While reading a job description for an IT security analyst recently, I noticed that the details were somewhat vague. The position required so many years of the usual security requirements and experience with routers, firewalls, IPS, but it didn’t mention which ones.
Then I saw this statement, which explained the vagueness:
Due to security policy, specifics on the systems will only be provided in the interview.
So the job description doesn’t identify the firewall as PIX or Cyberguard, the routers as Cisco or Juniper, etc. If you make it to the interview, you’ll find out what brands they use. If those brands aren’t on your resume, you won’t make it to the interview. But as a result of their secrecy, they probably get more resumes that they end up tossing because applicants didn’t have the right “brand” of experience.
Would you be less likely to apply for a job like this? For me, it would depend on the company and how bad I wanted to switch jobs.
Has anyone else seen a statement like this on a job description?
A quick Google search of this company didn’t turn up any brand info, and surprisingly, neither did a search of LinkedIn–even former employees didn’t list any specific details. The company must have a strong culture of security.
Kind of interesting for a company that’s in manufacturing…
ITauditSecurity 
I would love know what company it is, you don’t even find such strong security culture in government or financial institutions.
LikeLike
coffeeking,
Unfortunately, I can’t divulge, but I can assure you it’s not a company that you’d say, “Yeah, that makes sense.” Makes me think they’ve suffered a major breach or something. I googled them, but didn’t find any evidence of a breach.
I agree, you don’t see much of this in gov’t or finance although I have seen one finance company that was better than most.
LikeLike
I agree, they must have had some past experience to have come out with this kind of policy. I wouldn’t disagree with them given that disclosing your internal infrastructure information does open a door for wrong intended people.
LikeLike
coffeeking,
I agree also, but it’s kind of hard to police this, especially after people leave the company. How can they stop what you post on LinkedIn and other sites once employment ends? Besides, so many admins reveal their internal workings when they post their problems with their network devices and databases and the like. I didn’t find the company in question doing it, but it’s one of the things I always look for when I’m applying for a job to get a feel for their systems and issues.
LikeLike