Resume Tips and Tricks

Career Development

Resume Mindset

Resumes ARE not intended to be an archaeological record of everything you did in every role in your career. If you build it that way it’s going to be a swamp of bullet points that will take a recruiter a ton of time to sift value from.

The purpose of a resume is to communicate relevant experience as succinctly as possible to prove that you can do a certain role at a certain company.

Premium Real Estate

It’s a tired statistic that recruiters only look at a resume for 5-7 seconds before moving on. The point here is that you have to think of your resume like an elevator pitch to the recruiter and use the space intelligently. Ask yourself if a recruiter decides to spend 3 of those seconds on a particular section, do they learn much about you or your qualifications or the role? If the answer is “No”, then it probably makes sense to remove it and only leave the good bits.

Avoid walls of text

People naturally avoid reading walls of text.

Give your resume some room to breathe.

People are generally averse to committing focus on large amounts of text bundled together. Look at the two simplified resumes below. Without seeing any of the content, most people would prefer to review the document on the left because it is much easier to skim and find important information.

Simplify

Be concise with your language to make your message clear and fight the urge to stuff too many words into a single bullet point.

Look at this bullet point:

- Provided Pre-Sales support to CompanyA Channel/Account Managers and strategic CompanyA Customers by developing and performing presentations, competitive reviews, demonstrations, RFIs/RFPs, and Proof Of Concepts.

It’s a perfectly fine bullet in its own right but can the same thing be communicated with fewer words? Remember that space is at a premium and the goal is to avoid having walls on walls of text.

Let’s strip this down to a more concise bullet point:

- Provided Pre-Sales support by building/delivering technical demos, RFIs/RFPs, and proof of concepts to strategic customers.

  • Which of these statements are you more likely to read?
  • Does the shorter statement communicate any less information to the recruiter about your capabilities?

Remove Redundant Bullet Points

As discussed earlier, a recruiter’s time/attention is limited so it’s important to use EACH bullet to tell them something new about your qualifications. Look at these two bullet points below and ask “What does this tell a recruiter about the candidate?”

- Conducted technical meetings with customers and partners to showcase CompanyA products and solutions, as well as the associated benefits of the products.

- Hosted workshops to educate CompanyA customers and partners about the ever-changing threat landscape and how to better protect their network/cloud/endpoint resources.

The first bullet demonstrates that the candidate has experience:

  • Speaking to external customers
  • Explain technical concepts
  • Showcase product features

The second bullet demonstrates that the candidate has experience:

  • Speaking to external customers
  • Explain technical concepts
  • Showcase security/threat knowledge

While both of those items may technically be different tasks within a role, it’s clear to see that the recruiter doesn’t learn much new about the candidate from the second bullet. I’d recommend merging the two bullets or dropping one of them completely.

Walk in a recruiter’s shoes

While there are a few recruiters that specialize in security, it’s important to build a resume that is informative to all recruiters regardless of their industry-specific knowledge.

Mirroring Terminology

Let’s take a job posting that asks for:

  • 2 years of IDS experience
  • Experience with Nessus
  • GIAC Certifications preferred

Make sure that you mirror the specific terms/language to remove any ambiguity that you have the relevant skills for the role. Remember to assume that the recruiter is simply looking to match terms in your resume against terms in the job description.

Do use:

  • Experience writing and tuning Snort (IDS) rules
  • Scheduled and analyzed Nessus vulnerability scans
  • GIAC Reverse Engineering Malware certified

Don’t use:

  • Experience writing and tuning Snort rules
  • Scheduled and analyzed vulnerability scans
  • GREM Certified

The second set of bullets clearly demonstrates that the candidate has the appropriate skills for the role IF you have working knowledge in the world of security. I wouldn’t take the chance that the recruiter might have that experience to connect the dots. Connect those dots for them.

Abbreviations

Avoid using abbreviations/terms that a recruiter or hiring manager may not know. Instead of mentioning a bunch of alphabet soup for skills and certs, write them out and put the abbreviated version in parenthesis.

  • GIAC Certified Intrusion Analyst (GCIA)
  • User-Based Access Control (UBAC)
  • Public Key Infrastructure (PKI)

This is even more true for people with military experience as the number of acronyms you all use is nuts. Help us civilians out by translating your accomplishments into English.

Certification disambiguation

As someone who holds several security certifications, I’m fairly familiar with the cert landscape but I’ll be the first to admit that I don’t know them all or even how some of them compare to each other. Here is a crazy visual that shows the majority of security certs (but not all): https://pauljerimy.com/security-certification-roadmap/

How can we expect a recruiter to be up to date in this world?

The goal is to make your certs as easy to understand as possible. This is even more important when you have different certifications than what is listed in the job posting. Instead of just listing your certifications, explain how they compare to what the job posting is looking for. This will help a recruiter understand the context of what you have achieved rather than just blindly trying to match cert abbreviations.

Example Job posting

- Certifications desired: Security+, CySA+, CEH, CISSP

Resume

  • GIAC Certified Intrusion Handler (GCIH) - [Exceeds Security+]
  • CCNA CyberOps - [CySA+ Equivalent]

Use them! In the dozens of candidates I’ve interviewed, I’ve never touched a physical resume. Especially on remote teams, resumes are usually only viewed digitally so take advantage of hyperlinks.

When a recruiter comes across a term or a certification they aren’t familiar with it’s highly unlikely that they will take the time to stop reviewing a resume to go research it. Adding a hyperlink that will direct them to the relevant information decreases the time needed to learn about a term/subject and makes it more likely that they will take a few seconds to learn about your skills.