced it produces ineffective managers who have "the gift of the gab" aka like to talk. What I got out of the interview, was that she wanted to hire a non-technical person to do a technical person's job so she could relate to them. But it's not just her, i've yet to meet one person with ITIL certs who is any good.

Now, although I can be grateful i'm not working for her, but the problem is - there are no more jobs in my area paying over 20k (£). I'm in between a rock and a hard place. I'm not sure where to go from here.

Breadfan

Sorry you are having such an issue looking and finding a position. I seem to be in the same boat as well. SA positions here dont seem to be as advertised around here. By the time I research it further and/or talk to the recruiter, I find the position to be either A) not a technical position as I had wanted or a SOC position, which I have made it clear to the recruiters, I wont do.

Good luck, and keep your chin up. Things will happen when you least expect it to.

BTW, I literally LOL at the "ITIL is the devil" comment

TheFORCE

For the record, i think you are right about how ITIL is portrayed. It is an old old framework and people that have not had any technical roles don't really understand it or how to use it properly. I for one, can say for the record that i do like the concept of it and the reason behind it but for it to work the implementation has to be done correctly. I am trying to implement it in my current organization and i am having some not so good responses really.

As far as the other side of your interview, that company maybe was not right for and on a side not, don't know how old you are but if you are still young with no family, maybe you should take a trip on the other side of the pond for a year or 2. Someone with your skills, could be making well over 100k in the US.

si20

I'm 26. I have considered going over to the US. I wouldn't know where to start though!

scaredoftests

Start on the east coast.

TheFORCE

As he said, you can start on the east coast. Specifically the tri-state area is booming right now on the private sector. You have startups, financial companies and you have biotech and some of the big pharma located in NJ and Jersey City and CT and of course NY for the big financial companies. Just look on linkedIn for jobs in those areas.

TechnicalJay

si20 wrote: »

I'm 26. I have considered going over to the US. I wouldn't know where to start though!

You could come to Canada pretty easy since we're in the same Alliance thingy

cyberguypr

When you said the guy had no idea what OSCP was my immediate though was "this must be a GRC person".

gespenstern

si20 wrote: »

The security guy (let's call him Bob) was asking about the certs. "OSCP? I've never heard of it" (third red flag).

Well... yeah. Even non-security guys that I talk to, like server guys or network guys have heard of it. Huge red flag.

NetworkNewb

Just curious, why did you even apply to a job that you hate doing? Referring to security analyst position. Just for the shorter drive? Maybe its just because its my first job that deals specifically with security but I'm enjoying my Security Analyst position so far.

Sounds like those interviewers were pretty bad though! And lady sounded extremely annoying by her answer to the daily activities. Those answers deserve a blank stare with the "are you f**king kidding me" face.

Agree with others saying you could probably do pretty well on the other side of the pond.

bpenn

first red flag
second red flag
third red flag
forth red flag
fifth red flag

One more and I would have assumed you were at a specific amusement park!

In all seriousness, I feel for you on the job search. I have been looking for nearly a year now and havent been successful in the slightest. Keep your head up and definitely consider coming stateside. I know its a helluva life change but I have no doubt you could be successful here.

si20

NetworkNewb wrote: »

Just curious, why did you even apply to a job that you hate doing? Referring to security analyst position. Just for the shorter drive? Maybe its just because its my first job that deals specifically with security but I'm enjoying my Security Analyst position so far.

Sounds like those interviewers were pretty bad though! And lady sounded extremely annoying by her answer to the daily activities. Those answers deserve a blank stare with the "are you f**king kidding me" face.

Agree with others saying you could probably do pretty well on the other side of the pond.

The shorter drive was a massive plus for me. I spend 2 hours per day driving (that's if the traffic is good, sometimes it can be 2 hours 30 mins per day). With this job, I could have cut my driving down to around 40 mins total.

But it's honestly not a bad thing that I didn't get it; but the bigger problem is that I need to get something else - and soon. My current job is moving away and i'm absolutely not prepared to move with it (because it's so bad). I'm sure something will come up.

636-555-3226

If you don't mind coming over to the states for a little Yankee action, lots of security openings in my region go unfilled for month. Both large- and mid-sized cities have openings but nobody to fill them. Depending on company and skillset I'd say 90-100k USD (in my region, other regions vary greatly) for an experienced analyst at a big company. Give a few searches on dice.com for "security" or "cissp" for any area you may possibly be interested in. It's free and takes 5 minutes. Bonus points - US chicks love British accents.

jamesleecoleman

I would suggest to check out TrustWave's Spider Labs. Target is also hiring for Information Security. There are the last two that I've looked at but there are some more places like PWC to check out.

cyberguypr

I don't know about Spider Labs. I've read too many stories and hear a lot of first hand tales of the mess that the division is.

jamesleecoleman

I might have to do some research because I would like to apply for a job there.

UnixGuy

It's not just ITIL dude, corporate are full of people who do nothing...they talk and talk, send emails, go to meetings, more emails, more meetings, and some of them make 170K...they think they work. yeah, I can train a 15 yrs old to do their job in 2 weeks. I'm not even being sarcastic, so it's not just security, and it's not just ITIL.

Good luck with your job search....if someone ask you what is computer forensic again, ask them 'do you even know what a computer is?', again im not being sarcastic, don't be afraid of throwing comments like that...I did it.

alias454

UnixGuy wrote: »

if someone ask you what is computer forensic again, ask them 'do you even know what a computer is?', again im not being sarcastic, don't be afraid of throwing comments like that...I did it.

And how'd that work out for you? Seriously, i want to know the answer I bet it's a good story.

UnixGuy

alias454 wrote: »

And how'd that work out for you? Seriously, i want to know the answer I bet it's a good story.

It wasn't an interview it was a meeting and a business analyst was arguing with everyone about everything, then he asked what's a SAN storage, I asked him do you know what a wikipedia is? I moved on and continued the conversations with others, practically ignoring his presence and he was silent 'till the end of the meeting. He wasn't invited to other meetings.

We have a threshold for tolerating buffoons. I'm an extremely friendly guy btw, but if I'm going to a computer security interview and someone doesn't know what computer forensics is, then there is nothing to lose at that interview trust me.

alias454

"do you know what a wikipedia is" <- that made me smile

koenigss15

Don't go to the US. The skewed work life balance will wear you down. I got sick of having only two weeks off a year, so am planning on going back after 15 years in the South East.

techfiend

In general I'd agree EU has a better work/life balance than US and most other regions. There are some companies in the US that really care about it, I work for one. In my first year I get 18 PTO and 16 holidays while working in the office 25-30 hours a week and after hours work from home 2-5 hours a week. I wonder if many places in EU can match that when starting, I'll get +2 PTO days off each year I'm there with a maximum of 40.

NetworkNewb

koenigss15 wrote: »

Don't go to the US. The skewed work life balance will wear you down. I got sick of having only two weeks off a year, so am planning on going back after 15 years in the South East.

So you agreed to work for a company and receive 14 days PTO and are complaining about it??

This is like complaining about accepting a low salary and blaming the whole US because of it. Kinda funny in a sad way. At my company I start at 24 days PTO and after 10 years people get 39 days.

Iristheangel

koenigss15 wrote: »

Don't go to the US. The skewed work life balance will wear you down. I got sick of having only two weeks off a year, so am planning on going back after 15 years in the South East.

It really comes down to the kind of company you deal with. My last three jobs gave me 25+ days a year. I will say that we do tend to work longer hours and there are definitely some cons but there also tends to be greater opportunities as well. For example, the average security analyst job in the UK shows up as £47,500/$68,164 USD while in the US, the average tends to be $91,600. Not sure what the job opportunities and market is like in Europe but certain parts of IT also might have more openings and demand here than there.

Sorry you had a bad experience but it doesn't mean we all work for pennies and get no PTO.