Little known secrets about information technology and information security job requirements

Information technology and information security job hunt can be confusing

I have seen a lot of people confused over job postings.  Sometimes recruiters and hiring managers are not on the same page.  That can lead to requirements getting way out of hand for job posts.  In the world of information technology and information security job search, you have to be able to see through the ‘requirements’ in a job post.  Not everything listed is actually a requirement.  There are skills not listed that are often required as well.

5 years of experience for an entry level job?

We have all seen it.  An entry level job posting in a security position that requires CISSP.  Everyone knows that a CISSP requires 5 years of experience (or 4 with a waiver).  How does that even make sense for an entry level job?  What that tells me is that the hiring manager wants a mid-level person with some experience working in the field who wants to break into security.  Typically these jobs are not designed for a college graduate without any experience, and so the term ‘entry-level’ is misleading and confusing.  If you do have the experience required, but not the certification, you should still apply.  Some employers are willing to hire the right candidates and add it as a condition of continued employment.  I had 6 months to get my CISSP despite the posting ‘requiring’ a candidate who already had it.

They require a Sec+ or a CISSP?

When I see something like this, it is actually a very positive sign.  There are two things everyone must understand when it comes to job requirements.  Minimums and maximums exist when it comes to requirements, but they often aren’t labeled separately.  On some very good job posts, you will see a list of requirements and a list of preferred skills.  This tells you the range of experience the hiring manager is willing to accept.  On most postings though, they are listed side by side.  If you fall within the range of skills and certifications, you should apply.

The dreaded ‘years of experience’

A good job posting will have a range of expected experience for the position.  True entry level jobs should always start with 0 years of experience required.  All too often I’ll see a posting that looks like an entry-level position but requires 4 years of experience.  Some HR departments equate 4 years of experience with a 4 year degree program.  If you are a graduate of a 4 year program, than you most likely would be considered for this job.  The same also applies if you’ve got a Masters level degree and the job says 6 years experience.  Due to most associate level degrees being more generalized, their worth varies from company to company.

Do I actually qualify?

In conclusion, the real answer is that sometimes you just don’t know.  If there is a job that you want to do, then apply.  Don’t let specifics dissuade you from applying if you meet some of the requirements.  Many times you won’t get contacted by the company, that is true even for jobs you do qualify for.  If you don’t put yourself out there and apply, then nobody will know you are looking.  The job I currently have has several pay grades attached to it within the company.  The requirements posted for the job were about double my years of experience, required a CISSP I didn’t have, and technologies I hadn’t specifically seen.  I still applied and got the job but they started me at a lower pay grade.  You won’t get any job that you don’t apply for, and that’s really the point.

 

If you enjoyed this article, please subscribe to be notified about the latest posts and comment below. Thanks for reading!

Back to certifications.

Return to career page

Return to home page

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!