Hey everyone! I've been working as a systems admin, network engineer, and firewall admin for quite a while, mostly in smaller companies, with some experience in larger organizations further back in my career. Recently, as I look for new job opportunities, I keep encountering a requirement for experience in cybersecurity and security frameworks. I'm curious about what these areas entail on a daily basis. If someone were to ask you, "have you done this?"—what exactly would your experience involve?
I've worked with next-gen firewalls, endpoint security, and email security solutions. I've also set up and modified policies, monitored alerts on intrusion detection systems, and handled infections. Does this count as cybersecurity work, or is there something more I'm missing? Additionally, when people refer to security frameworks, are they similar to models like the OSI model? Does working with them mean assessing your environment against certain models and striving for compliance? Looking forward to your insights and hopefully not too many harsh critiques!
3 Answers
You're on the right track! It sounds like you have a solid foundation with your firewall and security management experience. Cybersecurity nowadays often involves a wider framework, such as the NIST Cybersecurity Framework 2.0, which provides an evolving process for managing cybersecurity risks. You should familiarize yourself with different industry-specific frameworks, as they may come up in interviews.
I wouldn't stress too much! It seems you have a lot of practical experience that newer grads might not have. Just be prepared to discuss how your security practices intersect with managerial aspects of cybersecurity, as certifications like CISSP or CISM focus heavily on those areas. They'll likely ask how not just to configure security tools but also to develop and enforce policies.
When people refer to 'security frameworks,' they mean structured models like SOC2 or NIST 800-53. These frameworks help you evaluate your security policies, procedures, and infrastructure. Experience with risk analysis and discussing the implications of new security products on your security posture is also very valuable!
Thanks for the reassurance! I don't have any security certifications yet, but I've learned a lot from my hands-on experiences. I just want to make sure I can navigate these topics during interviews without feeling lost.