+ Reply to Thread
Page 2 of 2 First 12
Results 26 to 38 of 38
  1. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #26
    Man - I vividly remember writing this post. A lot has changed, a lot has stayed the same. If there's interest, I could write a follow-up post in this thread based on my experiences over the last 3-4 years.

    Quote Originally Posted by alias454 View Post
    Nice Post. What can an "L1" expect to make?
    In 2013 when I got my first security job (as an L1), I made $55,000. The interview I posted about here, also for an L1 analyst role, bumped me to something like 70k. These days I routinely see L1 Analysts just starting out making 75k+
    Last edited by YFZblu; 11-08-2016 at 08:03 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jul 2016
    Location
    New Hampshire
    Posts
    354

    Certifications
    CCNET, CCNA R&S, ITIL, MCP, Security+
    #27
    My goal is to get into IT Security and I just ordered this book. Thank you for posting it!
    Last edited by NavyMooseCCNA; 11-08-2016 at 08:28 PM. Reason: Grammar
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Mar 2016
    Posts
    27

    Certifications
    SSCP, ITILv3 Foundations. A+, Net+, Sec+, MS: 70-680, MS: 70-685, MS: 70-410
    #28
    I just found this thread....I have about 4 months experience as a Service Desk Analyst, and looking to try to break into the InfoSec field. The latest certification I have is Associate of (ISC)2 SSCP, and working on CISSP; I also go to school full-time, working on my BS in IT Security.

    I would love it if you could renew this topic, and write about what you see these days. Your original post was more than a few years ago. How have you progressed so far, do you get to look at candidates' profiles for positions, other than a general knowledge what kind of skills should a tier 1 be bringing to the table....these are some of the more particular questions I have.

    THanks!
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Mar 2016
    Posts
    27

    Certifications
    SSCP, ITILv3 Foundations. A+, Net+, Sec+, MS: 70-680, MS: 70-685, MS: 70-410
    #29
    I just found this thread....I have about 4 months experience as a Service Desk Analyst, and looking to try to break into the InfoSec field. The latest certification I have is Associate of (ISC)2 SSCP, and working on CISSP; I also go to school full-time, working on my BS in IT Security.

    I would love it if you could renew this topic, and write about what you see these days. Your original post was more than a few years ago. How have you progressed so far, do you get to look at candidates' profiles for positions, other than a general knowledge what kind of skills should a tier 1 be bringing to the table....these are some of the more particular questions I have.

    THanks!
    Reply With Quote Quote  

  6. Member
    Join Date
    Sep 2013
    Posts
    95
    #30
    Even though this thread is a year old, it is one of the best and unique thread here as it touches real life scenarios. I am looking some similar examples on youtube but have not found much stuff. It will be nice if more folks here can contribute something from their recent interviews.
    Reply With Quote Quote  

  7. Member
    Join Date
    Sep 2013
    Posts
    95
    #31
    YFZblu
    Can you please post some more info if possible? Thanks in advance.
    Reply With Quote Quote  

  8. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #32
    I'm happy to see this post helped some people over the years. I've gotten several requests to update / enhance it, so I'll do that here I'm going to add a few things:

    1. Expand on two pieces of my original post (linux, scripting)
    2. Add a section regarding host-based forensics
    3. Answer questions posed by User Kiyori

    This post isn't meant to be a replacement to the original - I think everything in the original post still applies. The end of this post will be open-ended, feel free to ask me to address something I may have left out.

    Quote Originally Posted by yfzblu
    First and foremost, Linux. It's everywhere in infosec as many of you know. I won't get too specific on this, but definitely dig in and learn Linux.
    From a tactical perspective, and from the perspective of doing work, I still believe this; however the 'why' is important too and needs to be addressed. For beginners Linux can be clunky, and difficult to work with. You should accept the constant failure you will inevitably have with it as a challenge. In my experience, Linux can set you on the path to learning important lessons:

    - working through frustration and failure: your stuff will break, and you will break your stuff
    - learning to become resourceful: man pages, google, trial and error, etc.
    - learning to learn: technical documentation can be terse and sometimes you must understand various background topics/technologies before you can address the problem at hand. Something like this is often repeated: 'you cannot secure what you do not understand'. While this is true, as analysts we often encounter situations and technology that we do not understand. Finding solutions does not necessarily require years of direct experience with a given technoology - being able to 'figure it out' (sometimes on the fly) is a vital skill that can be acquired over time. In my experience, Linux helped me get started with this.

    Quote Originally Posted by yfzblu
    Code: I said this in a post the other day - Do yourselves a huge favor and learn to script and at least learn to read some code. I put it off forever and it is biting me in the butt. I'm basically drinking from the firehose trying to get up to speed. Much like the Linux thing I won't get too detailed about why/how, just learn it.
    This, still, a thousand times over. Everything I said about Linux applies here as well. With very few exceptions, not having scripting/programming ability will automatically put a ceiling on your technical career in security. Learning Python has allowed me to:

    - Contribute to the security community with my own open source projects [1][2]. The ability to show my work to an employer during an interview has been insanely valuable to me.
    - Automate otherwise manual tasks, enabling teams I have been on to focus on more important work.
    - Gain a deeper understanding of open source offerings by examining source code directly. Examples of this are Snort/Suricata, Elasticsearch, and Volatility.
    - Learn a given technology at a deeper level. By first understanding Python and its data structures, I was able to begin to understand more complex data structures presented by other languages and operating systems, which in turn helps me as an analyst.

    Adding something new here: host-based forensics. Over the last several years forensics has taken a huge leap forward. More than ever it's a vital skill to have for any analyst. Organizations are now (or should be) leveraging live response frameworks to supplement traditional log data. A couple of great places to start would be Windows-based forensic artifacts, as they're the most well known and well documented - and offer a large payoff considering most organizations are largely comprised of Microsoft technologies. IMO, these are three of the best books to help get someone started:

    - File System Forensic Analysis (the more general chapters at the beginning and the chapters on NTFS specifically)
    - The Art of Memory Forensics
    - Windows Registry Forensics, Second Edition

    These books cover both the artifacts themselves and sound analysis methodologies.

    And blogs:

    - Another Forensics Blog
    - Windows Incident Response
    - SANS DFIR Blog
    - Hacking Exposed Computer Forensics Blog (David hasn't posted in a while, but all of the past content is good)

    Taking all of this a step further, not only is it important to understand the artifacts, but you'll eventually want to contrast them with offensive techniques. For example, how will this help an organization detect the presence of Mimikatz executing in an environment? What residue does it leave behind? How can this be leveraged in monitoring scenarios?

    Quote Originally Posted by Kiyori View Post
    How have you progressed so far
    Unhappy with the way organizations have refused to protect and invest in systems they supposedly care about, I have left several security jobs over the years. In some ways being unsatisfied has been a burden on me personally. In other ways, I've experienced roles and technologies that I never would have been exposed to had I stayed with one or even two organizations.

    At this time I'm working as an incident response consultant on a forensics team - being in this role is what I've wanted since I got into security, so things have worked out well. I'm a big proponent of seeking out opportunities and going for them - for the most part, nobody is going to hand you anything.

    Quote Originally Posted by Kiyori View Post
    Do you get to look at candidates' profiles for positions? Other than a general knowledge what kind of skills should a tier 1 be bringing to the table
    I've been interviewing candidates for a couple of years now. Regarding a tier 1, the technical pieces are less important to me personally. As a senior it's my responsibility to get people up to speed, and provide enough process/prcedure and documentation for a less technically inclined person to do some of the more routine aspects of the job. Additionally, I feel responsible to help bring others up and point them in the right direction to eventually help with less trivial work streams. Coming from this perspective, I look for:

    - An enthusiastic desire to learn. Most notably, I want to see someone try to learn in the interview itself. When a candidate recognizes he/she has a short window of time with experienced members of the industry and wants to take advantage of it, this stands out to me. It's a good indicator that if the team brought this person on, they would likely continue doing the same.

    - Someone who wants to understand the data, not just use the tools. A big issue in this field is that there are a lot of 'button pushers' who rely exclusively on the tools they are given, instead of first understanding the data. Tools can lie, they can break, etc. For example if an Analyst knows the basics of TCP/IP and regular expressions, learning something like Snort or Suricata will happen much faster than someone who is trying to learn the tool first. Similarly when the tool breaks or if it doesn't provided some needed functionality, that same person might be lost, while another analyst is busy finding solutions based on what the underlying data is reflecting.

    - Vision for his/her career. I want to know why this person wants to be an analyst and what direction they see their career moving towards. For someone right out of college this vision may not make sense jut due to a lack of experience, or may not be be completely hashed out yet - but I care less about that. Having a vision and a plan for getting there to me shows this person is motivated and explicitly engaged in the direction of his/her career.

    - As I said in my first post, know what you claim to know. A minor pet peeve of mine: I can't tell you how many times I've seen C and x86 assembly listed on someone's resume under the 'programming' section, because the candidate took a couple of computer science courses in college. If you do this, I will ask you to program in C in the interview. I hate doing this.

    Hope this helps!
    Last edited by YFZblu; 10-16-2017 at 04:25 PM.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    166

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, VCP5-DCV, VCP-Cloud, MCSA 2012, MCSA 2008, MCSA 2003, Security +, Net+, A+
    #33
    Quote Originally Posted by YFZblu View Post
    Man - I vividly remember writing this post. A lot has changed, a lot has stayed the same. If there's interest, I could write a follow-up post in this thread based on my experiences over the last 3-4 years.



    In 2013 when I got my first security job (as an L1), I made $55,000. The interview I posted about here, also for an L1 analyst role, bumped me to something like 70k. These days I routinely see L1 Analysts just starting out making 75k+
    I am seeing L1's being hired at 88k+ right now.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    May 2016
    Posts
    1,627

    Certifications
    ITIL V3 F, ITIL OSA, ITIL ST
    #34
    Quote Originally Posted by Blucodex View Post
    I am seeing L1's being hired at 88k+ right now.
    What country, what part of that country?
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  11. Senior Member LordQarlyn's Avatar
    Join Date
    May 2011
    Location
    Iraq
    Posts
    206

    Certifications
    CISSP, ITILv3, CCNA, A+, Net+, Security+, Server+, MCP, MCSA 2003
    #35
    Good stuff here! Very useful and helpful.
    Reply With Quote Quote  

  12. Member
    Join Date
    Sep 2013
    Posts
    95
    #36
    Fantastic. Learnt a lot from YFZblu's post. Much appreciated.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Mar 2017
    Location
    Phoenix, AZ
    Posts
    166

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, VCP5-DCV, VCP-Cloud, MCSA 2012, MCSA 2008, MCSA 2003, Security +, Net+, A+
    #37
    Quote Originally Posted by DatabaseHead View Post
    What country, what part of that country?
    Phoenix. The market is hot out here.

    Phoenix is transforming from a call center hub to a tech hotbed

    Reply With Quote Quote  

  14. Junior Member
    Join Date
    Sep 2012
    Posts
    22

    Certifications
    A+, Net+, Sec+, CCNA, Win10 70-698
    #38
    Hey Blu,

    Are you aware of any regional specific resources for job seekers, specifically related to Cyber Security? I moved out to Phoenix earlier this year and am looking to take the next step after working as helpdesk/desktop support for the past two years.

    I managed to land an interview with a Cyber Security provider as a SOC Analyst and did great on the technical interview. Then their job posting changed from 'able to obtain a security clearance' to requesting candidates to have an active clearance which I don't have.

    Also found a few workshops and networking events on meetup.com I'm planning on attending, but am wondering if there is any other resource besides your typical job board and recruiters that you are aware of.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 2 First 12

Social Networking & Bookmarks