Got a (verbal) job offer today! (Information Security)

boredgamelad · February 2013

I had an interview yesterday for an information security analyst position with the opportunity to move into an engineer/consultant role. Today I got the job offer over the phone from one of the interviewers who was on his way home; he said he wanted to share the news before the weekend and they would send me an offer letter next week. I'll be getting some awesome experience, great benefits and will making 10k more than what I'm making now.I'll share the full story of the interview and more details on the job once I've signed the offer letter.

Iristheangel · February 2013

Congratulations! Nice to see another WGU grad succeeding!

Keener · February 2013

Sweet! Congrats! Looking forward to hearing more next week.

boredgamelad · February 2013

I just sent back the offer letter today so I feel comfortable disclosing some more information about my experience. I applied for this job on the 17th, and I only met about 50% of the requirements. I sent them an AWESOME cover letter though, probably the best I've ever written. Totally customized for the position and I used it as an opportunity to show off some of my humor and passion. I'm certain the cover letter contributed to me getting noticed.

What was interesting was that a former co-worker of mine previously worked at this company, which I think worked in my favor. The guys I interviewed with were already familiar with the type of work I have been doing, and they liked my co-worker while he was there. Additionally, all three of them had heard of WGU or at least researched it before talking to me. Since much of their training involves self-directed learning they were impressed with my degree and said my previous experience as a self-studier would work in my favor for getting up to speed. I feel my WGU degree has already paid for itself at this point.

When it came to technical questions, we didn't go as deep as I had anticipated, but we went through a lot. The questions came so fast I hardly had time to finish explaining an answer before the interviewer asked the next question. I got some basic stuff like what are these port numbers, what is a VPN, what information do you need to build a VPN, what steps would you take when given a project to set up two Cisco ASAs at a customer site, etc. Again, the questions came so fast I can't really remember them all but once we got out of my depth they stopped and the lead interviewer (who I later learned is the president of the company) said he had a pretty good feel for where I was at. As a side note, two of the people I interviewed with are CISSPs and the third might be as well (his LinkedIn is private so I couldn't find out).

As far as the job itself, it's a bit of everything security. The company hires itself out to various Fortune 1000s in the area for all types of security consulting from physical and technical penetration testing to compliance and security audits, to web access and perimeter firewall security. They were looking for someone with more app development background so they could train them as a pentester but they saw my skill set as a good foundation upon which to build my pentesting and other skills from the ground up. They said I'd be put on several projects at any given time and that if I found a calling in any of the areas they specialize in that there would be vendor training and certification along those lines.

I only asked two questions during the interview when given the opportunity. "Is there anything you've seen or heard so far that would make you hesitant to hire me?" For the record I felt this was an awesome question to ask and would definitely do so again. It put the interviewer on the spot for once and gave me some honest feedback, which is nice to get. If I hadn't got the job at least I'd have an idea why and what I could improve on. The interviewr said one thing that would make it a tough learning curve for me was that I had mostly process-based experience and would have to adapt to a much more dynamic environment. He also cited the previous statement about me not having much app/development experience but stressed that my strength with the fundamentals was important to him.

"When you hire me, what role do you see me fitting into initially?" was the other question. Another great one, worded in such a way that it makes it sound like you've already got the job. They told me a bit about the salary structure and said I'd likely come in as an analyst, so a step above an associate and below an engineer. The starting pay for those roles is more or less fixed so they told me the number right out and it was 10k more than I'm making now.

They ended the interview by telling me that they really liked my answers, thought I was a good personality fit for the team, and that they'd contact me the next day. I hadn't heard back by late afternoon so I sent a thank-you e-mail to the three people I interviewed with at around 4. About 20 minutes later my new supervisor called to tell me that they were offering me the analyst position mentioned during the interview. It sounds like their goal is to fast track me to a consultant position if I've got the chops for it, so of course I'm excited.

Other benefits aside from pay include fully employer-paid health/dental/medical (for individual), 401k, 3 weeks' paid vacation, and 10 days off between Christmas and New Year's (they're closed over that break period). Mostly normal working hours with some after hours pentesting and up to 10-15% travel. The insurance being paid will mean my 10k raise is actually more along the lines of 12k (it's cheaper for my wife and future daughter to stay on her insurance). And on top of all that, it'll only add about 10 minutes to my existing 20 minute commute

.

I know no job is perfect and they all come with their own problems to deal with, but everything so far has pointed to this being a great opportunity and step forward in my career. As a point of note, this is the first time in my life that I will have moved from one job to another without being unemployed in between. It's a great feeling to know that the effort I've been putting in these last 4-5 years is finally starting to pay off.

za3bour · February 2013

Excellent news, congratulations and good luck with the new job

boredgamelad · February 2013

Officially put in my resignation letter today! The new job starts in 3-4 weeks, depending on when our daughter decides to show up. The new company wants me to take any paternity leave I might need (I planned on ~10 days total) before starting, so they were willing to push my start date back a few weeks, but want me no later than the week of March 4th. The old company is willing to let me keep my end date flexible as long as I give them two weeks of work starting from today, but the last possible day I'll work here is the 28th.

Dakinggamer87 · February 2013

Congrats on new job!!

cgrimaldo · February 2013

Congrats!

NOLAJ · February 2013

That's awesome. Congrats!!

log32 · February 2013

Congratulations mate!

coreyb80 · February 2013

Congrats!

tpatt100 · February 2013

My old job was closed between Christmas and New Years. That is a great benefit because it saves your vacation for other stuff lol.

Congrats and good news.

boredgamelad · February 2013

So I just did the math and between what I was making last year at this time and my new salary, my pay will have risen a total of 62.5% in a year! Now to repeat the same for next year

burfect · February 2013

Congrats!

If you don't mind me asking, what was your position/line of work previous to this, and how did you find yourself coming across this opportunity?

boredgamelad · February 2013

My first IT job was one I fell into. Five years ago this month, I started working customer service for a web development company that sold web space to apartment communities, just a job to help me get through school. After about 6 months it was clear they needed an office gopher. Someone to take care of password resets, mapping network drives, print server access, building/upgrading PCs, etc., while the actual sysadmin worked on projects like setting up their DR site and untangling the network mess left behind by the previous sysadmin. I was in school to get my AA in computer networking at the time so it worked out pretty well. During that time I also got my Net+ and Security+.

I had to move on when I relocated in 2009. I wasn't interested in having an 80 minute commute for $11.50/hour, especially while I was still in school. Between that job and my current one I worked a few gigs here and there. I set up a small office network for a guy selling Nintendo Wiis out of a warehouse. I fixed a few PCs and did some Geek Squad-level work cleaning up viruses and spyware. Nothing permanent, just temp jobs. Some weeks I made nothing, some weeks I made $90, my best week I made $600. I was in school and just picking up random jobs on Craigslist so I didn't know what to charge or really how to go about freelancing. Probably could have charged more in hindsight.

In 2010, I got my current job doing network security monitoring in a SOC. They were looking for someone with Net+ and Sec+ and a 2 year degree, which fit me to a T. Pretty basic stuff to start; monitoring device up/down, analyzing security alerts, etc. After about 6 months I was moved into a dedicated role doing availability monitoring so I was responsible for monitoring and troubleshooting all device status including HA failovers, VPN down, etc. before escalating to tier 2. I would resolve any issues that were in my ability to fix and escalate everything else. During this time I made my ambition to move into an engineer role known and got my CCNA. I started working a few tickets outside my normal expertise with the approval of my supervisor and graduated with my AA during this time.

Late 2012, all that monitoring work got shipped back overseas. Not really outsourced since we're actually Japanese-owned, just consolidated in Asia where the HQ is. Of the five people left on the US monitoring team I was initially the only one who was offered to stay on as an engineer, and given a hefty bump in pay (15k). I've been in that role since August, which is the same month I started at WGU. I finished my degree in January, and applied for this job about a week later through a posting on Indeed.com.

Hypntick · February 2013

Congrats on the new role!

That's a heck of a story there on everything, sounds like everything is working out perfectly for you!

boredgamelad · March 2013

So far, it's not really what I expected. I've been with the company two and a half weeks and I haven't touched much technical wise. I've billed a lot of hours writing documentation (business requirement docs, project planning docs, penetration testing summary docs... snore) for senior consultants, and have received little training on pentesting aside from a handful of Power Point slides that go over basic methodology and being given a pair of virtual machines to play with but no real direction on what they want me to accomplish or how to accomplish it. I'm a bit disenchanted with the experience as it doesn't seem to match up with what I expected to be doing. I didn't get hired to be a technical writer; I dont have a problem writing documentation for work I've actually done but this grunt work stuff is getting old fast. The fatigue I've got from staring at Microsoft Word all day and having a newborn in the house has left me feeling pretty down about things so far.

I have a one-on-one with my supervisor on Thursday so I hope to bring up some of the issues I've been having. It could be that this is just what I'm doing now because there's no other work to do, or because I'm new, or maybe there's more technical work coming down the pipe so I just need to bide my time, but I'm not really sure if this is the right fit for me anymore. If I have to write this much every week I will probably go insane.

It's entirely possible I just feel like this because I'm tired, so I'm willing to stick around and see how things go. But my initial impression has left me less excited than I anticipated.

webgeek · March 2013

Edit: to the original post

Congrats! Sounds like an awesome employer!

Edit to your post above mine....I would stick it out and make the best of it

Mike-Mike · March 2013

sorry it's not turning out how you hoped...

it will be interesting to see how your employer responds to you. Strong possibility since you're new you get the lame work.

This is the first time I've read this thread, so I'm commenting on older stuff, but thanks for posting all those details. It's nice to see how someone goes from point A to point B. That SOC jobs sounds cool, like the NOC job I have now, but cooler

Hypntick · March 2013

Can't speak for security, but 2.5 weeks sounds about right for a testing period. I know my first couple of weeks here all I did was look at server alerts for 8 hours a day, maybe they want to be certain you can handle the grunt work before trusting you with more in depth things.

bub9001 · March 2013

Congrats on the job offer, all that hard work is paying off.

FloOz · March 2013

Congrats on your new position! I myself will be sharing my new job once its all finalized

I don't want to jynx myself

cyberguypr · March 2013

Definitely too early to tell. Let's see how that one-on-one goes. It will be a perfect opportunity to clarify the direction you'll be heading.

Corrsta · March 2013

Definitely let us know how your meeting turns out... I'm in a very similar situation with my current employer right now... They basically have me doing a lot of mundane, repetitive tasks with the prospect of eventually moving on to more interesting things in the future...

lsud00d · March 2013

Also FTR sometimes when you start you come in during a downswing so there might be projects on the horizon that you haven't been privy to at this point. Just keep up the good work, it should turn around soon enough!

boredgamelad · March 2013

Thanks everyone. I'm definitely going to give it at least 6 months and see if things improve. The owner of the company has mentioned a few times that everybody's first month can feel kind of directionless and slow. I just didn't expect it to be this slow, I guess. More than anything I posted last night out of frustration; spending 6 hours copying and pasting the same executive summary in and out of a dozen documents that all seem to have the same content will do that to you. I'm willing to stick it out but I'm keeping my eyes open all the same.

boredgamelad · April 2013

boredgamelad wrote: »

I'm definitely going to give it at least 6 months and see if things improve.

After today's events I am not so sure about this anymore.

I have been working on the same documentation since last week; it's finally coming together and I should be off that project soon enough. In the mean time I've been going through some penetration testing study on my own time, trying to familiarize myself with the OWASP Top 10, common tools and methodology, etc. etc. and I'm feeling pretty good about my progress considering how little time I've had at work and at home to study/lab. Today I sit down for a meeting with the pentesting lead to discuss my progress/show him what I've learned and he tells me that he's disappointed I haven't picked things up faster and that he's hesitant to send me out on a pentest I was chosen to do a few weeks from now. He cited the fact that the other two people in my group both picked it up faster than me, disregarding the fact that I'm not nor have I ever been a programmer (they both are/were). Most of the stuff I'm seeing I'm literally seeing/hearing about for the first time in my life.

I feel pretty disconnected as a result of this whole thing. I know I have the drive and motivation to succeed with this company but I find the level of support from those around/above me to be lacking. I don't want or expect someone to hold my hand and say here this is how everything is done but I feel like I've been dumped in an ocean and nobody will point me towards land. The owner actually told me that if I feel like I don't know enough about web application testing to go out and buy a stack of web application testing books and lock myself in a room for 4 weeks learning it inside and out. Which is, you know, totally realistic for someone with a newborn at home. At the rate I'm going I think I'd need a good year before I'd be really up to speed on the most common vulnerabilities/systems. But what really hurt was being told that I was a disappointment after a handful of informal training sessions. Talk about a confidence booster.

t3ch_guru · April 2013

boredgamelad wrote: »

After today's events I am not so sure about this anymore.

I have been working on the same documentation since last week; it's finally coming together and I should be off that project soon enough. In the mean time I've been going through some penetration testing study on my own time, trying to familiarize myself with the OWASP Top 10, common tools and methodology, etc. etc. and I'm feeling pretty good about my progress considering how little time I've had at work and at home to study/lab. Today I sit down for a meeting with the pentesting lead to discuss my progress/show him what I've learned and he tells me that he's disappointed I haven't picked things up faster and that he's hesitant to send me out on a pentest I was chosen to do a few weeks from now. He cited the fact that the other two people in my group both picked it up faster than me, disregarding the fact that I'm not nor have I ever been a programmer (they both are/were). Most of the stuff I'm seeing I'm literally seeing/hearing about for the first time in my life.

I feel pretty disconnected as a result of this whole thing. I know I have the drive and motivation to succeed with this company but I find the level of support from those around/above me to be lacking. I don't want or expect someone to hold my hand and say here this is how everything is done but I feel like I've been dumped in an ocean and nobody will point me towards land. The owner actually told me that if I feel like I don't know enough about web application testing to go out and buy a stack of web application testing books and lock myself in a room for 4 weeks learning it inside and out. Which is, you know, totally realistic for someone with a newborn at home. At the rate I'm going I think I'd need a good year before I'd be really up to speed on the most common vulnerabilities/systems. But what really hurt was being told that I was a disappointment after a handful of informal training sessions. Talk about a confidence booster.

I'm really sorry to hear that he said you were a disappointment. Try not to take it personal and use it as fuel to work harder and prove them wrong. You may have a lot to learn, but that is what makes IT fun is because of the challenge. Keep at it and you will do just fine.

N2IT · April 2013

Nice work

zeroth · April 2013

boredgamelad wrote: »

But what really hurt was being told that I was a disappointment after a handful of informal training sessions. Talk about a confidence booster.

Perhaps they're employing the "tough love" strategy in an attempt to motivate you. For what it's worth, getting to be involved in pentesting at any level is what many would consider a dream job and being told that you aren't living up to expectations could be nothing more than a test of your mettle. You have to remember that many did not learn these skills on-the-job, they were driven by passion and curiosity to claim that knowledge on their own. I know what it's like to have a newborn in the house and I certainly sympathize with your plight. But I would submit that even though this situation feels unreasonable to you now and perhaps too much to bear, if working in Infosec is something you truly care about this would be the time to push your limits and prove your detractors wrong. I suspect that's what they're aiming for. If they aren't, what will you have lost by making the effort other than a small portion of your sanity? Your ability to cope with tedium is something your employer obviously has a vested interest in, and what better way to test that than to give you the documentation work that has to be done but that no one wants to do? I'm working off of many assumptions here, so I could be far off the mark, but I would say the best way to gain the respect and trust of your colleagues is to simply prove them wrong.

Good luck, I hope it works out for you.

Sponx · April 2013

Congrats on the new job; however, I am sorry to hear about the struggles you're having there. They shouldn't be training you in this type of fashion, I don't know if it's because you're the new guy or because they think 'tough love' is going to get them the best person for the job. Try sticking it out for at least 6 months, and if you can.. Well, move on to another company that takes pride in the people they hire and wants them to succeed to help their company succeed.

Dang, with your certification/knowledge you should be able to get whatever you want out of a company! Don't let this get you down.

Good luck!

Got a (verbal) job offer today! (Information Security)

Comments