I work for this company and I want to apply for a position they posted, but im new

Ritual · July 2016

Ok I work as an entry level IT support technician for a fortune 10 company.

I just started working there a couple of weeks ago. So far I really like it. Naturally I want to progress upwards in the company so I have been learning about their IT divisions and what kind of jobs they post, etc.

I took this job purely for experience and to get my foot in the door, as of a month ago I have never worked in IT. In the last 4 months I have obtained my Network+, A+, Security+ and I am studying for my Windows 10 MCSA, and the Linux Foundations certification. I am also going to pursue my eJPT and eCPPT hopefully in the next 6-8 months.

I saw this job posting https://jobs.cvshealth.com/job/-/-/5770/2198750 and I was really trying to figure out what I can do in the next 6 months to a year that will best prepare me for applying.

I cant get the CISSP because you need years of experience to sit for the exam, is the CISM worth getting?

Should I stop going for my MCSA and start obtaining qualifications for this particular job? Its one they post often and they have a lot of positions open for. I really really want to break into doing something Security related.

TheFORCE · July 2016

I like how they put 1+years of experience but then list CISSP and CISM. CISM has the same work experience requirements just like CISSP, so you wont be able to do that.

What is your current role? Based on that description they want someone not necessarily entry level but someone more junior. Learn what that team does and try to get some knowledge transfer from the people on that team, make them friends and volunteer to help them out, this way they will notice your efforts. Next time the job is posted, you can apply for it. Based on what you have provoded so far though you probably don't qualify for the role. Just keep learning Windows and audit and compliance processes. You need some experience for that role.

Ritual · July 2016

@=TheFORCE;

It is their corporate headquarters, Its about 15 massive buildings with thousands of employees.

I wouldn't even know where the division was, what building it was, or who to ask.

the building I work is their dedicated It support building. Basically hundreds of people making sure all the pharmacy's and store's are up and running. Its a giant call center. We just remote into everything, their pharmacy's and stores are clones of each other all using the same servers, phones, POS systems, etc.

The good news is they hire internally for most of their positions, I am just not sure exactly what I could do to prepare myself for the job because like you said, the CISM and CISSP are something you need years of experience to obtain. Yet the job is only asking for a years worth of experience.

iBrokeIT · July 2016

Ritual wrote: »

Yet the job is "entry level".

What makes you think that is an entry level job?

Judging by the certifications requested and job description, it appears far more likely they forgot a 0 after 1 in "1+ years of experience in IT Security" than they are looking for someone with only 1 year of IT experience.

Ritual · July 2016

Bad choice of words on my part,

I should of said something potentially obtainable in a year from now.

It very well could be a typo but they have other postings for that job with Senior in the title that only require 5 years of experience.

junilinux · July 2016

It looks like certs hunter as for just 4 months you could get 3 IT certification, it's so great but not great at all. This kind of thing could lead to a position that you are just a person who could archive as many as certification as possible but no work experiences. The certs could somehow make the interviewer impressed at the first sight but after a few questions, they would ignore what experiences you got till that time.
So, basically, I think you should focus on what you're doing, on your work to gain lots experiences as you want. This should be an important step to prepare for applying any job you desire in the future

Ritual · July 2016

Fair enough. I did computer programming beforehand so I am not "new" to computers, The certifications were more a validation of knowledge then they were the "start of my knowledge pursuit".

This job is exactly that, an experience builder. What better way than with a large company doing Tech Support. Just today I was inside their "mock" server rooms where they train employees. 100,000$+ server's that do nothing other then act as something to play with.

tmtex · July 2016

TheFORCE wrote: »

I like how they put 1+years of experience but then list CISSP and CISM. CISM has the same work experience requirements just like CISSP, so you wont be able to do that.

.

I see this all the time, not for sec stuff specifically but major demand of numerous certs with 1 yr exp and they pay nothing along with entry level

Is this in Dallas ? CVS is big time, you have been there a few weeks and want to move out of your current job you were hired with no experience to a WAY more experienced position. Do you even know what SOX is other then the small bit on sec +. Experience with HIPAA , PCI ? No you don't, not yet! Do your current job for a year while gaining all the other certs you have. Mingle with Sec guys but don't be annoying to them! Make friends not now but down the road show interest in the Dept. Again do NOT annoy them.
IMO if you try for this you will have a bulls eye on your back for elimination. As others said I think a 0 is missing from that 1 yr experience.

TheFORCE · July 2016

This would be considered entry level for someone that has some IT experience already and wants to go into the GRC role, but this position is not entry level that someone fresh out of college can do. This role requires experience in GRC and audit methodologies, besides, this would probably not be a technical role, probably more administrative type role dealing with vendors and doing assessments and verifying SSAE16's. You definitely need prior experience. It mentions strong PM skills too, i wonder how much this job pays, with all these requirements and advertised as entry level.

Ritual · July 2016

@=tmtex

Haha so true.

Its hard to not want to approach a new career at lightspeed.

Cyberscum · July 2016

If you want to be in security then shoot for it...certs and all.

You can go CISSP associate and shoot for some entry sec jobs.

I know people here generally advise people to stay at a job and learn this and that, but I believe that if you have a direction you want to go...go for it.

Sure it will be hard, statistically unrealistic and you will have to compete with people with tons of exp, but sometimes hiring officials look past experience and hire a person who is driven and exciting.

I know a few sec guys that had little actual hands on IT exp, but had amazing interpersonal and project management skills and have done well in the sec arena.

If you see a path, shoot for it.

My advice is to get your CISSP and CEH; as those are the latest buzz certs and try your chances at a sec role. I know that will not be popular advise, but its what I would do in your position.

TechGromit · July 2016

Ritual wrote: »

Just today I was inside their "mock" server rooms where they train employees. 100,000$+ server's that do nothing other then act as something to play with.

Chances are they are older servers, few companies buy new equipment without a specific purposes in mind for them. They might have been worth 100k when they were new, but you can pick up a pretty good an older server for around a grand.

Ritual wrote: »

I saw this job posting "Https address" and I was really trying to figure out what I can do in the next 6 months to a year that will best prepare me for applying.

We can't see the job posting, it's probably only displayed if you looking at it from your internal network, can you tell us what the qualification requirements are?

the_Grinch · July 2016

Truthfully? You really can't "spell" security just yet. I'd encourage you not to apply at this point because you lack the experience to be truly effective. A couple of months on a help desk doesn't put you in a position to audit or secure anything. I think the game plan you laid out is something you should stick to. How do you audit a Windows Server if you have never set one up or administered one? Since we can't view the job posting feel free to substitute which ever technology you like for the aforementioned example. Now before people come jumping in and say "plenty of auditors have never done that" you are correct. Does that make them a good auditor? Not at all. The number one problem with auditing is that people falsely believe that compliance equals security and it doesn't. Think of it this way, how many companies that were PCI compliant experienced breaches exposing millions of credit card numbers?

In one of my legal courses my professor once said "a Supreme Court decision sets the floor for law, you can always go above it and do more, but you can't do less". The same should be said for compliance and audits. This is the bare minimum you should be doing, but doesn't mean you can't go above and beyond it. I know during the course of my investigations companies quickly realize that their mere compliance is not enough. You will see it in their faces when I sit down and begin asking them questions in the wake of an incident. Those who go beyond compliance can answer questions that are relatively simple, those who don't either have a "deer in the headlights" look or begin to stumble on their words trying to find the answer.

Take this time to focus on a technology and become an expert in it. You can tack on security related studies and certifications along the way as I would suggest perhaps alternating certifications (thus one cert in a technology and one in security). With a year of experience you could do SSCP, though I would say become an Associate of ISC2 and go right for the CISSP. A lot of things will fall into the experience realm such as the Security+ which buys you a year. You'll have plenty of time to get the experience and get the full cert.

Ritual · July 2016

Heck I still have the deer in the headlights and shaky speech doing basic things that I know fluently.

Everyday gets easier and more comfortable.

You dont want to mess up and it's like being in school again trying to get the star from the teacher on your report card. Its been a lot of fun though.

I'm going to stick with the MCSA, I'm close to finishing that. And get my Linux Foundations certification. I was going to get the RHCSA but I was eyeballing the Azure certification which has LCFS as a requirement. I also enjoy the neutrality of it. I think Red Hat licensing prices are outrageous. Even their certification's cost a lot more money then everybody else's.

I enjoy programming so I thought the best certifications to get would be some of the more practical exams on pentesting (eCPPT, OSPF). The SSCP seemed to be sort of like an enhanced version of the Security+. It looked almost redundant for someone with my experience.

The CISSP looks neat and I'm sure getting an associate level certification would help out, I'm looking for more instant gratification. I can always take the CISSP later on.

Danielm7 · July 2016

Can't see the actual job description, can you post some of the requirements outside the certs you listed?

Sometimes, no matter what else is required, there are some goofy requirements. A few months ago we were looking for a jr security person, the recruiter added CISSP, CISM, CCNA/CCNP/CCIE, etc. I called him on it immediately as the other requirements weren't anything close to that, he said "I just do that to get in the search engines". Because of that we ended up getting resumes all over the map.

tmtex · July 2016

Looks like it was filled/taken down. That link took you right to it. My guess is they had to re write it LOL

TheFORCE · July 2016

Here is the posting
https://www.linkedin.com/m/job/136707606/

tmtex · July 2016

TheFORCE wrote: »

Here is the posting
https://www.linkedin.com/m/job/136707606/

This job is no longer accepting applications

Ritual · July 2016

600 people from techexams probably applied for it

Good luck to everyone.

I picked up my Microsoft vouchers, going to set a date soon.

I work for this company and I want to apply for a position they posted, but im new

Comments