Just failed an interview for a cyber security engineer....

lewis2018lewis2018 Member Posts: 27 ■■■□□□□□□□
I just got rejected for a cyber security engineer job on the basis that I did have enough IDS/IPS/Firewalls and Proxy experience

can anyone advise on additional certifications related to IDS/IPS/Firewalls and Proxies which I can get to demonstrate this experience?

I already have my CCNA R&S, Security + and I'm part way through my MCSA and Linux+

I had a look at CCNA Sec but I wasn't sure if this covered all these technologies from the exam topics

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    I think the first sentence meant to read “did NOT have enough”. I don’t think any specific cert will help you here. This is one of those things that you need to lab in depth so you can talk about it and make up for the lack of experience.

    If I interview somebody with no experience in IDS/IPS but they tell me “well, I’ve labbed with security onion, created a few rules in Snort like <insert rule here>, created a little script to kick off X thing upon the rule firing, etc.”. Do you see how this changes things? No cert can do that.
  • lewis2018lewis2018 Member Posts: 27 ■■■□□□□□□□
    Yes indeed I did, unfortunately I cant edit it either!

    hmm then perhaps I need to find a decent source for labs to do this sort of thing
  • devilbonesdevilbones Member Posts: 318 ■■■■□□□□□□
    lewis2018 wrote: »
    Yes indeed I did, unfortunately I cant edit it either!

    hmm then perhaps I need to find a decent source for labs to do this sort of thing
    There is a book called Building Virtual Machine Labs: A Hands-On Guide by Tony Robinson. He describes how to set up a great virtual lab and configure all the pieces you are looking to get experience in. You will also set up a pentesting area and you can log the attacks or view them in real time.
  • Tekn0logyTekn0logy Member Posts: 113 ■■■■□□□□□□
    lewis2018 wrote: »
    I just got rejected for a cyber security engineer job on the basis that I did have enough IDS/IPS/Firewalls and Proxy experience...

    It would be a failure if you did not understand why you didn't get the job. So, in that regard, are you certain that your experience was the only issue? Did you practice for the interview? Did you go through an agency or apply cold? Engineering would imply that you have a skill set that demonstrates the ability to design and solve problems, IMHO, CCNA and Sec+ seem light in that regard. However I know a number of "engineers" that haven't nary a certification but have countless years solving problems with major unknowns. What questions were you asked that you can honestly state that you knew the material and gave a sound reply? Any questions that you were not able to give a clear answer on?
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    GIAC GCIA may help, but don't overstress. It was just a single occasion. The way I feel it firewalls/NIDS/NIPS are slowly losing their prominence primarily because of encryption (and some virtualization). Firewalls are from 90s. Not that many jobs here.

    These days I'd invest most into incident response and various threat defense skillset.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    The CCNA Cyber Ops labs (official ones) have given me slightly more of a hands-on taste of IPS/IDS (Security Onion/Snort/Bro/ELSA) than I got out of the CySA+ labs (through Cybrary). Neither really gave me enough hands-on experience that I'd count it on a resume or in a job interview. I don't think a cert exists that could be a substitute for this particular flavor of on the job experience.

    My rule #1 is never go full retail for a SANS course/cert. Get your job to go full retail or figure out a work-study arrangement.

    I'm going through the CCNA Cyber Ops now and it feels like a boot camp for level-1 SOC analysts. The training emphasizes that engineering tasks like creating firewall rulesets is something more advanced and beyond the scope of the cert FYI.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • lewis2018lewis2018 Member Posts: 27 ■■■□□□□□□□
    Thanks to all of you for your input. Luckily there is another position for the same job coming up in 6 months time so I shall prepare for that quite intensely.

    That book building virtual machine labs a hands-on guide looks very good
  • DatabaseHeadDatabaseHead Member Posts: 2,760 ■■■■■■■■■■
    What's your background previously?
  • lewis2018lewis2018 Member Posts: 27 ■■■□□□□□□□
    Im currently a systems engineer, I work mostly with small to medium sized networks. I got really into it about two years a go when I started working with secure infrastructure and decided I wanted to build my career around it
  • NHStudentNHStudent Member Posts: 21 ■□□□□□□□□□
    Hack into their firewall and then send them an email asking if they want a demo of what you are capable of.. just kidding, don't do that but..

    One caution on feedback you may be provided during interviews as to why you are not further considered is that you may/may not get the truth as to why. Some jobs are just filling interview spots and there is "someone" special that is also being considered and in some cases, there is not job. Cases are obviously friends, like an H1B extension whereby they are trying to retain a visa for a non-us citizen they have to prove out that there is nobody local with the experience required.

    Not saying what you heard was not genuine but I know for a fact that this kind of garbage goes on.

    Witnessed a very sr. exec want to hire a friend for an entry level security position. Waitress with no experience, degree in us history and 1 information security course. Other candidate had Masters in cyber, couple of worthy certs, and had with 1 year experience working for a government contractor on a risk/security project. Flaw found with better candidate from exec made no sense and feedback from others who participated were all on the same page with who the actual better candidate was. Made me sick.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    NHStudent wrote: »
    Witnessed a very sr. exec want to hire a friend for an entry level security position. Waitress with no experience, degree in us history and 1 information security course. Other candidate had Masters in cyber, couple of worthy certs, and had with 1 year experience working for a government contractor on a risk/security project. Flaw found with better candidate from exec made no sense and feedback from others who participated were all on the same page with who the actual better candidate was. Made me sick.

    Happens everywhere and all the time...

    https://www.psychologytoday.com/us/blog/fighting-fear/201406/its-not-what-you-know-its-who-you-know
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Not sure what level that cyber security engineer position required, but based off your certs (only because I do not know your wrk experience) I can say you probably need to look for a junior security position.

    I guess its safe to conclude you are just starting out based on your comments that you have no IDS/IPS/Proxy experience?

    If you want some experience in IDS/IPS I would suggest going through this book and doing all the labs. It is a bit dated but the concepts still hold. It is based off Security Onion.
    The Practice of Network Security Monitoring: Understanding Incident Detection and Response

    I would also recommend some type of blue team material to understand and know some Incident Response concepts.
    Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
    Incident Response & Computer Forensics, Third Edition 3rd Edition
    Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems 3rd Edition

    For web proxy, lab and learn how to setup IPFire. Going through this lab and setup will give you the idea and experience of opensource firewalls, web proxies, vpn gateways in general.
    https://www.ipfire.org

    Spend 6-12 months doing all these and you will be more than ready for not only a junior position but a regular engineer position as well. Just know that you won't be the only candidate and some guys will have more recognized certifications. So you should look at getting a couple more security related certs too.

    Either way, you have to do the work and lab to gain experience in these topics. Goodluck!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    If the hiring manager wanted professional, hand-on netops or secops experience with firewalls/proxies then books and certs and home labs won't cut it. They need you to hit the ground running and not learn on the job.
  • DatabaseHeadDatabaseHead Member Posts: 2,760 ■■■■■■■■■■
    JDMurray wrote: »
    If the hiring manager wanted professional, hand-on netops or secops experience with firewalls/proxies then books and certs and home labs won't cut it. They need you to hit the ground running and not learn on the job.

    Yeah I am finding labs are good to continue to build knowledge that I learned on the job (where I have a strong base), but in regards to applying new tech to an enterprise, forget about it.

    Just my experiences........
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    I am lucky in the position I am in now. Only had lab experience with firewalls/switches/routers etc. I have learned more on the job how to configure routers/switches. So much I have learned on the Palo Alto firewalls and so much more to learn. In 2 weeks, I will go to Juniper training. I need to pinch myself sometimes.
    Never let your fear decide your fate....
  • SaltyHashesSaltyHashes Member Posts: 33 ■■■□□□□□□□
    OP -- I wouldn't worry too much about one terrible interview.

    I got my ass grilled in an interview a few years ago for a firewall position at a local hospital and it helped me identify what I didn't know.

    I was fresh out of my graduate program where my skills were in cyber response and identifying, not directly managing firewalls.

    Even with a graduate degree in Digital Forensics, I needed to learn more about networking and security. I used GI Bill to go back to school in an undergrad program, got CompTIA and Microsoft certs, and immediately after I got my Security+, I was pulling in interviews.

    Even though this training was as the Associates level, they were teaching skills that catered towards employers. I studied my ass off and in subsequent interviews, I nailed the questions which I remember being asked in that interview that I tanked.

    I landed at the employer where I work today and couldn't be happier as an engineer making 30K more than the salary offered at that hospital.

    Pick yourself up, and move on to the next interview. You got this.
  • infosecsinfosecs Member Posts: 48 ■■□□□□□□□□
    I wish we had setups like the ones mentioned by you in this post available commercially so one could practice faster. Installations and trouble shooting are fun but can also be daunting.
    chrisone wrote: »
    Not sure what level that cyber security engineer position required, but based off your certs (only because I do not know your wrk experience) I can say you probably need to look for a junior security position.

    I guess its safe to conclude you are just starting out based on your comments that you have no IDS/IPS/Proxy experience?

    If you want some experience in IDS/IPS I would suggest going through this book and doing all the labs. It is a bit dated but the concepts still hold. It is based off Security Onion.
    The Practice of Network Security Monitoring: Understanding Incident Detection and Response

    I would also recommend some type of blue team material to understand and know some Incident Response concepts.
    Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
    Incident Response & Computer Forensics, Third Edition 3rd Edition
    Practical Packet Analysis, 3E: Using Wireshark to Solve Real-World Network Problems 3rd Edition

    For web proxy, lab and learn how to setup IPFire. Going through this lab and setup will give you the idea and experience of opensource firewalls, web proxies, vpn gateways in general.
    https://www.ipfire.org

    Spend 6-12 months doing all these and you will be more than ready for not only a junior position but a regular engineer position as well. Just know that you won't be the only candidate and some guys will have more recognized certifications. So you should look at getting a couple more security related certs too.

    Either way, you have to do the work and lab to gain experience in these topics. Goodluck!
Sign In or Register to comment.