Interviewing for a position with stale experience

jermdawgjermdawg Member Posts: 3 ■□□□□□□□□□
Hey all,

I may be interviewing for a position that relies on a skillset (infosec) that I've really lapsed in for the past 5 years since working at my current position (QA). I have a background in both but especially since I started my current position (since 2016), I've been heavily if not all focused on QA. The context of this is that I'm working on a team that is technically in the infosec space but I'm more on the development side and pretty strictly QA which has had very little to do with actual infosec practices. I haven't kept current with certs that I obtained years ago (when I was more involved in infosec) and current 'applied' experience just isn't there; part of me sort of lost 'interest' in the infosec arena over the years as I've only really been doing QA but I feel it would be a good thing to get back into it.

Any suggestions on how to approach the interview/discussion with all this in mind? I'm not exactly sure how to respond/proceed when they realize that I've had very little actual involvement in the infosec space for the past 5 years (which is a pretty long time). 

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,168 Admin
    edited January 21
    Your situation is very similar to programmers who move into Software Quality Assurance (SQA) positions and then their resume gets "stale" for hands-on programming work experience. Because you have no recent InfoSec experience to flaunt, you must emphasize skills and experience that you do have that a hiring manger might find useful to an InfoSec team. Such skills may include writing documentation, customer service skills (for running incident meetings), project management, maintaining Blue Team security devices (SIEM), and understanding basic coding practices for reading/writing IPS rules and SIEM content. If you have a diverse set of these skills, and are going for a lower-level salary position, the hiring manager may see you as a bargain in getting the skills of several employees in one. Also, apply for as many InfoSec job openings as you can. Even if you need to take a non-InfoSec position and move into an InfoSec team later, you just need to get your foot into the door to start earning that experience again anyway that you can.
  • jermdawgjermdawg Member Posts: 3 ■□□□□□□□□□
    Thanks! Great advice. I'll have to try to conjure something up :) I'm kind of in a place where I'm not highly motivated and lack confidence overall, especially as it pertains to interviewing.
    As far as salary, I'm thinking it may end up very well being a salary cut which I'm not sure if it would be wise to weather at the moment. 
  • yoba222yoba222 Senior Member Member Posts: 1,225 ■■■■■■■■□□
    Maybe I misread, but if you're not all that interested in infosec, are you sure it's a good idea to be applying for an infosec position?
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • jermdawgjermdawg Member Posts: 3 ■□□□□□□□□□
    edited January 22
    yoba222 said:
    Maybe I misread, but if you're not all that interested in infosec, are you sure it's a good idea to be applying for an infosec position?
    I think when I said "lost interest" I meant it in the context of more so the low-level more hands-on stuff which I *thought* I wanted, particularly when I was in positions where I was doing more of it (or at least exposed to more of it). To begin with, a lot of that kind of stuff is another form of problem solving and troubleshooting, which I enjoy, but is also very draining to me (while it's fun to really get into it and dig into problem sets and figure out things, it's mentally exhausting). At the same time there can be a lot of pressure to perform (like finding lots of things during pen tests and producing great reports from vuln assessments etc), which doesn't interest me so much. I think for me the interest is greater at a higher level if anything these days. Don't get me wrong, finding XSS and potential SQL Injection vulns in webapps is a 'fun' thing to do every now and then, but being on a timeline to find as many vulns as I can is a completely different playing field. So basically pen testing is not high up on my list as far as interest goes (ironically, I have certs for but little experience due to that lack of interest). I guess if anything I'm more interested in an 'analyst' type role. The role I'm applying for sounds like it could be more up that alley. But my overall experience has just been lacking.
Sign In or Register to comment.