I had a conversation recently with someone in the pen testing field that I had noticed had no problem getting job offers in this horrible economy. When talking to him, you can tell right away, he knows his stuff. And it's not just rote memorization of cert exam answers. Now he doesn't know everything, and he will readily admit it. He is also very willing to learn anything and everything. This kind of attitude and eventual knowledge gain has just kept him climbing the ladder to better and higher paying jobs. So I was wondering what it is that many out there are complaining about. This Eye-opening article by Roger Grimes tells me.

http://www.infoworld.com/d/security-central/dont-blow-your-next-it-security-job-interview-226

Hope it helps,
Don

I liked a lot the article, I prefer to read before begin to pursue a certification, but I always use the certification to get knowledge and go a little deep.

This is the information I am looking for, to tell you the true about the interviews.

Don, thanks for linking to the article as it's a good read.

I'll second the suggestion of 'Don't know', one of the best bits of advice I was given when starting in the IT field is that one of the best answers to a question (obviously knowing the answer is prefered ) is 'I don't know, but I'll find out and get back to you'. Unfortunately, this doesn't always transistion well in interview situations, I know of an interview were the candidate's answer to every technical question was 'I'd use Google to find out', as far as I know he is still looking for a job...

From an general perspective this could be depressing, but if you know your stuff then look on the brightside, you should be a prime candidate (if you can get your CV past HR....)

You know, I agree that getting by the recruiter/hr can be a real pain. However, using your network doesn't hurt any. It does help to know some one where you are looking and that will often get you in the door for that crucial interview.

Take for example, the folks here. Between us, we all know a lot of people and most of would be willing to help some one get started. Look at all the advice available here in this thread alone. And chance are, if one of us doesn't work where you are looking, we might know a some one that does. So my advice, along with all of the above, is to keep plugging away at getting in the door, but also use your network of contacts.

I read the article now too. I guess it is very important to know at least the theoretical basics of possible attack vendors and some countermeasurse you can start. Often people won't be asked something very specialized as the interviewer wants first to see if the person has at least a general knowledge on the field he is applying for.
In my experience it also often helps to just talk and show that you are very interested and commited to security. When you can show some certificates or projects where you have worked in your spare free-time on it surely will help and will maybe even be the last thing needed to get employed.


Some things mentioned in the article are naturally though such as not bad talking about your former employ or display yourself as an leet hacker. As soon as the interviewer gets the feeling that you are not serious or doubt your legitimate actions you surely won't get the job.