CV / Résumé for InfoSec Jobs.
89 views
Skip to first unread message
Bacon Zombie
Jan 30, 2013, 11:18:47 AM1/30/13
to isdpo...@googlegroups.com
Hi All,
I'm looking to move from Network/System Admin role into pure Security
and in the middle of updating my CV.
I would like to see if the hive mind has any opinion on what should
and should not go into a CV and should a CV for a Security Job be
different from a standard Tech CV.
Soon difference that come to mind are:
#> Do you list conferences you have attended and if so what section do
you list them under or do they deserve there own section.
#> Do you list projects and CTF.
#> Do you list that you are a member of your Hackerspace, DC or 2600
group and what do you put it under.
#> Do you follow the no more then 2 or 3 pages rule or has that
changes now since most people will read your CV via TXT/PDF/DOCX and
not a printout.
What are some thing really should include and also really should not
include on my CV.
Thanks in advance,
P.S : Just realised CV may not be a common term for all; CV =
Curriculum Vitae or Résumé.
--
BaconZombie
LOAD "*",8,1
I'm looking to move from Network/System Admin role into pure Security
and in the middle of updating my CV.
I would like to see if the hive mind has any opinion on what should
and should not go into a CV and should a CV for a Security Job be
different from a standard Tech CV.
Soon difference that come to mind are:
#> Do you list conferences you have attended and if so what section do
you list them under or do they deserve there own section.
#> Do you list projects and CTF.
#> Do you list that you are a member of your Hackerspace, DC or 2600
group and what do you put it under.
#> Do you follow the no more then 2 or 3 pages rule or has that
changes now since most people will read your CV via TXT/PDF/DOCX and
not a printout.
What are some thing really should include and also really should not
include on my CV.
Thanks in advance,
P.S : Just realised CV may not be a common term for all; CV =
Curriculum Vitae or Résumé.
--
BaconZombie
LOAD "*",8,1
Ryker Exum
Jan 30, 2013, 11:40:02 AM1/30/13
to isdpo...@googlegroups.com
I've always been a fan of the format:
-Contact Info (not too big, regular font)
-Key KSAs (5-ish bullets)
-Last 3 places of employment with 3-5 bullets on experience (include only
relevant jobs)(major job position changes within same firm if employed long
term can replace other places of employment)
-Certifications/Non-cert based training courses
-Education
-Professional memberships (Paid)/Industry groups (Free)
In most cases this will get you to 2 pages in a hurry. I only like including
2 pages. If you have a PhD or do lots of research projects add a third page.
The resume is just a conversation starter. Only give lead-ins so interviewer
can use them as talking points.
Follow up with interview with thank you email within 48h or so that includes
3-4 things you bring to the table and how they apply to the job.
I've found lots of good recommendations in this thread:
http://www.reddit.com/r/AskReddit/comments/13pd65/employers_of_reddit_what_a
ctually_makes_you_like/
--
You received this message because you are subscribed to the Google Groups
"isdpodcast" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to isdpodcast+...@googlegroups.com.
To post to this group, send email to isdpo...@googlegroups.com.
Visit this group at http://groups.google.com/group/isdpodcast?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
-Contact Info (not too big, regular font)
-Key KSAs (5-ish bullets)
-Last 3 places of employment with 3-5 bullets on experience (include only
relevant jobs)(major job position changes within same firm if employed long
term can replace other places of employment)
-Certifications/Non-cert based training courses
-Education
-Professional memberships (Paid)/Industry groups (Free)
In most cases this will get you to 2 pages in a hurry. I only like including
2 pages. If you have a PhD or do lots of research projects add a third page.
The resume is just a conversation starter. Only give lead-ins so interviewer
can use them as talking points.
Follow up with interview with thank you email within 48h or so that includes
3-4 things you bring to the table and how they apply to the job.
I've found lots of good recommendations in this thread:
http://www.reddit.com/r/AskReddit/comments/13pd65/employers_of_reddit_what_a
ctually_makes_you_like/
You received this message because you are subscribed to the Google Groups
"isdpodcast" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to isdpodcast+...@googlegroups.com.
To post to this group, send email to isdpo...@googlegroups.com.
Visit this group at http://groups.google.com/group/isdpodcast?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Conrad Constantine
Jan 30, 2013, 12:12:27 PM1/30/13
to isdpo...@googlegroups.com
On 1/30/2013 11:40 AM, Ryker Exum wrote:
> In most cases this will get you to 2 pages in a hurry. I only like including
> 2 pages. If you have a PhD or do lots of research projects add a third page.
> The resume is just a conversation starter. Only give lead-ins so interviewer
> can use them as talking points.
> Follow up with interview with thank you email within 48h or so that includes
> 3-4 things you bring to the table and how they apply to the job.
That advice is spot-on:
> In most cases this will get you to 2 pages in a hurry. I only like including
> 2 pages. If you have a PhD or do lots of research projects add a third page.
> The resume is just a conversation starter. Only give lead-ins so interviewer
> can use them as talking points.
> Follow up with interview with thank you email within 48h or so that includes
> 3-4 things you bring to the table and how they apply to the job.
The single most important piece of advice I can hand out from my brief
time as an infosec recruiter many moons ago is this:
"Nobody reading your resume gives a flying fuck about what you did for
your previous employers, they want to know what you're going to do for
them!".
Most resumes I run across read like this
Job Title A
- performed duties of job title A
- responsible for stuff that person in Job Title A would be
responsible for
- I don't think you understand what the role of Job Title A is, so
I'll explain it a little more here.
This goes just as much for infosec too. unless the title and the things
you did there were vastly incongruent, don't spell out the shit you did
as part of the job - you did the job, I get that already (assuming you
weren't fired for NOT doing the job). If you did something that was
impressive, but only due to the scale of the company ('managed
half-a-million endpoint devices while juggling the CEO's grandchildren's
daycare'), tell me something about how you managed to not suck at that
gargantuan task, that might translate to some value to me and my company
that spends less on payroll than your prior employer spent on coffee.
So many smart people write resumes that read like sick notes from their
mother, apologizing for why they aren't CEO yet.
When your resume arrives in the stack, it's one of a hundred that are
all alike - we ask the HR people - 'we want people with X years of
experience in X', and they bring us resumes that match that.
So given that your competition in the resume pool is a bunch of folks
that have *identical* experience to you.
The question is - how do you differentiate yourself from them?
In my opinion when interviewing people - being active in the infosec
community is a huge bonus right off the mark. One of my go-to questions
in interviewing people is "whose work in infosec do you respect the
most? Who's doing the cutting edge stuff out there right now? Where do
you go for most of your day to day technical security info?"
(Sadly most of the answers I get from many candidates are limited to
folks that they know their names from the mainstream tech news).
Imagine if you asked that same question of your surgeon - "who is the
best person in your medical specialization today in your opinion? and
where do you find the most interesting medical papers?" and their
response was "errr.. I dunno" and "Scientific American?"
Tl;Dr:
- I know what job roles in infosec are - don't explain them to me
- Highlight how you did that job better than other people could have
- Make it clear how you're different from the folks with otherwise
identical experience to you.
- Sell me on wanting to talk to you, but realize I'm gonna fact check
the shit out of everything about you before we do that.
Steven Hatfield
Jan 30, 2013, 12:32:32 PM1/30/13
to isdpo...@googlegroups.com
If we want to go with non cert based training I got a couple binders worth I can print up. Pretty sure you don't mean what I'm talking about though.
Thanks for clarifying what you meant bacon, I was lost.
Adrian Sanabria
Jan 30, 2013, 3:29:33 PM1/30/13
to isdpo...@googlegroups.com
I'd definitely list projects, CTF, DC/2600 involvement & all the rest under "Community Involvement" or some similar heading. To the reader, there is no difference between a CV full of lies and a CV full of truth. If the CV points to something tangible online, like a talk you gave or a SANS paper in the reading room or a project you were involved in, the hiring manager has much more to go on.
I'll go out on a limb and say it is more important than anything else on your CV.
For the same reason, be careful what you post, because a savvy company will check out what you want them to see and what you don't, equally. I know I run Maltego & contact friends and acquaintances when I'm involved in evaluating a potential hire.
Ryker Exum
Jan 31, 2013, 2:15:50 PM1/31/13
to isdpo...@googlegroups.com
Yeah, I was thinking along the lines of training geared toward particular products that do not have an available cert. aka many of the courses taught at blackhat/cons. Obviously it would need to be particularly related to filling a position.
I know what you mean on the binders full of training lol…
Reply all
Reply to author
Forward
0 new messages