- Keep it short and simple
- Even for people who have worked in the industry for a decade or more, a 2-page (one piece of paper, front-and-back) should be attainable
- Review and update your resume for every job you apply for
- People who have the most success with job applications, make sure all of the documents they provide (resume, cover letter, references and job application responses) are crafted and targeted to the position for which they are applying
- Job experiences should be relevant
- This does not mean that only InfoSec experience counts; this means each experience should be angled towards showing how you gained or applied InfoSec-related skills within that experience
- As you prep your resume for each job you’re applying for, think about previous experiences in terms of how they relate to the prospective role
- Each experience should answer the question: What was your individual contribution?
- Saying you participated in a project or were on a team is fine, but do not forget to highlight what your specific contributions were to those projects or teams
- If you collaborated with a couple other people on a single task, focus on the elements you provided
- Ditch the generic “career goals” section
- The operative word here is generic. If you are passionate about something and can make this sound like a personal mission that is important to you and is uniquely you, then leave it in
- If all you have to say is you “want to get a job in InfoSec, hack all the things, and protect stuff,” then at best it’s not doing anything to help you stand out, and at worst, it shows you’re just like everyone else who wants to work in InfoSec
- Instead - use that real estate on your resume to say something that helps you stand out. Talk about something uniquely you - a group you founded, a tool/script/program you created, a policy/strategy/marketing campaign you came up with, or a personal philosophy that explains your approach to InfoSec
- Streamline your technical skills, and focus on what’s important
- It’s 2020 people, and it’s fair to assume everyone has at least passing knowledge of how to use Microsoft Office products. Unless the job explicitly mentions you need to be proficient in Word and Excel, there is no reason to list them
- Unless the job says Windows or Mac experience is required, take them off
- Caveat: If a job expects that you are proficient in a specific operating system and can perform command line scripting (as an example), something in your resume should highlight your experience in that area
- Avoid inflating promotions or title changes into multiple positions
- Sure, if these were distinctly different roles within the same organization, list them and touch on those unique experiences
- If you were basically doing the same job the entire time, and had some title changes along the way, either pick the most current one and attach all of your experience to that one, or list all of the titles but consolidate them to a single collective experience
- Avoid doxxing yourself through your resume
- If you are posting your resume on sites like LinkedIn or Glassdoor so it can be viewed publicly, you probably don’t want to include your home address and personal cell phone number
- Keep multiple versions of your resume if you have to - one that you use for public display that says “Contact info available on request” or that just displays an email address; and one that has the rest of the details that you would include with job applications or provide to recruiters
- Do not put your date of birth or Social Security Number on your resume
- Scale back the details of your education based on your work experience
- If you are applying for your first job or (especially) an internship, the company may specifically want to know your GPA, otherwise it’s not necessary
- If you’ve been working in the industry for a number of years, then GPA and graduation year are probably both unnecessary
- In all cases though, do include the school you attended - large or small. This can become a conversation piece in unexpected ways, and that’s a good thing
- Keep references separate from your resume
- This helps to conserve space on your resume and let’s you decide when to provide them (and have more control over who you provide at the time references may be contacted)
- Highlight volunteer work, regardless of whether it is related to InfoSec
- Shows involvement outside of work, and your desire to give-back to the community
- Link to any InfoSec work you do on your own time
- A great to way do this is to start a blog, which can serve as a supplement to your resume
- If you maintain an active GitHub of personal work, include a link to that as well
- Check out my tips for creating cover letters (I still need to pare it down a bit)
- Other suggestions - less critical than the aforementioned ones
- Create a designer, one-page resume that focuses more on keywords and eye-catching layout in contrast to more traditional resume
- This is a good one to carry with you and can hand out at career fairs or conferences
- Include a section for groups you participate in outside of work and/or hobbies
- This could also contain memberships to professional organizations
- Job applications should not just be a copy and paste of your resume
- While it’s certainly more work, you don’t want to miss the opportunity to share additional information about your work experiences
- One strategy for this could be to emphasize keywords in the job application, and emphasize work experience in resume
- Include your social media accounts if they are suitable for professional purposes
- LinkedIn and Twitter are the typical ones used for this purpose
- Mention some of the learning opportunities or other activities you have pursued on your own time
- Local or virtual conferences attended, online classes or other self-taught efforts are all good to mention
