Just failed an interview for a cyber security engineer....

lewis2018

I just got rejected for a cyber security engineer job on the basis that I did have enough IDS/IPS/Firewalls and Proxy experience

can anyone advise on additional certifications related to IDS/IPS/Firewalls and Proxies which I can get to demonstrate this experience?

I already have my CCNA R&S, Security + and I'm part way through my MCSA and Linux+

I had a look at CCNA Sec but I wasn't sure if this covered all these technologies from the exam topics

cyberguypr

I think the first sentence meant to read “did NOT have enough”. I don’t think any specific cert will help you here. This is one of those things that you need to lab in depth so you can talk about it and make up for the lack of experience.

If I interview somebody with no experience in IDS/IPS but they tell me “well, I’ve labbed with security onion, created a few rules in Snort like <insert rule here>, created a little script to kick off X thing upon the rule firing, etc.”. Do you see how this changes things? No cert can do that.

lewis2018

Yes indeed I did, unfortunately I cant edit it either!

hmm then perhaps I need to find a decent source for labs to do this sort of thing

devilbones

lewis2018 wrote: »

Yes indeed I did, unfortunately I cant edit it either!

hmm then perhaps I need to find a decent source for labs to do this sort of thing

There is a book called Building Virtual Machine Labs: A Hands-On Guide by Tony Robinson. He describes how to set up a great virtual lab and configure all the pieces you are looking to get experience in. You will also set up a pentesting area and you can log the attacks or view them in real time.

Tekn0logy

lewis2018 wrote: »

I just got rejected for a cyber security engineer job on the basis that I did have enough IDS/IPS/Firewalls and Proxy experience...

It would be a failure if you did not understand why you didn't get the job. So, in that regard, are you certain that your experience was the only issue? Did you practice for the interview? Did you go through an agency or apply cold? Engineering would imply that you have a skill set that demonstrates the ability to design and solve problems, IMHO, CCNA and Sec+ seem light in that regard. However I know a number of "engineers" that haven't nary a certification but have countless years solving problems with major unknowns. What questions were you asked that you can honestly state that you knew the material and gave a sound reply? Any questions that you were not able to give a clear answer on?

gespenstern

GIAC GCIA may help, but don't overstress. It was just a single occasion. The way I feel it firewalls/NIDS/NIPS are slowly losing their prominence primarily because of encryption (and some virtualization). Firewalls are from 90s. Not that many jobs here.

These days I'd invest most into incident response and various threat defense skillset.

yoba222

The CCNA Cyber Ops labs (official ones) have given me slightly more of a hands-on taste of IPS/IDS (Security Onion/Snort/Bro/ELSA) than I got out of the CySA+ labs (through Cybrary). Neither really gave me enough hands-on experience that I'd count it on a resume or in a job interview. I don't think a cert exists that could be a substitute for this particular flavor of on the job experience.

My rule #1 is never go full retail for a SANS course/cert. Get your job to go full retail or figure out a work-study arrangement.

I'm going through the CCNA Cyber Ops now and it feels like a boot camp for level-1 SOC analysts. The training emphasizes that engineering tasks like creating firewall rulesets is something more advanced and beyond the scope of the cert FYI.

lewis2018

Thanks to all of you for your input. Luckily there is another position for the same job coming up in 6 months time so I shall prepare for that quite intensely.

That book building virtual machine labs a hands-on guide looks very good

DatabaseHead

What's your background previously?

lewis2018

Im currently a systems engineer, I work mostly with small to medium sized networks. I got really into it about two years a go when I started working with secure infrastructure and decided I wanted to build my career around it

NHStudent

Hack into their firewall and then send them an email asking if they want a demo of what you are capable of.. just kidding, don't do that but..

One caution on feedback you may be provided during interviews as to why you are not further considered is that you may/may not get the truth as to why. Some jobs are just filling interview spots and there is "someone" special that is also being considered and in some cases, there is not job. Cases are obviously friends, like an H1B extension whereby they are trying to retain a visa for a non-us citizen they have to prove out that there is nobody local with the experience required.

Not saying what you heard was not genuine but I know for a fact that this kind of garbage goes on.

Witnessed a very sr. exec want to hire a friend for an entry level security position. Waitress with no experience, degree in us history and 1 information security course. Other candidate had Masters in cyber, couple of worthy certs, and had with 1 year experience working for a government contractor on a risk/security project. Flaw found with better candidate from exec made no sense and feedback from others who participated were all on the same page with who the actual better candidate was. Made me sick.

NetworkNewb

NHStudent wrote: »

Witnessed a very sr. exec want to hire a friend for an entry level security position. Waitress with no experience, degree in us history and 1 information security course. Other candidate had Masters in cyber, couple of worthy certs, and had with 1 year experience working for a government contractor on a risk/security project. Flaw found with better candidate from exec made no sense and feedback from others who participated were all on the same page with who the actual better candidate was. Made me sick.

Happens everywhere and all the time...

https://www.psychologytoday.com/us/blog/fighting-fear/201406/its-not-what-you-know-its-who-you-know

chrisone

Not sure what level that cyber security engineer position required, but based off your certs (only because I do not know your wrk experience) I can say you probably need to look for a junior security position.

I guess its safe to conclude you are just starting out based on your comments that you have no IDS/IPS/Proxy experience?

If you want some experience in IDS/IPS I would suggest going through this book and doing all the labs. It is a bit dated but the concepts still hold. It is based off Security Onion.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response

I would also recommend some type of blue team material to understand and know some Incident Response concepts.
Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
Incident Response & Computer Forensics, Third Edition 3rd Edition
Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems 3rd Edition

For web proxy, lab and learn how to setup IPFire. Going through this lab and setup will give you the idea and experience of opensource firewalls, web proxies, vpn gateways in general.
https://www.ipfire.org

Spend 6-12 months doing all these and you will be more than ready for not only a junior position but a regular engineer position as well. Just know that you won't be the only candidate and some guys will have more recognized certifications. So you should look at getting a couple more security related certs too.

Either way, you have to do the work and lab to gain experience in these topics. Goodluck!

JDMurray

If the hiring manager wanted professional, hand-on netops or secops experience with firewalls/proxies then books and certs and home labs won't cut it. They need you to hit the ground running and not learn on the job.

DatabaseHead

JDMurray wrote: »

If the hiring manager wanted professional, hand-on netops or secops experience with firewalls/proxies then books and certs and home labs won't cut it. They need you to hit the ground running and not learn on the job.

Yeah I am finding labs are good to continue to build knowledge that I learned on the job (where I have a strong base), but in regards to applying new tech to an enterprise, forget about it.

Just my experiences........

scaredoftests

I am lucky in the position I am in now. Only had lab experience with firewalls/switches/routers etc. I have learned more on the job how to configure routers/switches. So much I have learned on the Palo Alto firewalls and so much more to learn. In 2 weeks, I will go to Juniper training. I need to pinch myself sometimes.

SaltyHashes

OP -- I wouldn't worry too much about one terrible interview.

I got my ass grilled in an interview a few years ago for a firewall position at a local hospital and it helped me identify what I didn't know.

I was fresh out of my graduate program where my skills were in cyber response and identifying, not directly managing firewalls.

Even with a graduate degree in Digital Forensics, I needed to learn more about networking and security. I used GI Bill to go back to school in an undergrad program, got CompTIA and Microsoft certs, and immediately after I got my Security+, I was pulling in interviews.

Even though this training was as the Associates level, they were teaching skills that catered towards employers. I studied my ass off and in subsequent interviews, I nailed the questions which I remember being asked in that interview that I tanked.

I landed at the employer where I work today and couldn't be happier as an engineer making 30K more than the salary offered at that hospital.

Pick yourself up, and move on to the next interview. You got this.

infosecs

I wish we had setups like the ones mentioned by you in this post available commercially so one could practice faster. Installations and trouble shooting are fun but can also be daunting.

chrisone wrote: »

Not sure what level that cyber security engineer position required, but based off your certs (only because I do not know your wrk experience) I can say you probably need to look for a junior security position.

I guess its safe to conclude you are just starting out based on your comments that you have no IDS/IPS/Proxy experience?

If you want some experience in IDS/IPS I would suggest going through this book and doing all the labs. It is a bit dated but the concepts still hold. It is based off Security Onion.
The Practice of Network Security Monitoring: Understanding Incident Detection and Response

I would also recommend some type of blue team material to understand and know some Incident Response concepts.
Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
Incident Response & Computer Forensics, Third Edition 3rd Edition
Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems 3rd Edition

For web proxy, lab and learn how to setup IPFire. Going through this lab and setup will give you the idea and experience of opensource firewalls, web proxies, vpn gateways in general.
https://www.ipfire.org

Spend 6-12 months doing all these and you will be more than ready for not only a junior position but a regular engineer position as well. Just know that you won't be the only candidate and some guys will have more recognized certifications. So you should look at getting a couple more security related certs too.

Either way, you have to do the work and lab to gain experience in these topics. Goodluck!