Would I be lying to say my helpdesk experience is security experience? (need advice)
I’ll try not to make this into a huge post, but basically in my eyes I kind of looked at my experience being 1 ½ years of IT Security Experience and 4 years of Helpdesk experience… but when I really look at it I think that's wrong so I need your advice. I lost my job a few weeks ago due to a company merger so I’m really trying to make my resume stand out as much as possible being a security focused resume.
The more I think about it, the more I feel I should be able to say I have 5 years of security experience based on those 2 positions alone. My original thoughts were that I couldn’t say I had 5 years of security experience because that helpdesk position wasn’t a dedicated security position… but does that really matter? That must account for something right? There was a lot of security that I did while in that position.
· Managed 2FA through RSA. Creating, revoking, and resetting tokens.
· Active Directory – We created accounts. Also unlocked, reset, and disabled them.
· We controlled delegate access to documents and Outlook
· If people had a virus on their computers, we were the first to respond in many cases. Could be a virus… could be a suspicious email or file.
Those are just examples and I’m sure I’ll think of more later (we supported over 100 law firms that used all types of different things, so I’ll need to really dig deep and remember what we used). I really want to present myself as someone who is valuable as a security analyst and I don’t want the 4 years of helpdesk experience to just be for nothing… but at the same time I don’t want to lie about my experience if in the eyes of most people I don’t really have that it. I personally think a lot of my helpdesk experience would also qualify as security experience (I feel like there was a lot of access management and security incident response). Obviously, my whole job wasn’t dedicated to security, but again… that shouldn’t matter right?
I’ve attached 2 copies of my resume. "Current" being what I use now
and "Revised" being what I’m thinking of changing it to say. This also matters for the
CISSP. I can come up with stuff that I did while in the helpdesk position that would
probably qualify as being within 2 of the 8 domains. Again, I’m not trying to
stretch the truth (or possibly lie)… but I don’t want to sell myself short either. Am I over thinking this?