There are thousands of articles about resumes online. Compare them, and you’re sure to find some conflicting advice. On top of that, many of them are just bad.
“So why,” you may be asking, would I venture to write yet another online article in this over-polluted swamp? Simple.
I, along with my fellow security recruiters and hiring managers, genuinely want to find qualified candidates for open positions. We understand the critical mission of protecting our businesses, nation, and world from cyberattacks. So, we spend our days sifting through resumes hoping to find the right person, for a specific team, in a certain company, whose work will help strengthen the organization's security posture just “that much” more.
You see, there’s something that most job applicants miss when it comes to the resume writing and submission phase of a job search. Recruiters and hiring managers look through resumes with the mindset of wanting to find someone who fits the candidate profile for a position. We want to find reasons to screen you in rather than screen you out.
To do this, candidates, we need your help. Here’s what I wish every candidate would do when they put together their resume.
Give your resume a title.
Put a few key words at the top of your resume, directly below your name and contact information, that identify your area of expertise and what type of position you’re seeking. This immediately gives your resume focus and clarity and helps me zero-in on your strengths and desired job category. Use the position title from the job description or create your own. Some titles include: SOC Manager, Network Security Engineer, Secure Software Developer, Cyber Forensics Expert, and Chief Information Security Officer.
Be honest. Be real.
Let's say you add a bullet point highlighting your accomplishments with a previous position that says, “Responsible for enterprise-wide implementation of the Data Loss Prevention (DLP) program.” Sounds impressive. However, I can see that when you listed that accomplishment, you had less than five years of professional experience.
Seriously? You had signature authority to sign the contract with the DLP vendor? Met with the C-suite to get their buy-in on the processes that would need to be modified? And you did all this in your first or second job fresh out of school? Riiiiiiight. The saying goes there are only two times in life when someone is perfect – when they’re born and on their resume. Break the trend and protect your integrity.
Instead, be real. Say something like, “Led the process to determine business and security requirements for DLP rollout. Facilitated 20 meetings between various application and business teams to determine high-risk areas. Created security requirements around specific business needs.”
Describe the companies you’ve worked with.
Briefly describe each organization you’ve worked with including their age, industry, revenue, and size. I need a context for your experience and job duties. Don’t assume that I’ve heard of every big name company in the industry. A little bit of background about the organization gives me a better understanding of what you’ve done and how that relates to prospective positions.
Additionally, if you worked from home for a company that was located somewhere else, say so. I once saw a resume that changed locations from coast-to-coast every few years. “Wow," I thought, "this person really moves around a lot.” However, when speaking with this candidate, I discovered that he worked from home for each of these organizations.
Quantify your skills
Chances are, you don’t have the same level of expertise in all of the various platforms, networks, languages and tools listed on your resume. Let me know which skills you excel at. Using quantifying phrases like “Highly Skilled In” and “Working Knowledge Of” is extremely helpful to me and in your best interest as well. For example, you may not have the desired level of industry experience for a particular role. But, if the I know that you’re highly skilled in the required technical area, you’ve got a much greater chance of having your resume moved to the yes pile.
Talk results. Not just skills
If your job title is Penetration Tester and your first couple of bullet points say things like “perform onsite and remote penetration testing and ethical hacks to assess vulnerabilities of connected systems,” you’re not telling me anything that I don’t already know.
Don’t restate the obvious. Instead, tell me about the specific results and accomplishments that your expertise contributed to the typical job duties. “Found two new vulnerabilities in two hours after it was determined that all known vulnerabilities had been found using my custom-built tools and exploitation techniques,” makes me say, “Woah!” It also speaks to the person’s persistence and outside-the-box thinking.
Always keep in mind that the number one goal of your resume is to get you a job interview. It will also be the first impression that potential coworkers have of you since resumes get circulated to various people in the organization during the hiring process. A good resume engages me in the story of your career and stimulates questions as I read it. It makes me excited to meet you and engage in a conversation.