General IT Experience counted as Cyber Experience?

GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, SplunkMember Posts: 317 ■■■■□□□□□□
Today I had an interview with HR at a company I was interested in. The topic of years of experience and salary came up. I have 15+ years of IT experience, including helpdesk, network admin, network design/consulting, and cybersecurity. I was surprised the person in HR didn't consider the general IT experience as what she called "cyber" experience. What do you all think? If you are a hiring manager would you consider IT experience specifically applicable to a cybersecurity job (information security job)? In other words if there was a job that asked for 7 years of experience, would it be acceptable for me to include my years of IT in the count?


Comments

  • stryder144stryder144 Senior Member Member Posts: 1,675 ■■■■■■■■□□
    Yes, especially if it is cyber "adjacent": building secure networks, provisioning user accounts and verifying that the permissions/groups are correct, etc.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    Hi Stryder! That's what I thought. I'm not sure she understood that IT experience helps to build the foundation for security. If you don't understand the basics of networking, for example, how could you defend it?
  • shochanshochan Member Posts: 935 ■■■■■■□□□□
    Ya know, cybersecurity type jobs were not that plentiful back say 5-10yrs ago...Sure they were out there, but were not called that specific terminology per se.  Majority of the cybersecurity jobs I have seen want 10+yrs of IT experience, not necessarily all cybersecurity exp.  I believe if someone has been in IT for over 10yrs that has done some sort of hardened of a server/wkstn/router/switches/etc, which would mean some sort of security experience in my mind, but that's only my opinion...


    2020 Goal ~ Linux+
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    Thank you Shochan! That's a good point. There weren't that many "cyber" jobs 10 years ago, at least not like there are today. 
  • E Double UE Double U Member Posts: 1,750 ■■■■■■■■■□
    Interesting topic. I would consider  some"general" IT experience as information security to a degree because many functions within IT have a security component. It seems some people are simply looking for the word security in the job title or team name without focusing on the actual work. For example, at a previous employer the InfoSec team took over responsibility of firewall management from the networking team. Would you say that InfoSec started doing networking or had the networking team been performing an security task? 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • SteveLavoieSteveLavoie Member Posts: 851 ■■■■■■■■□□
    Too many HR department focus on the job title. IMO, most IT Security job should have at least 5 years or general IT support/networking/administration before being considered for a security job (in a infrastructure IT Security job).  
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,846 Admin
    I would stay away from orgs looking for people with "cyber experience." That is a pop-culture buzzphrase that suggests an org not really knowing what it is needing for information security people. If an org's job posting (or an HR rep) doesn't use industry-standard terminology then they are short on more than just security people.
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    Interesting @JDMurrayNow that I think of it, I don't believe this company was heavy into security. I think they are more into development. Not that those 2 are mutually exclusive. :) My bet is they are just now trying to incorporate security into their development. 

    That company didn't have anything for me, but right after that I was offered a federal position that I'm considering. It's a cybersecurity job very similar to what I'm currently doing. I haven't officially accepted it yet as I'm still not sure. I have no experience with public sector jobs.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,846 Admin
    Public sector (government) jobs pay less than the equivalent private sector (commercial) jobs, but they may have better benefits, retirement, and other perks than what you might be seeing now in the private sector market. You can get the best of both worlds by working for a private sector company that is a government contractor, such as most aerospace companies are. Government contracts and clearances with private sector pay and usually good benefits too.
  • GeekyChickGeekyChick CISSP, CEH, CCNA, Sec+, Splunk Member Posts: 317 ■■■■□□□□□□
    Yes, you're right. I'm working as a contractor now and it's not bad. I wasn't even looking for a government job exactly. There was a particular "project" I was interested in and this came open. I'm still kind of on the fence. I'm waiting to see what they can do salary-wise before I decide. Have you worked as a govie?
Sign In or Register to comment.