Job Interview tomorrow...IT security..help

[IceBergSLiM]

Well maybe not panicking but I have a job interview tomorrow with the IT Security Manager for a number of open positions.(I'm an internal candidate, not an IT security background)

I think I'm pretty much up to speed on most things but I need a high level refresher on the major corporate security topics/concepts that I should be able to recall during said interview.

I'm looking for high level here, concepts, key acronyms, key technologies, I need to be able to read it today/tonight.(~30 pages or less)

 

[IceBergSLiM]

I know one of the openings has to do with eDiscovery if that helps.

 

[VoteQuimby]

Make sure you know how to backtrace an IP.

 

[her209]

What is security?

 

[DisgruntledVirus]

http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional

Study for the CISSP

 

[IceBergSLiM]

http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional

Study for the CISSP

Yeah in one day! lol

HIGH LEVEL!

 

[ichy]

Well in fairness the CISSP is really high level. It's also way too broad to review in one day.

 

[MisterJackson]

Make sure you know how to backtrace an IP.

LMAO

 

[Texashiker]

Bring a padlock and a pistol to the interview.

When the question comes up about how to keep the network safe, you pull out the lock and pistol and put them on the desk.

From there, explain how you will install a lock on the server room door that only you have a key to, and you will stand as an armed guard to keep those evil hackers out.

 

[guyver01]

If you need ATOT to provide an overview of IT Security... you already lost the job.

 

[SSSnail]

You must work for the government.

 

[MarkXIX]

Go to SANS website and read some of the student and professional papers that are posted. The link below is a good start:

http://www.sans.edu/research/student-projects

 

[IceBergSLiM]

Go to SANS website and read some of the student and professional papers that are posted. The link below is a good start:

http://www.sans.edu/research/student-projects

:thumbsup:

 

[IceBergSLiM]

If you need ATOT to provide an overview of IT Security... you already lost the job.

get off your high horse, i'm not a retard i can come up to speed on whatever I don't know pretty quickly. The super technical pieces are outsourced anyways.

 

[SSSnail]

Security is not something you can just "come up to speed" in any short amount of time. Your company data is resting with you. Have the decency to decline the offer and don't treat it like a next move up.

 

[ichy]

"Security" is a very broad field, and someone who's quite competent in the part of it they're working in could be utterly clueless about other parts of it. Nothing wrong with brushing up on the basics.

 

[guyver01]

get off your high horse, i'm not a retard i can come up to speed on whatever I don't know pretty quickly. The super technical pieces are outsourced anyways.

nothing to do with 'coming up to speed'

any company worth its spit won't have 'newb' security people.

at my company, they won't hire you for IT Security if you're not even working on your CISSP.. and to even go for a CISSP you have to have 5 years in the industry.

 

[IceBergSLiM]

Security is not something you can just "come up to speed" in any short amount of time. Your company data is resting with you. Have the decency to decline the offer and don't treat it like a next move up.

lulz. I must respectfully disagree. The notion that only experts can be hired into the security field is patently absurd. If that were the case their wouldn't be any entry level security positions in existence. Every security req would have 15-20 years experience mandatory with published peer reviewed journals to prove mastery of the topic..

So in summary you don't know what your talking about. I never said I was applying for ISO

 

[IceBergSLiM]

nothing to do with 'coming up to speed'

any company worth its spit won't have 'newb' security people.

at my company, they won't hire you for IT Security if you're not even working on your CISSP.. and to even go for a CISSP you have to have 5 years in the industry.

I'll be sure to berate my interviewer tomorrow highlighting your incontestable points.

 

[guyver01]

I'll be sure to berate my interviewer tomorrow highlighting your incontestable points.

yes.. be sure to point out during the interview how hiring someone without any IT Security Background, and doesn't have even a Security+ and doesn't even know the 10 (ISC)² CISSP domains is a horrible candidate for the job.

i'm sure that will make points with the boss quickly.

 

[ichy]

Start working on the CISSP ASAP if you get the job. It's really not much more than a basic certificate of competence, but it seems to carry a lot of weight.

 

[guyver01]

It's really not much more than a basic certificate of competence, but it seems to carry a lot of weight.

wow...apparently lots of people dont know what the CISSP is in this thread.


Candidates for the CISSP must meet several requirements:

• Possess a minimum of five years of direct full-time security work experience in two or more of the ten (ISC)² information security domains (CBK). One year may be waived for having either a four-year college degree, a Master's degree in Information Security, or for possessing one of a number of other certifications from other organizations. A candidate not possessing the necessary five years of experience may earn the Associate of (ISC)² designation by passing the required CISSP examination. The Associate of (ISC)² for CISSP designation is valid for a maximum of six years from the date (ISC)² notifies the candidate of having passed the exam. During those six years a candidate will need to obtain the required experience and submit the required endorsement form for certification as a CISSP. Upon completion of the professional experience requirements the certification will be converted to CISSP status.

• Attest to the truth of their assertions regarding professional experience and accept the CISSP Code of Ethics.

• Answer four questions regarding criminal history and related background.

• Pass the CISSP exam with a scaled score of 700 points or greater out of 1000 possible points. The exam is multiple choice, consisting of 250 questions with four options each, to be answered over a period of six hours. 25 of the questions are experimental questions which are not graded.

• Have their qualifications endorsed by another CISSP in good standing. The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.

The two BOLDED are the hardest to come across to even get into CISSP.

 

[IceBergSLiM]

yes.. be sure to point out during the interview how hiring someone without any IT Security Background, and doesn't have even a Security+ and doesn't even know the 10 (ISC)² CISSP domains is a horrible candidate for the job.

i'm sure that will make points with the boss quickly.

The 10 domains of the CISSP CBK are: access control systems and methodology; cryptography; physical security integration; requirements analysts and security standards, guidelines, criteria; technology related business continuing planning (BCP) and disaster recovery planning (DRP); and telecommunications and network security

I'm pretty sure I know enough about each of those areas. I'm not an IT n00b, I work in a data center for many years and have been exposed to many things.

 

[ichy]

I passed the CISSP about a month ago. It's not that tough of a certification to get as long as you have sufficient work experience. The test demonstrates a basic level of knowledge but that's pretty much it. I spent about a week studying intensely for it. The endorsement also wasn't hard at all to get, if you work in security you'll probably have multiple coworkers who'll be happy to do it for you. (ISC)² is a money-making scam.

 

[FoBoT]

if you are an internal candidate, it has less to do with what you know and more with who you

Spoiler

_______

.