Would I be lying to say my helpdesk experience is security experience? (need advice)

PseudonymousPseudonymous Member Posts: 78 ■■■□□□□□□□

I’ll try not to make this into a huge post, but basically in my eyes I kind of looked at my experience being 1 ½ years of IT Security Experience and 4 years of Helpdesk experience… but when I really look at it I think that's wrong so I need your advice. I lost my job a few weeks ago due to a company merger so I’m really trying to make my resume stand out as much as possible being a security focused resume.

The more I think about it, the more I feel I should be able to say I have 5 years of security experience based on those 2 positions alone. My original thoughts were that I couldn’t say I had 5 years of security experience because that helpdesk position wasn’t a dedicated security position… but does that really matter? That must account for something right? There was a lot of security that I did while in that position.

Examples:

·         Managed 2FA through RSA. Creating, revoking, and resetting tokens.

·         Active Directory – We created accounts. Also unlocked, reset, and disabled them.

·         We controlled delegate access to documents and Outlook

·         If people had a virus on their computers, we were the first to respond in many cases. Could be a virus… could be a suspicious email or file.

Those are just examples and I’m sure I’ll think of more later (we supported over 100 law firms that used all types of different things, so I’ll need to really dig deep and remember what we used). I really want to present myself as someone who is valuable as a security analyst and I don’t want the 4 years of helpdesk experience to just be for nothing… but at the same time I don’t want to lie about my experience if in the eyes of most people I don’t really have that it. I personally think a lot of my helpdesk experience would also qualify as security experience (I feel like there was a lot of access management and security incident response). Obviously, my whole job wasn’t dedicated to security, but again… that shouldn’t matter right?

I’ve attached 2 copies of my resume. "Current" being what I use now and "Revised" being what I’m thinking of changing it to say. This also matters for the CISSP. I can come up with stuff that I did while in the helpdesk position that would probably qualify as being within 2 of the 8 domains. Again, I’m not trying to stretch the truth (or possibly lie)… but I don’t want to sell myself short either. Am I over thinking this?

Thoughts?


Certifications: A+, N+, S+, CCNA: CyberOps, eJPT, ITIL, etc.

Comments

  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    I'd put 4 years of helpdesk experience where I did all these security related tasks. I personally dislike when someone comes and says they have X years in something and when you probe it seems they just padded their resume. If I can't trust you to be honest on your resume, why would I let you near all the security holes in my org?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Its gonna be up to whoever reads the resume on how highly they hold the "experience"...  I wouldn't hold back on applying to position based on the experience they ask for anyways.   If you want a position apply for it, the worst they can do is ignore it.  

    As far as the CISSP it does not matter what your title of your position was.   Only if you had the required experience in 2 domains.

    Yes, you are overthinking this :) 
  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    In the summary section I state I'm a Security Engineer with x number yrs of progressive IT experience. That way I combine all experience without appearing dishonest. 
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • PseudonymousPseudonymous Member Posts: 78 ■■■□□□□□□□
    I wouldn't hold back on applying to position based on the experience they ask for anyways. If you want a position apply for it, the worst they can do is ignore it.
    You're right. I need to keep telling myself that. There's a lot of positions I didn't apply to that I wanted just because I didn't meet all the requirements.

    mikey88 said:
    In the summary section I state I'm a Security Engineer with x number yrs of progressive IT experience. That way I combine all experience without appearing dishonest. 
    I like it. Definitely sounds more honest to me.


    Certifications: A+, N+, S+, CCNA: CyberOps, eJPT, ITIL, etc.
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited July 2019
    I don't see a problem with the way you worded your resume. Looks good to me. Besides, all that really matters is can you actually walk the walk. Plenty of security analysts out there who have formally held security analyst job titles for many years and they suck.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    I think your first resume is accurate and portrays what you actually have. If I'm hiring for a mid+ level security employee and you apply with "over 5 years of security experience" but it's really only 1, I'm going to see that in about 3 seconds and realize you're trying to bluff your way in. The helpdesk examples of resetting tokens and passwords might qualify for ISC2 "security experience" but most people in the working world know that's standard helpdesk stuff. 

    You're last job is legit security experience, I say paint it as progressive IT > security experience and apply away, no point in trying to trick people where it's pretty obviously not accurate. i'm all for painting the best picture and such but it should be honest at the same time. 
Sign In or Register to comment.