So, you’ve wrapped up your cybersecurity education or completed our Cyber Defense Analyst Program—congratulations! You’re well on your way to landing that cybersecurity job that you’ve been training for all this time.
You’ve got the credentials and the piece of paper that proves you know your stuff. Now, it’s time to move on to another important piece of paper: your resume.
Building any resume is daunting, but cybersecurity resumes are arguably even more daunting because of how competitive this industry is. Plus, you’ve likely got less than 10 seconds to show a prospective employer why they should pick up the phone and schedule an interview with you—no pressure, though. 😅
As a cybersecurity instructor over the past four years, I’ve helped hundreds of students build their resumes. These students have gone on to work at some incredible companies like BlackPanda, Rapid7, Synack, Skout, Optiv, DarkTrace, Huntress, Bank of America, and more.
There is one thing very important to remember and consider with any resume before we get started: resumes are meant to get you to the interview stage, and you get there by presenting your skills and experience that are relative to solving the problem(s) the employer has presented in the job posting.
We’ll cover the interview process in another article, so let’s dive right into getting you in the door.
First, this isn’t a creative field where your resume is an opportunity to reflect your design skills, so leave the fancy templates with colors and neat borders at the door. They’ll just distract the reader, who is far more concerned about your technical problem-solving skills and experience than your ability to deliver picturesque resume artwork.
Additionally, and most importantly, this can create problems in the resume-receiving process before it even hits a human. This is due to how resumes are received and formatted by automated tools. If you think someone is reviewing an inbox of emails with attached resumes... well, that just isn’t happening anymore.
These automated tools are classified as Applicant Tracking Software, or ATS. The ATS system in place will receive your resume first before anyone sees it, extract out bits of text using “pattern matching” algorithms to keywords in the job posting defined by the hiring manager that give your resume a “relativity score.” If your score was high enough to be accepted for human review, it moves on. Otherwise, it gets immediately rejected.
Ever submit your resume before and receive a near immediate rejection with a response that seems like your resume wasn’t even reviewed? It’s likely the ATS system doing that.
Let's keep it simple–what should your resume contain? I’d recommend the following sections in this order over one to two pages–and I’ll expand on them later:
In short, drop all creative formatting and ensure you’re hitting the keywords in the job posting, and your resume will have a higher chance of passing ATS filtering scores. Then, it hits a human reader for contextual review. Keep to the sections above, and your resume will be concise. Conciseness communicates context clearly.
Your resume now needs to demonstrate you can solve the problems proposed in the job posting. If you do this, you’ll get the interview.
If resumes are meant to be brief, this area is meant to summarize that briefness and should be about one to three sentences long.
You also don’t need a title like “Objective” or “Summary” above it, but that is what this area is aiming to accomplish. Additionally, the wording of either is already implied, so it is redundant and doesn’t need to be a header on the resume. Understanding this shows maturity in recognizing what is needed in technical recruitment.
This area demonstrates your ability to effectively communicate:
Let’s look at two examples below. The first one is great for those with very limited professional and personal experience in cybersecurity:
Cyber Defense Analyst Program graduate with practical experience in network analysis, threat hunting, malware, and digital forensics. Seeking to leverage skills to become the next [position you are applying for] at [company you’re applying to].
The next one is great for someone with transferable experience from previous jobs or self-guided personal experience and training. They may not have had work experience in the job title they are presenting themselves as but could quantify themselves just the same if they have the provided experience to back it up.
In this scenario, the person could have worked as an engineer at an organization, or maybe they developed their expertise by contributing to an open-source security tool that organizations use to solve similar problems:
Cybersecurity Engineer with demonstrated experience in endpoint triage, incident response, and threat detection engineering. Developer of [security tool you’re a developer or contributor on], and seeking to leverage skills to improve the effectiveness of the threat detection team at [company you’re applying to].
Your skills should be in line with what the job posting is asking for and should be completely technical unless the posting is asking for something different and you’re suitable for it. That means this area should leave room to be edited for each application you submit.
Aim to cover the general expected skills of a cybersecurity professional that are relative to the job and your experience, and then some specifics the posting is looking for you to provide.
Remember that we in cybersecurity are essentially risk management professionals and use information technology to manage that risk. We prevent, mitigate, and remediate cyber risk. Your skills should speak to this, and so should your experience in bullet points which we’ll review further below.
This is also an IT field–so your having “Windows experience” is assumed at this point. In effect, anything fundamental of how things “work” in IT, like how data moves over the wire in a network and what it looks like, should be part of that assumed knowledge.
In contrast, knowing how to spot outliers and anomalies in network traffic is more specific and relative to what a cybersecurity professional does (this goes back to the risk point above).
Some more generalized expected skills of a cybersecurity professional to highlight would be within this realm:
Some more specific skills that will vary from posting to posting would be within this realm. Note how they appear more specific and are really direct to what a job posting may ask for:
If the posting is in a leadership capacity, then make sure to add in some skills around business and team management.
Professional experience should be preceded by each role and organization you worked for or are currently working in and the respective dates. Each position should have no more than three to five bullet points that are single sentences.
Keep things cyber-focused around the skills and notion of risk management mentioned above, and a good rule of thumb should be bullet points that embody the following:
I also highly recommend demonstrating applicable personal experience. This is where you can demonstrate your soft skills:
Personal experience will demonstrate your passion and indicate you’re capable of identifying problems and solving them on your own–and not just for what a company is asking for.
Additionally, considering that cybersecurity is a lifelong learning career that never stagnates, it's almost expected that you’ll be learning new things–and don’t worry, this is experience you can get on the job with scheduled time for learning and even attending conferences.
But don’t forget: work/life balance is key.
To wrap things up, here are a few more general cybersecurity resume tips.
Cybersecurity is about managing risk and metrics on a resume don’t mean much without evidence. Demonstrating how you have prevented, mitigated, or remedied business risk with a tool or method versus saying you know how to use a tool has far more value to a hiring manager. Use this approach when articulating your skills and experience.
Cybersecurity experience can be demonstrated professionally and personally. If you can solve an industry problem with a tool, methodology, standard, or even paradigm, you’ve developed or contributed to that all organizations can benefit from–that has incredible value and doesn’t necessarily fall under professional experience.
Keep the resume within the one- to two-page range with concise points, and the resume should have very little to no styling in it to ensure it doesn’t get filtered out automatically.
Ready to put your skills to use? Download our free Cybersecurity Resume Template to get started!
Want to do a bit of additional reading before sitting down to craft your resume? Here’s where to start:
Happy building!