General IT Experience counted as Cyber Experience?

GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, SplunkMember Posts: 315 ■■■■□□□□□□
Today I had an interview with HR at a company I was interested in. The topic of years of experience and salary came up. I have 15+ years of IT experience, including helpdesk, network admin, network design/consulting, and cybersecurity. I was surprised the person in HR didn't consider the general IT experience as what she called "cyber" experience. What do you all think? If you are a hiring manager would you consider IT experience specifically applicable to a cybersecurity job (information security job)? In other words if there was a job that asked for 7 years of experience, would it be acceptable for me to include my years of IT in the count?


  • stryder144stryder144 Senior Member Member Posts: 1,672 ■■■■■■■■□□
    Yes, especially if it is cyber "adjacent": building secure networks, provisioning user accounts and verifying that the permissions/groups are correct, etc.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 315 ■■■■□□□□□□
    Hi Stryder! That's what I thought. I'm not sure she understood that IT experience helps to build the foundation for security. If you don't understand the basics of networking, for example, how could you defend it?
  • shochanshochan Member Posts: 932 ■■■■■■□□□□
    Ya know, cybersecurity type jobs were not that plentiful back say 5-10yrs ago...Sure they were out there, but were not called that specific terminology per se.  Majority of the cybersecurity jobs I have seen want 10+yrs of IT experience, not necessarily all cybersecurity exp.  I believe if someone has been in IT for over 10yrs that has done some sort of hardened of a server/wkstn/router/switches/etc, which would mean some sort of security experience in my mind, but that's only my opinion...

    2020 Goal ~ Linux+
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 315 ■■■■□□□□□□
    Thank you Shochan! That's a good point. There weren't that many "cyber" jobs 10 years ago, at least not like there are today. 
  • E Double UE Double U Member Posts: 1,715 ■■■■■■■■■□
    Interesting topic. I would consider  some"general" IT experience as information security to a degree because many functions within IT have a security component. It seems some people are simply looking for the word security in the job title or team name without focusing on the actual work. For example, at a previous employer the InfoSec team took over responsibility of firewall management from the networking team. Would you say that InfoSec started doing networking or had the networking team been performing an security task? 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • SteveLavoieSteveLavoie Member Posts: 826 ■■■■■■■□□□
    Too many HR department focus on the job title. IMO, most IT Security job should have at least 5 years or general IT support/networking/administration before being considered for a security job (in a infrastructure IT Security job).  
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,749 Admin
    I would stay away from orgs looking for people with "cyber experience." That is a pop-culture buzzphrase that suggests an org not really knowing what it is needing for information security people. If an org's job posting (or an HR rep) doesn't use industry-standard terminology then they are short on more than just security people.
Sign In or Register to comment.