Are Security Careers Real?

A Former User

I interviewed for a security job a while back, much of it was under NDA so I can't say anything specifically about what they wanted. The only thing I can say is the main thing they were looking for was someone with a Security+ (dumb) and I declined further interviews/proceeding with the process after the first one.

Dashrender

@thecreativeone91 said:

I interviewed for a security job a while back, much of it was under NDA so I can't say anything specifically about what they wanted. The only thing I can say is the main thing they were looking for was someone with a Security+ (dumb) and I declined further interviews/processing with the process after the first one.

A security job where they even bothered to mention Security+, no wonder you walked away.

Nic

NSA hired them all

scottalanmiller

@thecreativeone91 said:

I interviewed for a security job a while back, much of it was under NDA so I can't say anything specifically about what they wanted. The only thing I can say is the main thing they were looking for was someone with a Security+ (dumb) and I declined further interviews/proceeding with the process after the first one.

Any company under NDA is using security through obscurity. The NDA is enough to make me walk away. This is why I decline to even talk to Google - they've failed the hiring process before we even talk in person because their NDA flags them as way too low end to even warrant a discussion.

A Former User

@scottalanmiller said:

@thecreativeone91 said:

I interviewed for a security job a while back, much of it was under NDA so I can't say anything specifically about what they wanted. The only thing I can say is the main thing they were looking for was someone with a Security+ (dumb) and I declined further interviews/proceeding with the process after the first one.

Any company under NDA is using security through obscurity. The NDA is enough to make me walk away. This is why I decline to even talk to Google - they've failed the hiring process before we even talk in person because their NDA flags them as way too low end to even warrant a discussion.

Yep, I will never do an interview under NDA again.

dafyre

I think for most folks they wind up being thrust into that position. At my last job, I had to learn pretty much learn things as I went. Not that security was an after thought, but as I'd learn something new for another project, I would go back and apply those same security principles to past projects and servers.

scottalanmiller

@thecreativeone91 said:

Yep, I will never do an interview under NDA again.

Or if you do, you won't tell us

scottalanmiller

@dafyre said:

I think for most folks they wind up being thrust into that position. At my last job, I had to learn pretty much learn things as I went. Not that security was an after thought, but as I'd learn something new for another project, I would go back and apply those same security principles to past projects and servers.

Yup, I've been put in security roles, but it was a role, not a career path. It didn't come from something else, it didn't lead to something else.

A Former User

@dafyre said:

I think for most folks they wind up being thrust into that position. At my last job, I had to learn pretty much learn things as I went. Not that security was an after thought, but as I'd learn something new for another project, I would go back and apply those same security principles to past projects and servers.

I have that happen before being put in it. I was put in the position at the county. and Security WAS an afterthought. Heck when I started it there it was server 2000 domain with the main DC having a 1:1 Nat mapping on it with no firewall in between, you could authenticate to it from home.. And the DC was a Terminal Server too!

dafyre

@thecreativeone91 *me runs away and hides.

MattSpeller

Security I thought was a real golden ticket at first, then you realize that if someone wants in they'll win eventually, no matter what you do. I don't like to lose and that'd be a struggle for me.

scottalanmiller

@MattSpeller said:

Security I thought was a real golden ticket at first, then you realize that if someone wants in they'll win eventually, no matter what you do. I don't like to lose and that'd be a struggle for me.

That and everyone thinks that it is a golden ticket. Like any "popular" career, that forces it to be the entry level work. Everyone and their brother is a "security expert" today. All of them working at McDonalds.

A Former User

And most companies do not care about security unless it costs them a lot, but then they still don't care about it or your data; They just care about the financial implications of it.

A Former User

@scottalanmiller said:

Everyone and their brother is a "security expert" today. All of them working at McDonalds.

Or a computer repair shop but, the pay is likely about the same.

scottalanmiller

@thecreativeone91 said:

@scottalanmiller said:

Everyone and their brother is a "security expert" today. All of them working at McDonalds.

Or a computer repair shop but, the pay is likely about the same.

Dashrender

@thecreativeone91 said:

@dafyre said:

I think for most folks they wind up being thrust into that position. At my last job, I had to learn pretty much learn things as I went. Not that security was an after thought, but as I'd learn something new for another project, I would go back and apply those same security principles to past projects and servers.

I have that happen before being put in it. I was put in the position at the county. and Security WAS an afterthought. Heck when I started it there it was server 2000 domain with the main DC having a 1:1 Nat mapping on it with no firewall in between, you could authenticate to it from home.. And the DC was a Terminal Server too!

Nice! I've seen that setup before (and no, I wasn't the one who put it in :P)

Dashrender

@thecreativeone91 said:

And most companies do not care about security unless it costs them a lot, but then they still don't care about it or your data; They just care about the financial implications of it.

Ain't this the gal darn truth!

Security is entirely to inconvenient, and until it really starts costing them due to things like breaches, most just can't be bothered with the inconvenience.

MattSpeller

@Dashrender said:

Security is entirely to inconvenient, and until it really starts costing them due to things like breaches, most just can't be bothered with the inconvenience.

And this is why I don't sign up for points cards of any kind & am generally careful with my info

Dashrender

@MattSpeller said:

@Dashrender said:

Security is entirely to inconvenient, and until it really starts costing them due to things like breaches, most just can't be bothered with the inconvenience.

And this is why I don't sign up for points cards of any kind & am generally careful with my info

Points cards, etc themselves can't harm you, at least I can't think of how they could. If you use the same password for your points cards as you do for say email or paypal... well then when the points system gets hacked so does your email/paypal, etc.

As long as those programs only want my already publicly available information (name, address, phone number) and nothing else.. I'm fine with them.

Carnival Boy

@scottalanmiller said:

I know that there are some security specialty shops out there (I've been asked to lead teams for one of them.) But even big ones that I have worked with just use skilled "normal" IT people, not "security" specialists.

I would have thought that a good security guy is a good generalist as you need to have a good understanding of all applications in order to gain a good understanding of where those application vulnerabilities lie. For example, you need a modest understanding of SQL in order to understand SQL vulnerabilities like SQL injection. So if I was forming a crack team of security experts I'd want a SQL guy, a web guy, a Windows guy etc etc. A bit like the A-team, with BA Baracus as my Windows guy.