Information security professionals - Please help me gain escape velocity

Braintrust
Please help me gain escape velocity from my Tech Support past.
I worked for a very broad role for almost 15 years for one organization. The job was primarily tech Support (My job title was technical Support Analyst) but also involved Networking very heavily. However I never asked them to change the title.
The job also involved lot of Systems Adminstration. - Again I never requested a title change.
later on it also ivolved network Security, Physical security and Information Security. Sadly I left the job with same title - technical Support Analyst and am paying the price now.
I have lots of Cybersecurity certifications Sec+/CCNA+CCNP (security)/CISSP / Cyber Ops etc. so getting past HR is not a problem for me. As I got a nice package, I used it to bulk up on picking several other skills, hands on experience and vendor certifications. I am labbing heavily to get lot more knowledge in the areas where I think I am weak..
I have just started testing waters by submitting resumes. I am not in a hurry to pick up any job but ideally would prefer a hybrid job involving 60% GRC and 40% technical in a bank or similar large prganization.
The response has not been exactly earth shattering as I had expected. I have applied to several jobs but received few interviews so far from the financial institues that I want to work for. The cyber security employers seem to be very picky about specific skills. The interviewers focus on what I have done rather than what i can do or know. I have been involved with cybersecurity for 9 years, covered lot of ground but never deep dived into any one speciality - examples Governace or penetration testing involving hundreds of coputers or not having worked on Fortinet, palo Alto Firewalls (only worked on cisco asa), no hands on expereince with DLP, Never written long TRA reports etc. Cybersecurity was a component of my job not the entire job. And its becoming a serious stumbling block.
I have been told that not having Security in last job title is going to be a problem. And having technical support in title will reduce my chances even further.
So I am in a pickle now and need advise as to how do I fix the following two problems:
1. Job title not relecting cyber, Network or information security at all.
2. Lack of intense, in-depth technical and non technical experience

Should I pick up any security related job for short term contract and forget about getting a plum position for now? Doing so will mean I will lose out on employment insurance benefits. and most likely it will be a SOC based depressing job with lower income than what I had hoped for.

Or should I keep on trying for another month or two before chalking up plan B and what would that be?
What would you do if faced with a similar situation?

Find more posts tagged with

Comments

infosecs

Accepting a short term contract with right title and requirements seems to be easiest and sure shot IMHO.

cemen777

Hi Kapital,
Thanks for your post. It seems you know a lot and have solid experience. That is awesome!
I m in the market for IT Sec job myself and have no luck. My job title is IT Tech. My internal employee has no interest in helping me to job shadow with Security team therefore I have to look outside of company I work for and as I said it is tough to find a job with job title other than Cyber Security Analyst or something it that nature. I have 2 contractors and no help either. Dead. No calls, no interviews. That is typical Corporate America theses days. It does not matter how good you are but who you know.
In your case I would try any offer even short term contract with "solid" job title. Sometimes we have to take a step back to get 2 steps forward in future.
Also have you checked https://www.cybrary.it/ "CAREERS". Might be helpful.
Good luck!

jwdk19

I am also l looking to transition into an infosec position.

I've received a few leads around the Raleigh, NC area but that is currently a little too far of a commute unless I could get a SOC role that would afford a 3/4 day a week drive.

My wife and I are contemplating moving closer to the RTP area when our current lease ends.

636-555-3226

I'd say maybe start small and work your way up. Pick a small or mid-sized org and get a few years under your belt working towards your end goal. After you that required experience, start looking around for the upgrade you want now.

Kapital

cemen777 wrote: »

Hi Kapital,
Thanks for your post. It seems you know a lot and have solid experience. That is awesome!
I m in the market for IT Sec job myself and have no luck. My job title is IT Tech. My internal employee has no interest in helping me to job shadow with Security team therefore I have to look outside of company I work for and as I said it is tough to find a job with job title other than Cyber Security Analyst or something it that nature. I have 2 contractors and no help either. Dead. No calls, no interviews. That is typical Corporate America theses days. It does not matter how good you are but who you know.
In your case I would try any offer even short term contract with "solid" job title. Sometimes we have to take a step back to get 2 steps forward in future.
Also have you checked https://www.cybrary.it/ "CAREERS". Might be helpful.
Good luck!

yes it is true that connections are very important now a days, even more than what you know. I know of a guy who could not find anything even after having 10+ years experience but landed a job effortlessly due to his contacts

Kapital

jwdk19 wrote: »

I am also l looking to transition into an infosec position.

I've received a few leads around the Raleigh, NC area but that is currently a little too far of a commute unless I could get a SOC role that would afford a 3/4 day a week drive.

My wife and I are contemplating moving closer to the RTP area when our current lease ends.

Transition to infosec is quite challanging despite all the non sense about talent shortage. Recruiters throw away resumes before even bothering to try to understand the skill set of candidates unless one is working in same industry at same post.

soccarplayer29

Since your responsibilities have evolved during your 15 years I'd suggest presenting them differently on your resume.

For example, update your experience section and group your responsibilities by roles. This way you still indicate that your official job title and you can emphasis specific skills and your broad experience.

Company X (2012-201
Technical Support Analyst

Summary (2-3 sentences) on your career there.

Role 1 (e.g., Systems & Network Adminstration)

Role 2 (e.g., GRC Security Analyst)

Role 3 (e.g., Vulnerability Engineer)

Kapital

soccarplayer29 wrote: »

Since your responsibilities have evolved during your 15 years I'd suggest presenting them differently on your resume.

For example, update your experience section and group your responsibilities by roles. This way you still indicate that your official job title and you can emphasis specific skills and your broad experience.

Company X (2012-201
Technical Support Analyst

Summary (2-3 sentences) on your career there.

Role 1 (e.g., Systems & Network Adminstration)
xyz

Role 2 (e.g., GRC Security Analyst)
xyz

Role 3 (e.g., Vulnerability Engineer)
xyz

hmmmm. Thats a good suggestion. Allows me to sort of itemize skills and experience in buckets.
or perhaps mention all the different experience but not mention the title at all or make one up.

Kapital

Anyone else has any other "creative" suggestions?

NetworkNewb

Try and focus on what you do cyber security related in your interviews. Don't lie, but just talk about all the security tasks you do. Make it sound like it is what you do with most of your time there. Go into details about the tasks... Have a couple stories that relate to your security tasks ready to tell... If you are getting interviews it isn't your title holding you back.

Same goes for your resume. Focus on your security related tasks

paul78

@OP - you have a pretty interesting background. Can you describe the type of company you used to work at? Size and industry? It sounds like you are already doing infosec work. I think that NetworkNewb's suggestion is great. And if you lay out your resume like that - it is probably going to be easier for someone to read it.

Since you are getting interviews already, it also sounds like you are well on your way. Are you currently working or did you separate from your company recently? Does that come up in interviews? Perhaps that's an issue that may need to be addressed.

I see that you are interested in joining a financial services firm. Have you consider a consulting and advisory firm instead? Given your broad background, that could be interesting to consulting firms. Perhaps you can try companies like NCC Group or Herjavec.

Good luck in your job search!

Kapital

I worked for a very large technology firm with well 100000 employees worldwide in a very broad position covering Desktop/ Network and Information Security as well Networking, Technical trouble shooting, systems Adminstration etc. I was let go due to national restructing which was exactly what i was hoing for. I am gettinginterview calls but with this much knowledge and this many certs I had hoped to be gobbled up within a month (LOL)...well the month is past already (sigh)

paul78 wrote: »

@OP - you have a pretty interesting background. Can you describe the type of company you used to work at? Size and industry? It sounds like you are already doing infosec work. I think that NetworkNewb's suggestion is great. And if you lay out your resume like that - it is probably going to be easier for someone to read it.

Since you are getting interviews already, it also sounds like you are well on your way. Are you currently working or did you separate from your company recently? Does that come up in interviews? Perhaps that's an issue that may need to be addressed.

I see that you are interested in joining a financial services firm. Have you consider a consulting and advisory firm instead? Given your broad background, that could be interesting to consulting firms. Perhaps you can try companies like NCC Group or Herjavec.

Good luck in your job search!

jwdk19

Kapital I have right at 14 years experience. Half of which is DoD/Military. From desktop support, helpdesk, tech control ops, sys admin, vulnerability remediation...IAVA's TSP's, DIACAP, etc. Etc. None of my position titles contained the word "security" etc. Current title is Systems Analyst (ICS to a small degree, desktop support, network support, sys admin)

Ive noticed better response once I modified my resume with a focus on Infosec duties that I've performed in those roles.

Im sure that my resume still needs more revision but highlighting the infosec tasks/projects/duties seems to be helping quite a bit.

beads

If looking beyond your immediate market is a possibility then do so. Security is really a major market field despite everyone needing some sort of InfoSec but your not likely to find a security in say Jam, Michigan or some other completely obscure place in America. Ask your existing InfoSec team about career paths and where they started. That may give you some insight as to what your local market is like.

Infosecs has it right. The fastest path would be a short term contract or two but this may mean traveling to another market, if not state for a while.

IT, in particular InfoSec has always been difficult to break into but we can all enjoy the instant high of shortage of qualified qualified InfoSec people. Much like sniffing glue in a bag. Same effect. Instant rush only to crash a short term later (*sarcasm*). No, never "huffed" glue but have seen the effects.

Kapital

jwdk19 wrote: »

Kapital I have right at 14 years experience. Half of which is DoD/Military. From desktop support, helpdesk, tech control ops, sys admin, vulnerability remediation...IAVA's TSP's, DIACAP, etc. Etc. None of my position titles contained the word "security" etc. Current title is Systems Analyst (ICS to a small degree, desktop support, network support, sys admin)

Ive noticed better response once I modified my resume with a focus on Infosec duties that I've performed in those roles.

Im sure that my resume still needs more revision but highlighting the infosec tasks/projects/duties seems to be helping quite a bit.

Thanks, good to get some encouragement. My expereince so far has not been that great but there may be other things at play. Also I think having a large number of experienced information security professionals in a smaller urban area pretty much kill chances of someone whose title is not going to go through the damned ATS scanner

Kapital

beads wrote: »

If looking beyond your immediate market is a possibility then do so. Security is really a major market field despite everyone needing some sort of InfoSec but your not likely to find a security in say Jam, Michigan or some other completely obscure place in America. Ask your existing InfoSec team about career paths and where they started. That may give you some insight as to what your local market is like.

Infosecs has it right. The fastest path would be a short term contract or two but this may mean traveling to another market, if not state for a while.

IT, in particular InfoSec has always been difficult to break into but we can all enjoy the instant high of shortage of qualified qualified InfoSec people. Much like sniffing glue in a bag. Same effect. Instant rush only to crash a short term later (*sarcasm*). No, never "huffed" glue but have seen the effects.

beads
you do have very strong point. I have seem recruiters and companies souding far more receptive in smaller, remote loacations where they are not getting 200 applicants per job post or not getting enough experienced people.
You are right about Infosec being difficult market to break into. But why is it so? I understand one can make a newbie or less experienced applicant incharge of Infosec ops but why not let them in for future grooming? I guess infosec is considered to be expensive cost centre so everyone wants to get the max milage out of it