Job Listing Cert Questions

S

Sovereign

2[H]4U
Joined
Mar 21, 2005
Messages
3,098
I, like many here, have had computers as a hobby for a long time. That said, I don't have the paper to prove it.

I came across a job listing at a company where I know someone and have applied through this person/am in contact with the hiring manager. Said hiring manager is out of town until next week. That individual also was hired with, from what I understand, very little direct experience in network security (like me) since he used to work the job I am applying for.

At any rate, the qualifications desired are 0-2 years of experience in IT security. I figure as far as making "foundation" arguments (that is, I know what Group Policy is, can secure basic wireless networks--i.e. I may have zero years of direct experience but am not computer-illiterate) I have a decent shot from that angle.

I was reading the "desired certifications" at the bottom of the listing, researched them and determined the following.

CISSP - On the site, it specifically notes one should have either five years of experience or four with one year credited for relevant Master's degree.
Security+ - Seems to be the most "entry-level" even though as I was reading in the certification thread, it "should not be taken lightly." Recommends two years of experience prior to taking the exam.
Chapter 8, NISPOM - Either I am bad at research or these two are essentially synonyms. Further they seem to refer to a certification for whole IT systems rather than persons. Of course, it's government documentation so I could be misreading.
COMSEC - I could only find one old article on About.com, so I have no idea whether this is a single exam (doubtful as I found nothing) or a more general term.

TL; DR - Applied for IT security job with zero years of experience based on the previous guy coming in the same way I would (newbie @ security, has working computer knowledge). All but one of the desired certifications (Security+) seem to be too high-level (CISSP), refer to systems (NISPOM/Chapter 8) or lack information (COMSEC). I'm totally willing to own that I don't have a Security+ cert, but the rest seem...weird.

Did I miss something?
 
I'd be worried that you don't have any Cisco certs or equal experience listed. No CCNA or equivalent listed.


Unless you had equal CCNA level experience + security specific certs or experience, I would be very apprehensive on hiring someone for "network security" position.
 
Mackintire said:
I'd be worried that you don't have any Cisco certs or equal experience listed. No CCNA or equivalent listed.


Unless you had equal CCNA level experience + security specific certs or experience, I would be very apprehensive on hiring someone for "network security" position.
Click to expand...

Thank you for your input, but that isn't answering the question.

The first question is whether requesting a certification that by the authority's own website recommends 4-5 years experience prior to even obtaining the certification for a position requesting 0-2 years of experience is out of the ordinary. It strikes me as being the "HR arms race" (e.g. asking for ten years of experience in an industry that's been around for five).

The second question is whether those other certifications are even relevant (NISPOM, Chapter 8, COMSEC) given that from my understanding two of them refer to systems rather than individuals and the third I can't find information on period.
 
cyr0n_k0r said:
He answered the question pretty well. You aren't qualified for the position.
Analyzing the job posting does you no good.
Click to expand...

So you're not even going to give me background on what those certifications mean? That was the point of the post, even if I'm "not qualified" in your eyes. I'd still like to know more about these certifications.
 
Lot of job apps have requirements that are way over the top. Technically I'm not even qualified for my own job. :p Apply anyway.
 
I would apply for it anyway, especially since you might have an in with the hiring manager.

CISSP is a well regarded cert that requires 5 years of experience and knowledge of the secret handshake. Median salary for someone with that cert is 110k last I checked.

Security+ is a very entry level one from what I remember - to the extent that I'd not bother with it.

NISPOM Chapter 8 is not a certification, but rather familiarity with the requirements imposed by said chapter. It implys your future employer is a defense contractor and has to maintain systems in accordance with those requirements. FISMA along with NIST 800-53 are similar for non-defense government shenanigans.

COMSEC appears to be an acronym used in NISPOM. A quick search on the chapter 1-11 document should get you going.

For additional professional development, I would highly suggest joining your local ISSA chapter and attending the meetings.
 
CCNA or Cisco Certified Network Associate is a semi-entry level cert that is supposed to show tha you know and understand the fundimentals practices and proceedures to be a network administrator or entry level network engineer.

My point is if you do not understand networking protocols, security practices and are familiar with enterprise level network architecture you are not qualified to be in network security.


IMO in Security you really should know how it works, because those that will do unauthorized or unwanted actions on your network usually do. And if they don't you need to know how to solve the problem ASAP. Network security is usually a job of some significance in the sense of responsibility and the pay usually reflects that.

Again, at a minimum if you don't have CCNA or equivalent experience I would not hire anyone for a network security position.
 
Mackintire said:
CCNA or Cisco Certified Network Associate is a semi-entry level cert that is supposed to show tha you know and understand the fundimentals practices and proceedures to be a network administrator or entry level network engineer.

My point is if you do not understand networking protocols, security practices and are familiar with enterprise level network architecture you are not qualified to be in network security.


IMO in Security you really should know how it works, because those that will do unauthorized or unwanted actions on your network usually do. And if they don't you need to know how to solve the problem ASAP. Network security is usually a job of some significance in the sense of responsibility and the pay usually reflects that.

Again, at a minimum if you don't have CCNA or equivalent experience I would not hire anyone for a network security position.
Click to expand...

I would disagree with you on this. When you get into the government security requirements as this company appears to have, there's a LOT of log monkey stuff going on that you can quickly teach anyone with half a brain how to do that doesn't require any prerequisite knowledge about network security, however, such concepts are learned while dealing with the log data.

They seem to prefer to develop the right candidate into more senior roles while not spending a ton of money doing so (hence them not caring about specific security experience). I'd much rather have a great candidate that I can train and develop, rather than someone that knows the world and can't learn or change.
 
The desired certifications/skills is not weird for a defense contracting job. The company is dreaming and does not want a CISSP to apply for the job. They couldn't afford one and would rather hire someone with 0-2 years experience and pay them pennies hoping they stick around for 5 years. During that time you should be building towards a Security+ and have it done within the first 6 months. I would tell them I am studying for it during the interview. Then study for the CISSP certification if you enjoy that type of work.

You have the best IN though and that is because you were recommended by your friend. The defense industry loves to hire someones friend so they will stick around.
 
Without seeing the actual job description I'm not going to say whether or not you are qualified. Connections are half the battle, a lot of people overlook experience when you know someone. This will be even more true if your friend is decent at his job.

That said, I would recommend that you offer to obtain a certification within 6 months of being employed. You could do Security+ in 3 months if you have the working knowledge that you say you do.
 
You must log in or register to reply here.
Back
Top