Even for people who have worked in the industry for a decade or more, a 2-page (one piece of paper, front-and-back) should be attainable
Review and update your resume for every job you apply for
People who have the most success with job applications, make sure all of the documents they provide (resume, cover letter, references and job application responses) are crafted and targeted to the position for which they are applying
Job experiences should be relevant
This does not mean that only InfoSec experience counts; this means each experience should be angled towards showing how you gained or applied InfoSec-related skills within that experience
As you prep your resume for each job you’re applying for, think about previous experiences in terms of how they relate to the prospective role
Each experience should answer the question: What was your individual contribution?
Saying you participated in a project or were on a team is fine, but do not forget to highlight what your specific contributions were to those projects or teams
If you collaborated with a couple other people on a single task, focus on the elements you provided
Ditch the generic “career goals” section
The operative word here is generic. If you are passionate about something and can make this sound like a personal mission that is important to you and is uniquely you, then leave it in
If all you have to say is you “want to get a job in InfoSec, hack all the things, and protect stuff,” then at best it’s not doing anything to help you stand out, and at worst, it shows you’re just like everyone else who wants to work in InfoSec
Instead - use that real estate on your resume to say something that helps you stand out. Talk about something uniquely you - a group you founded, a tool/script/program you created, a policy/strategy/marketing campaign you came up with, or a personal philosophy that explains your approach to InfoSec
Streamline your technical skills, and focus on what’s important
It’s 2020 people, and it’s fair to assume everyone has at least passing knowledge of how to use Microsoft Office products. Unless the job explicitly mentions you need to be proficient in Word and Excel, there is no reason to list them
Unless the job says Windows or Mac experience is required, take them off
Caveat: If a job expects that you are proficient in a specific operating system and can perform command line scripting (as an example), something in your resume should highlight your experience in that area
Avoid inflating promotions or title changes into multiple positions
Sure, if these were distinctly different roles within the same organization, list them and touch on those unique experiences
If you were basically doing the same job the entire time, and had some title changes along the way, either pick the most current one and attach all of your experience to that one, or list all of the titles but consolidate them to a single collective experience
Avoid doxxing yourself through your resume
If you are posting your resume on sites like LinkedIn or Glassdoor so it can be viewed publicly, you probably don’t want to include your home address and personal cell phone number
Keep multiple versions of your resume if you have to - one that you use for public display that says “Contact info available on request” or that just displays an email address; and one that has the rest of the details that you would include with job applications or provide to recruiters
Do not put your date of birth or Social Security Number on your resume
<Sigh> Just. Don’t.
Scale back the details of your education based on your work experience
If you are applying for your first job or (especially) an internship, the company may specifically want to know your GPA, otherwise it’s not necessary
If you’ve been working in the industry for a number of years, then GPA and graduation year are probably both unnecessary
In all cases though, do include the school you attended - large or small. This can become a conversation piece in unexpected ways, and that’s a good thing
Keep references separate from your resume
This helps to conserve space on your resume and let’s you decide when to provide them (and have more control over who you provide at the time references may be contacted)
Highlight volunteer work, regardless of whether it is related to InfoSec
Shows involvement outside of work, and your desire to give-back to the community
Link to any InfoSec work you do on your own time
A great to way do this is to start a blog, which can serve as a supplement to your resume
If you maintain an active GitHub of personal work, include a link to that as well