Security Analyst Job Advice for passionate security noobs

One day a recruiter calls me and asks if am in the job market and interested in a security position (security analyst for a cyber company). Requirements was an entry level tech with little to no experience but who has a passion for security. I couldn't believe this at first and I felt like I hit the lottery because situations like this don't happen for ppl with little to no experience. This company was supposed to train you from the ground up. I have 3 years of support experience and just a BS in CIS and getting into security has been my dream.

So fast forward I get the job interview which went really well. I was told that I made it to the next round which was awesome!!! Then I received an email with instructions on taking a personality assessment. I took it without concern but little did I know it would ruin my chances of getting a shot at the job. The next day I received an email stating that the company was no longer interested in me because my assessment results showed that I wouldn't be the best fit (culture wise) for the company. I was so bummed out that I literally felt like crying

. This had to be my worst day so far this year. I feel like I was robbed in the opportunity to show what kind of person I really am and that I felt like I found home to grow and be successful.

Now, I know sobbing isn't going to get me anywhere. I'm here genuinely asking an honest question and hope other people learn and take honest good advice for someone trying to get into a security position. What recommendations do you have as far as certifications, labs, skills, and programs/learning centers? I have tons of video content on security and a network lab. I'm open to any kind of advice.

Thanks,

Peter

Find more posts tagged with

Comments

McxRisley

Well where I recently worked, all you need to be an Information Assurance Analyst(or remediation Analyst as it was called there) was a Security + and some kind of OS cert (could even be an MTA cert, hence the random MTA cert under my name lol). This job was a DoD contracting position and I know they are always taking applications. If you are willing to relocate I would suggest going to either the CSRA website or Obsidian Global website and apply once you have met the 2 requirements above.

Starting with the Security + is always my recommendation for newcomers to security. It will give you a tatse of the knowledge required and may help you decide on exactly which area of secutity you want to work in (because there are a ton of different areas). I hope this helps, good luck!

CJWelch89

McxRisley wrote: »

Well where I recently worked, all you need to be an Information Assurance Analyst(or remediation Analyst as it was called there) was a Security + and some kind of OS cert (could even be an MTA cert, hence the random MTA cert under my name lol). This job was a DoD contracting position and I know they are always taking applications. If you are willing to relocate I would suggest going to either the CSRA website or Obsidian Global website and apply once you have met the 2 requirements above.

Starting with the Security + is always my recommendation for newcomers to security. It will give you a tatse of the knowledge required and may help you decide on exactly which area of secutity you want to work in (because there are a ton of different areas). I hope this helps, good luck!

McxRisley I'm looking to change jobs within the next few months. In the space of 3 years I've gone from 1st Line > 2nd Line > Applications Support. My current job has taken a huge step down in regards to how technical it is. It's more a service management type role.

I'm re-certifying my Security+ on Sat which renews my other CompTIA certs and then I'm starting the eJPT. Once I've got that Cert I'm going to start applying for junior/entry-level security positions with my long term goal being a career in penetration testing/red team.

I've had a quick browse for Information Assurance jobs in my area and there are a few, do you recommend this job type as a starting point in Info Sec? Are there any jobs you could recommend? Bearing in mind I have no degree and only entry level certificates I know the competition is going to be stiff.

Thanks.

McxRisley

Well it really depends on what exactly it is you wana do. My first security job was as a Remediation Analyst which entailed many things. Vulnerability scanning and patching, STIGs, sys Admin work, some help desk type trouble tickets. I did a little bit of everything. I would just apply for any and every job that you see that you might be interested in. The worst thing that could happen is that you get an interview and you dont get the job BUT what you will get is an idea of what future interviews will be like and what companys are looking for.

jfitzg

Those personality tests are a joke, have basically zero scientific backing. Even if they did, a self administered personality test is a joke for a number of reasons. Look at it this way, do you really want to work for a company who is run by people stupid enough to think a self administered personality test can actually gauge someone's personality? I would have walked away from that company the moment they requested me to take one.

kiki162

I've only had to do a personally test in an interview once. Frankly I thought it was pointless, but some company's have that out there. Personally, I wouldn't worry about it if I were you. Think about it like this, you have your BS in CIS and 3 years of support exp. What exactly were the requirements for this job? Look at other SA positions out there, and see what skills are required. Usually, you need to have experience as a sysadmin (SA) or network admin (NA). Depending on what type of exp you currently have, think about what really interests you, and look at going for a SA or NA role next. Once you get a few more years under your belt, you'll be in a better position to get a security analyst role.

As far as certs go, you could do it a couple of different ways. Getting your MCSE and/or CCNA will put you in a good position. Depending on who you ask in here, you'll get several opinions on which patch to take, but this will certainly help.

Security+ > MCP > MCSA > MCSE
Security+ > Network+ > CCENT > CCNA

Once you get your MCSE and/or CCNA, getting your CISSP would be ideal. However that's not going to completely disqualify you from a security analyst role. Look at getting SSCP or a GIAC certification (where your employer pays for that training). Also look at getting into Linux, as many infosec companies look for people /w Linux experience. Look at https://linuxacademy.com/ for some good/inexpensive material.

p@r0tuXus

I took one of these personality tests when requested by HR, as the VP wanted me to be assessed. I was all ready working the job and had just gone salaried. I was told the management wanted to set a baseline personality type for the role for future applicants. That made me feel pretty good, especially since the result was reasonably flattering.

pngb4

Thanks for that info, this looks very interesting. I'll definitely take a look at both these websites. Yea I heard the Security + is a good start.

Thanks,

Peter

pngb4

Kiki162, I'm interested in the CCNA however how much would it help me for an entry level infosec security position? Would you recommend first going for the Sec + like you outlined? Do you know if the Certified Ethical Hacker cert has as much or more value than the Sec +?

Thanks for the advice and link to the linuxacademy site.

Thanks,

Peter

SaSkiller

If I was hiring, I wouldn't really care about a CCNA. It is nice, and makes me think you understand networks, but I'm always more interested in security certs.

CJWelch89

That's good to know SaSkiller, thanks. I've always had an interest in networking and have studied on and off for the CCNA but recently have switched purely to security focused study as I'm hearing what you're saying more and more.

Just about to enrol on the eJPT