fbpx

Throughout my cybersecurity career, I’ve reviewed what I imagine is hundreds of resumes – and I still have several sitting in my review queue. I’ve done this as a professional responsibility, a freelance offering, and as a pro-bono activity for volunteer organizations. In that time, I’ve learned what separates a winning resume from one that needs a little more TLC. 

Since I’ve reviewed so many resumes, I have some observations and recommendations that may be useful for today’s job-seekers who find themselves in an increasingly hostile market. Below, I’ll share some tips and tricks for job hunters in the cybersecurity industry.

8 Tips & Tricks to Crafting a Winning Cybersecurity Resume

1) Always Proofread 

I know this tip may seem like common sense, but it’s one worth reiterating. Before you export your resume to a PDF or make the final adjustments on your Word doc, take some time to read through it. One glaring typo might be what sends your resume to the reject pile. A little spell and grammar check can go a long way. You may also want to read your resume out loud a few times (I personally use this method in my writing.) Whatever you do, just make sure you QA your work before it lands in a potential employer’s inbox.

2) Focus on Your Accomplishments 

One consistent theme I’ve encountered while reviewing resumes is people highlighting their day-to-day tasks and responsibilities in their experience section. While it’s important to outline your duties, I strongly recommend highlighting  your accomplishments as well. What were some of your “greatest hits” at your most recent role? If you had to recall three of your finest moments off the top of your head, what springs to mind? Some examples could be leading a red team, introducing a new tech stack, or helping prevent a major breach for a client. Did you help increase revenue at an employer? Make sure that is captured clearly in your resume. Emphasize achievements that illustrate how you benefited a prior employer. Showing that you are capable of doing your job is one thing, but showcasing your ability to exceed expectations will set you apart.

3) Substantiate Where You Can 

Whenever possible, back up your experiences and achievements with numbers or distinct results. Quantifying your achievements provides context and makes it easier for the resume reviewer to understand your impact. A few examples include:

  • You led a team of more than 50 penetration testers.
  • You were responsible for discovering a high-risk SSRF vulnerability during a security engagement that was successfully remediated by the client. 
  • You saved the company $X by implementing a new process or by selecting a new tool.

It may not always be possible to quantify your achievements, but try to implement it when and where you can. 

4) Don’t Be Afraid to Get Creative! 

This tip is especially pertinent for the cybersecurity industry. Many people searching for their first role have a lack of professional experience to highlight. In that case, I would encourage you to share your projects and experiences in the greater security community. If you participate in CTFs, are active in bug bounties, write blog posts, or make YouTube videos on security topics, all of these things belong on your resume. They show your passion for cybersecurity, which can help land you an interview. Some employers will value on-the-job experience more than others, but if your previous roles don’t align with your career aspirations, you will want to lean more on your relevant activities.

learn how to hack, then prove it

5) Keep Your Resume Up-To-Date

Even if you’re not currently seeking a new opportunity, it’s imperative to update your resume at least once a year. I would go even farther and say update your resume every quarter, or every time you finish a notable project at work. If you earn a new certification or learn a new software, one of the first things you should do is update your resume. Since college, I have been making a habit of this. I find it’s much easier to add in meatier information when it’s still fresh in my mind.

6) Brag About Yourself, But Don’t Lie 

There is a way to spin your experiences that illustrates the most impact. However, I would strongly encourage you to avoid spinning something too much to the point where it becomes fiction. It’s likely that this will come out during the interview process, and may end up sabotaging you. 

7) Bonus Tip: Use AI to Give Your Resume a Boost 

I am not suggesting that you rely solely on ChatGPT to write your resume. However, ChatGPT and similar tools can provide amazing “superpowers” if you are struggling to refine a certain section. 

8) Ask for a Second Opinion 

Before you begin applying for jobs with your newly created or revamped cybersecurity resume, be sure to have someone else give it a quick once-over. We all get “tunnel blindness” from our own creations, and having an outside perspective involved can give you some ideas on things you hadn’t even considered. People you could ask to review it include trusted friends or family members, former co-workers, or your mentor if you have one.

In the TCM Security Discord, we have a resumes channel, and usually someone is always lurking who can provide feedback if you ask. There are also plenty of people on LinkedIn – especially right now – offering resume review services (be sure to vet them!). And if you’re interested, TCM offers a FREE Soft Skills for the Job Market course that has a section on resumes. If you want to go further and receive more individualized advice, the Practical Career Ready Professional (PCRP) program, includes a resume review, interview prep, dedicated coaching, and more – all backed up by a team of qualified security professionals. 

The Job Search Can Be Challenging

Keep in mind that right now we are facing a historically bad job market in cybersecurity. It is not easy to get responses or interviews from potential employers, and you’re likely facing competition from hundreds if not thousands of others. It may be a long and arduous road; be kind to yourself while you’re on it and remember that there will eventually be a light at the end of the tunnel.

Want to go deeper? Check out this resume guide from TCM Security Discord member, Hiro. 

Britt Kemp hacker guinea pig

About the Author

Britt Kemp has over a decade of marketing and community experience, predominantly in the cybersecurity industry. Her mainstream career has been spent mostly at two businesses before TCM Security: a digital marketing agency and an offensive cybersecurity firm. As a writer, she has had bylines in the Phoenix New Times and The Spec, and has ghostwritten for a number of publications including Forbes and the Christian Science Monitor as well as self-published a few books. She also regularly reviews resumes when time permits, including resumes for professionals in the hospitality industry, the entertainment industry, and even the funeral industry in addition to cybersecurity. Britt has been music blogging on and off since the late 2000s, including interviewing a young Taylor Swift. She has two guinea pigs, and you can find Britt lurking around the TCM Discord with this avatar.

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

 

tel: (877) 771-8911 | email: info@tcm-sec.com