Information Technology (IT)

That's my next move too, got sec+, ccna, aws sa, azure sa, lpic1, ccsp and degree all on the docket I need to kill by end of summer. Need to hunker down and disappear.
What route are you looking to go career wise lol? I’m trying to tie all that together
 
Cloud security engineer more likely, all that (minus the azure cert) is part of the WGU BS:NOS degree. I could choose any path with that versatility really, but a cloud/devsecops focus makes more sense. Eventually architect etc. but want to spend some time in the trenches first.
 
my company (incumbent) lost their re-compete effort for my current worksite, and my resume was sent to a new company (sub-contractor). I talked with them, negotiated a salary bump, and accepted (although, not crazy with the sub being a small company).

My current company did find me a new project; however, it was the same situation as my current site - going into a re-compete. Came down to more money for the same job with a new company vs. a new site for the same salary.
 
Last edited:
Anybody into PCI Compliace? I kept seeing those ads for Boyd Clewis academy, apparently people are getting the cert or whatever in it in 90 days. I had a call with them and everything, seemed like a nice opportunity and much more preffered to trying to go back into Grad school again if I decide to make a move for my next level of my career, trying to bust through that 6 figure wall. Also, small chance someone in this threadis interested, here's a job I was offered. Just tell them you have an associate who it was offered to who sent it to you (pm me for my real name if you want). I never got into CISSP so all this RMF stuff is over my head, but $70/hr is like $145, and on Texas (arlington of course a suburb of Dallas) cost of living with no state income tax. Sheeyit


[TABLE]
[TR]
[TD][TABLE]
[TR]
[TD]Max Cameron <mcameron@chiptonross.com>[/TD]
[/TR]
[/TABLE][/TD]
[TD]10:22 AM (1 hour ago)
[/TD]
[TD][/TD]
[TD]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD]to me
[/TD]
[/TR]
[/TABLE][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[/TR]
[/TABLE]






Hello ,

We just received a new work order and wanted to know if you would be interested in this position – see below.

If not, please forward this email on to anyone you know who might be interested, thanks!

Information Systems Security Engineer Job#189709

ACTIVE SECRET CLEARANCE REQD

Category: IT
Region: TX-Texas
City: Arlington
State: TX
Rate: Up to $70.00 DOE
Duration: 9 months

Description:
Chipton-Ross is seeking an Information Systems Security Engineer for an opening in Arlington, TX.

RESPONSIBILITIES:
Implement security and anti-tamper controls into training and simulation solutions
• Define DoD cybersecurity and anti-tamper requirements and interact with external stakeholders to refine/derive/allocate security control requirements
• Perform trades studies, cost analysis, risk assessments, impact analysis, and effectiveness studies
• Customize cybersecurity solutions based on cost and effectiveness
• Assist programs and monitor program execution throughout product development lifecycle to ensure cyber and anti-tamper objectives are met
• Lead, advise, and educate engineers on cybersecurity and anti-tamper concepts and solutions
• Prepare briefings to obtain approvals by government agencies for contracted efforts
• Perform cybersecurity tasks in each phase of the Risk Management Framework (RMF)
• Create entire authorization packages to obtain an Authority to Operate (ATO) for DoD Information Systems
• Interact with System Program Office and Authorizing Official key personnel during all phases of the RMF
• Support Information System Security Managers and Officers (ISSM/ISSO) during Continuous Monitoring Phase of the RMF as technical Subject Matter Expert

Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security
• Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest
• Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products
• Uses methods such as encryption technology, vulnerability analysis and security management
• Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment
• Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings

REQUIREMENTS:
6+ years of relevant experience in fields of cybersecurity, anti-tamper, or engineering computer technology
• Defense industry experience
• Experience creating authorization packages for DoD Information Systems
• Experience implementing security controls
• Experience with security control testing to include use of vulnerability and compliance scanners, creating test reports, and analyzing test results
• In-depth knowledge of all phases of the RMF
• Knowledge of all phases of the Systems Development Lifecycle
• Knowledge of NIST 800-53 security controls including their implementation and testing
• Interpersonal soft skills to effectively and smoothly interact with both internal and external stakeholders
• Experience in requirements management to include deriving, allocating, and tracing
• Ability to work alone or in a team environment
• Self-motivated with substantial problem-solving abilities
• Proficiency with Microsoft Office products
Additional Desired Qualifications and Experience
• JSIG compliance and implementation experience
• Proficiency in anti-tamper techniques for verification and protection of Critical Program Information (CPI) per DoDI 5200.39
• Systems Administrator Experience
• Significant knowledge of Security Technical Implementation Guides (STIGs)
• Design and Architect experience of cybersecurity solutions
• Multiple DoD 8570.01-M certifications
• Prior experience utilizing systems engineering principles for requirements on a technical effort
• Previous experience developing and accessing various artifacts such as SOWs, requirements, and test documents
• Experience with DOORS requirements management software
• Experience in eMASS and Xacta RMF flow software
• Experience in cybersecurity activities associated with aircraft and aircraft simulators/training devices
• Ability to travel up to 15%

EDUCATION:
• Bachelors degree in a technical field, such as Cybersecurity, Electrical Engineering, Systems Engineering, or Computer Science

Masters degree preferred in related field

IASAE level II or III certification

SHIFT:
9/80

MISCELLANEOUS:
Applicants responding to this position will be subject to a government security investigation and must meet eligibility requirements by currently possessing the ability to view classified government information.

Contact:
Max Cameron at mcameron@chiptonross.com
CHIPTON-ROSS INC.
420 Culver Boulevard
Playa Del Rey, CA 900293

Phone: (310) 414-7800 x242 or (800) 927-9318
 
Anybody into PCI Compliace? I kept seeing those ads for Boyd Clewis academy, apparently people are getting the cert or whatever in it in 90 days. I had a call with them and everything, seemed like a nice opportunity and much more preffered to trying to go back into Grad school again if I decide to make a move for my next level of my career, trying to bust through that 6 figure wall. Also, small chance someone in this threadis interested, here's a job I was offered. Just tell them you have an associate who it was offered to who sent it to you (pm me for my real name if you want). I never got into CISSP so all this RMF stuff is over my head, but $70/hr is like $145, and on Texas (arlington of course a suburb of Dallas) cost of living with no state income tax. Sheeyit


[TABLE]
[TR]
[TD][TABLE]
[TR]
[TD]Max Cameron <mcameron@chiptonross.com>[/TD]
[/TR]
[/TABLE][/TD]
[TD]10:22 AM (1 hour ago)
[/TD]
[TD][/TD]
[TD]
[/TD]
[/TR]
[TR]
[TD][TABLE]
[TR]
[TD]to me
[/TD]
[/TR]
[/TABLE][/TD]
[TD][/TD]
[TD][/TD]
[TD][/TD]
[/TR]
[/TABLE]






Hello ,

We just received a new work order and wanted to know if you would be interested in this position – see below.

If not, please forward this email on to anyone you know who might be interested, thanks!

Information Systems Security Engineer Job#189709

ACTIVE SECRET CLEARANCE REQD

Category: IT
Region: TX-Texas
City: Arlington
State: TX
Rate: Up to $70.00 DOE
Duration: 9 months

Description:
Chipton-Ross is seeking an Information Systems Security Engineer for an opening in Arlington, TX.

RESPONSIBILITIES:
Implement security and anti-tamper controls into training and simulation solutions
• Define DoD cybersecurity and anti-tamper requirements and interact with external stakeholders to refine/derive/allocate security control requirements
• Perform trades studies, cost analysis, risk assessments, impact analysis, and effectiveness studies
• Customize cybersecurity solutions based on cost and effectiveness
• Assist programs and monitor program execution throughout product development lifecycle to ensure cyber and anti-tamper objectives are met
• Lead, advise, and educate engineers on cybersecurity and anti-tamper concepts and solutions
• Prepare briefings to obtain approvals by government agencies for contracted efforts
• Perform cybersecurity tasks in each phase of the Risk Management Framework (RMF)
• Create entire authorization packages to obtain an Authority to Operate (ATO) for DoD Information Systems
• Interact with System Program Office and Authorizing Official key personnel during all phases of the RMF
• Support Information System Security Managers and Officers (ISSM/ISSO) during Continuous Monitoring Phase of the RMF as technical Subject Matter Expert

Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security
• Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest
• Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products
• Uses methods such as encryption technology, vulnerability analysis and security management
• Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment
• Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings

REQUIREMENTS:
6+ years of relevant experience in fields of cybersecurity, anti-tamper, or engineering computer technology
• Defense industry experience
• Experience creating authorization packages for DoD Information Systems
• Experience implementing security controls
• Experience with security control testing to include use of vulnerability and compliance scanners, creating test reports, and analyzing test results
• In-depth knowledge of all phases of the RMF
• Knowledge of all phases of the Systems Development Lifecycle
• Knowledge of NIST 800-53 security controls including their implementation and testing
• Interpersonal soft skills to effectively and smoothly interact with both internal and external stakeholders
• Experience in requirements management to include deriving, allocating, and tracing
• Ability to work alone or in a team environment
• Self-motivated with substantial problem-solving abilities
• Proficiency with Microsoft Office products
Additional Desired Qualifications and Experience
• JSIG compliance and implementation experience
• Proficiency in anti-tamper techniques for verification and protection of Critical Program Information (CPI) per DoDI 5200.39
• Systems Administrator Experience
• Significant knowledge of Security Technical Implementation Guides (STIGs)
• Design and Architect experience of cybersecurity solutions
• Multiple DoD 8570.01-M certifications
• Prior experience utilizing systems engineering principles for requirements on a technical effort
• Previous experience developing and accessing various artifacts such as SOWs, requirements, and test documents
• Experience with DOORS requirements management software
• Experience in eMASS and Xacta RMF flow software
• Experience in cybersecurity activities associated with aircraft and aircraft simulators/training devices
• Ability to travel up to 15%

EDUCATION:
• Bachelors degree in a technical field, such as Cybersecurity, Electrical Engineering, Systems Engineering, or Computer Science

Masters degree preferred in related field

IASAE level II or III certification

SHIFT:
9/80

MISCELLANEOUS:
Applicants responding to this position will be subject to a government security investigation and must meet eligibility requirements by currently possessing the ability to view classified government information.

Contact:
Max Cameron at mcameron@chiptonross.com
CHIPTON-ROSS INC.
420 Culver Boulevard
Playa Del Rey, CA 900293

Phone: (310) 414-7800 x242 or (800) 927-9318
$70 an hour seems low for a CISSP, that cert is not one you just pick up in a week. Unless you have worked in the field for a while. I think recruiter might need to go back to prime and find more money. Regarding your original question no I never heard of that exam.
 
Yeah. Low balling. I have a CISSP (and others). They need to pay me. New York, California, Florida or Texas.

And I never heard of that exam either.

Id assume if you understand the legal requirements, can pen test or know folks...that could be a nice gig.

PCI, HIPPA, RMF, GDPR, etc.
 
spiderjericho spiderjericho or titang545 titang545 or any other security dudes
I have a technical interview Friday and want some advice on how preparation.

If any of yall have some time to give me some pointers/advice I would appreciate it.
PM me if anyone wanna discuss the role and preparation

TY
 
spiderjericho spiderjericho or titang545 titang545 or any other security dudes
I have a technical interview Friday and want some advice on how preparation.

If any of yall have some time to give me some pointers/advice I would appreciate it.
PM me if anyone wanna discuss the role and preparation

TY
Not in the security field, but whenever I interview people it’s a mix of technical and personable questions.
But when I do technical questions, it’s usually scenario based questions that I use to gauge someone’s thought process in troubleshooting and their knowledge/experience.

If you have any insight or can gain any insight towards the infrastructure of the company, that can be a great way of giving yourself even a slight edge over other candidates.

just remember for the scenario based question, always trust in the STAR method. That **** never fails.
 
Can you share the job title or technologies being used?
Yeah my bad here it is
Security Analyst Responsibilities
  • Triage and respond to security events
  • Document and automate response actions
  • Help implement and configure new security products
  • Perform manual and automated threat hunting across the environment
  • Create and update correlated event rules
  • Assist in the assessment of the constituencies overall security posture
  • Tune security technologies
  • Mentor junior analysts
  • Early hires also need to help support front line customer service/support
The right candidate will have the following skills:
  • A good understanding of the Windows operating system
  • Experience with incident response
  • Good communication skills
  • The ability to execute independently and as part of a group
 
Yeah my bad here it is
Security Analyst Responsibilities
  • Triage and respond to security events
  • Document and automate response actions
  • Help implement and configure new security products
  • Perform manual and automated threat hunting across the environment
  • Create and update correlated event rules
  • Assist in the assessment of the constituencies overall security posture
  • Tune security technologies
  • Mentor junior analysts
  • Early hires also need to help support front line customer service/support
The right candidate will have the following skills:
  • A good understanding of the Windows operating system
  • Experience with incident response
  • Good communication skills
  • The ability to execute independently and as part of a group
Oh you good man, seems more like a thinking position speak concise. Ask about situations they had in the past or ones you resolved and explain to them the thought process you used. Windows stuff is pretty cut and dry, most jobs would like you to know everything from Microsoft word for word. If you don't know something let them know you will look online and find the answer. Talk about times where you might of been the senior person and showed new employees how things work. Process and procedures you might of come up with or use a process or procedure someone else created but you could duplicate. They won't know if you were the author of the document before or just fine tuned it.

You good man just stay calm and listen to what they say then regurgitate it an the answers you provide to them on your background. Good Luck.
 
Yeah not a security guy currently. But looks like a senior SOC analyst focused on Windows.

Technical questions could be tools like security onion, Splunk, Windows Defender, McAfee, Wireshark, etc. How to look for anomalies in network traffic or operating systems.
 
You got this MakeNTGreatAgain MakeNTGreatAgain I used to write a short outline script of questions I'd expect to be asked and bullet points to make sure I hit in my answer and things in your experience you want to highlight, real or fake, they don;t know. They love a problem solver so tell about a scenario like maybe you guys were doing work but not tracking in Remedy or Servicenow, so you called a meeting and implemented a new SOP where every action is documented in a ticket and shared across everyone and it prevented duplicate work and made everyone more efficient, or find a way to frame it like that.

spiderjericho spiderjericho titang545 titang545 I was working on CISSP as in trying to teach myself by reading the book, maybe lasted half a week it was dull, but if you think CISP ****** can shun at 145k maybe I should revisit. That listing never directly says CISSP I just know most of the time when I got calls about something dealing with RMF and Emass and DIACAP they wanted it, but maybe I'm wrong since they're lowballing.
 
Oh you good man, seems more like a thinking position speak concise. Ask about situations they had in the past or ones you resolved and explain to them the thought process you used. Windows stuff is pretty cut and dry, most jobs would like you to know everything from Microsoft word for word. If you don't know something let them know you will look online and find the answer. Talk about times where you might of been the senior person and showed new employees how things work. Process and procedures you might of come up with or use a process or procedure someone else created but you could duplicate. They won't know if you were the author of the document before or just fine tuned it.

You good man just stay calm and listen to what they say then regurgitate it an the answers you provide to them on your background. Good Luck.
Yeah not a security guy currently. But looks like a senior SOC analyst focused on Windows.

Technical questions could be tools like security onion, Splunk, Windows Defender, McAfee, Wireshark, etc. How to look for anomalies in network traffic or operating systems.
You got this MakeNTGreatAgain MakeNTGreatAgain I used to write a short outline script of questions I'd expect to be asked and bullet points to make sure I hit in my answer and things in your experience you want to highlight, real or fake, they don;t know. They love a problem solver so tell about a scenario like maybe you guys were doing work but not tracking in Remedy or Servicenow, so you called a meeting and implemented a new SOP where every action is documented in a ticket and shared across everyone and it prevented duplicate work and made everyone more efficient, or find a way to frame it like that.

spiderjericho spiderjericho titang545 titang545 I was working on CISSP as in trying to teach myself by reading the book, maybe lasted half a week it was dull, but if you think CISP ****** can shun at 145k maybe I should revisit. That listing never directly says CISSP I just know most of the time when I got calls about something dealing with RMF and Emass and DIACAP they wanted it, but maybe I'm wrong since they're lowballing.
thank you all greatly appreciated

gunna put some stuff together using yalls advice, Lets get it!!
 
I just bought the new PMP book by Andrew Crowe so I’ll be battling yawns too soon.

CISSP and PMP are the easiest money makers today.
Yeah I might do PMP in a year or two, ain't NEVER doing CISSP. Going to keep my CASP up to date and I am good. F that CISSP. I have worked with some of the dumbest people that have CISSP in there email signature.
 
CASP doesn’t have the reputation sadly. CompTIA tried. They created the test in 2011. We’re almost 10 years later. They’ve also developed a continuum with Linux+>Security+>CySA+>Pentest+>CASP.

Pentest is actually legit. Better than at least the older CEH exams (not sure about now).

I think the reputation of the CISSP is higher than the product or test. It’s basically a security management certification. That’s it. Make decisions with security in mind.

CASP is actually more technical. Dealing more with security architectures. At least V2. V1 was Security+ on steroids.

If someone asked me what certs were worthwhile now...I’d say Cloud or automation.

But CISSP and PMP will always have high ROI. Get you in many doors.
 
Back
Top Bottom