How to Build a Cybersecurity Resume
So, you’ve wrapped up your cybersecurity education or completed our Cyber Defense Analyst Program—congratulations! You’re well on your way to landing...
You did it—after applications (and rejections), you’ve finally landed that interview you’ve been hoping for.
Whether this is your first time interviewing for a technical position, or you've been out of practice, you may be feeling anxious going into the interview process. Don’t worry—we’ve all been there and have a few tips on how to best prepare and crush your interviews!
Before you start though I recommend taking a moment to evaluate why you’re looking for a cybersecurity job in the first place.
This is an often-overlooked question. You may have looked at Hollywood hackers or have seen the breaches in the news and wanted to explore more!
And truthfully, those are perfectly acceptable reasons to want to get into cyber. There are a few more things you should consider, though:
Whatever your reason, write it down. Make it your mantra. When burnout, imposter syndrome, and rejection letters rear their ugly heads, having a personal mission statement or your “why” will help you weather that adversity.
This is helpful not only for your own sanity, but it is a question that tells an interviewer and potential employer a TON about you and what motivates you to help them secure their data.
At first glance, this may seem like a simple question. However, you’d be surprised how many people don’t take the time to explore not only what motivates them, but also check in with their own preferences and how they work best.
These can also be telling—not only for your potential employer’s benefit but also to determine if this position is a good fit for YOU! Remember, as you’re going in to be interviewed, you’re simultaneously interviewing the company to make sure it’s a good fit for you.
For example, if you’re someone who needs routine, established protocols, and prefers working as part of a team with its own established roles, you may want to stay away from startups where you may have to “build the plane as you’re flying it,” so to speak.
If you enjoy the opposite—preferring to carve your own role and potentially wear multiple hats and stand up your own program—you may in fact enjoy the startup culture!
It all comes back to where you work best, and it’s okay if you don’t know all your preferences. I’ve found it helps to start with a list of things you’ve enjoyed about your previous jobs and keep them as general as possible. You may even start with a table like I have pictured below:
Remember, YOU are interviewing your potential EMPLOYER as much as THEY are interviewing YOU.
At this point, you should have a loose idea of what you may be looking for. Are there any questions that came up while you were thinking about your ideal work environment? How then can we gather the information we need to do some initial reconnaissance (see what I did there?) about the company, culture, benefits, expectations, and all sorts of other useful info?
Just as if we were penetration testing a network, we’d first want to start with some Open-Source Intelligence (OSINT).
Your Toolkit:
Take some time to review all these resources—once you’ve formulated your questions and have a good idea of where you fall, you’ll feel much more prepared for that initial interview.
This is an initial screening call most likely done over the phone or a virtual call with an initial HR person depending on how the company’s hiring pipeline works. You can expect some general questions about yourself, what your expectations are, and if all goes well, what steps will look like moving forward. That said, it never hurts to over-prepare and be ready for technical questions if they arise!
What does your work availability look like?
Tell me about your job history…
Tell me about yourself…
What are your salary expectations?
Why is the <XYZ> company filling this position?
What is the turnover rate like?
What are my expected working hours?
Is there an advancement pipeline for training/career development?
What <XYZ> company’s culture like? What do YOU as an employee enjoy about working at <XYZ>?
What should I expect for next steps in the interview process? When can I expect to hear something back?
This tends to be the most anxiety-inducing piece for most people looking to get into cybersecurity: “How do I prepare for the technical interview?” Just as we did before with our initial call, we need to use OSINT to help us out.
It’s always good to get the names and titles of people that are going to conduct the interview with you—especially the technical ones. Do some background investigation on them using LinkedIn! What is their background like? What other jobs did they hold? Where does their expertise lie? These are all things that can help. Who cares if they know you’re looking at their profile? Showing some initiative and research shows them how serious you are about this position.
How familiar are you with the work that the position you’re applying for? Do you know what a “day in the life” may look like? If you have friends or contacts in those types of positions already, it may be worth giving them a call to ask if they can help you prepare.
How well can you speak to your experience? Can you explain an IDOR vulnerability to your grandmother? Where would you start building a security program from the ground up? What’s the difference between a security incident and a security event? There can be a lot of anxiety here from a battery of questions—instead of rattling off a list of potentials, let’s work with some strategies:
Experience: It always leaves much more of an impression if you can take the question and tie it to practical hands-on experience that you’ve done. This is where your power is. You can turn a Q&A session into like-minded professionals talking shop quickly!
For example...
Q: Talk to me about the OSI model.
A: It’s a conceptual model to categories the different protocols and encapsulation from the physical layer to application layer. You can see some of this in how Wireshark traffic when you’re looking at a specific packet, which I’ve done extensively in my course where we did XYZ….
A word of caution:
This technique can easily backfire if you use it to dodge questions or begin to overuse it. With great power comes great responsibility: be sure to use this technique responsibly on one or two questions if you start to feel the interview turn into a Q&A session.
What if I don’t know? The best advice I can give here is this: do not be afraid to say, “I don’t know, but I would do <XYZ> to research and find out.” These interviews are meant to test your knowledge base, including where it ends! The last thing you want to do here is fib your way through, throw out buzzwords and talk around things if you genuinely don’t know the answer.
It’s okay to not have all the answers – talk through your processes of finding things out if you don’t know! How do you conduct research? Where would you look? By taking the initiative and ownership of what you don’t know here can turn a knowledge gap into a win in the interviewer’s eyes.
At this point, you’ve received the stamp of approval from the technical squad and are ready to meet your potential coworkers. This is likely to be a lighter conversation whether with the team you’d be working with on a day-to-day basis, other departments you may have to coordinate with to get a feeling for how you fit in to the team environment.
Nothing more for you to do here than be yourself and engage! Relax—you’ve made it through the hardest part of the process and are ready to meet some potential future teammates and begin thinking about if this is a step that you’re ready to take!
Rejection sucks—there’s no doubt about it and it can become all too easy to take it personally after making your way into the interview pipeline. Maybe it’s just not a good fit or there are some other circumstances at play. Whatever the reason, it doesn’t have to be a negative. Practice makes perfect in the job hunt, and it is ALWAYS okay to ask for feedback or ways to improve. Take some of the lessons learned to refine and improve your process before getting back out there and finding that job!
The job hunt is never easy. Whether you’re breaking into the field or an experienced professional, it can be daunting to enter that arena! We’ve all experienced it. However, by taking a proactive and engaged approach to the process, you can never go wrong. Arm yourself with the proper intelligence and use it to your advantage. The more you prepare, the more you can dominate the interview process and showcase just how skilled you are as a cyber professional. Good luck, candidate!
So, you’ve wrapped up your cybersecurity education or completed our Cyber Defense Analyst Program—congratulations! You’re well on your way to landing...
Picture this: you just moved into a new apartment with neighbors you don’t even know and on a street that you’ve never even heard of until you came...
Senit Lutgen is a student in the Winter 2023 Cohort of our Cyber Defense Analyst Bootcamp. Below, he details some of the tell-tale signs that a...