Do You Want to Work in Infosec or Win a Nobel Prize for Literature?

Is This a Resume or a Novel?


5 InfoSec Resume Tips

I’ve come to the realization that we have many budding writers masquerading as Information Security professionals out there. Today, my InfoSec staffing company received a fifty-five page resume from a candidate. I’m not joking – 55 pages! In eighteen years of recruiting, this is a record for me.

Earlier in the day we had a conversation with a candidate who submitted a thirteen page resume. This individual would not accept any suggestions on changes or shortening his resume despite it having detailed job descriptions going back to the mid 90’s. The exact response was: “I don’t want to work for a company that’s not willing to read all of my resume.” What I heard was: “I am not really looking for a new opportunity.”

If you are not willing to change your resume, then you must be getting the opportunities you want already. If you want access to different, or perhaps more, options, then you are going to have to make some changes.

Do not fall into the trap of thinking of a resume as a document detailing all your work history, or as your personal statement. No one can get a true sense of who you are from a piece of paper (or even from a stack of fifty-five papers), and if you make it a personal statement, any feedback becomes an insult. Remember, the goal is to generate enough interest in you to make them want to meet you. Resumes are put together to do one thing – get you an interview.

Nowadays there is rarely one decision maker in the recruitment process, and within InfoSec in particular there are usually several layers of people that resumes go through before a candidate is chosen. Each person in the chain is looking for different things from a resume, and so the first thing to understand is you’re not going to please all the people all the time. What a good recruiter will do is advise you on what will help get the interview, which is your chance to explain and expand on the experience you have.

Good communication skills are the most common soft skill we get asked for. They feature in almost every single request we get. I sit on a couple different advisory boards specifically focused on InfoSec (cybersecurity) education, and along with technical instruction offered by these organizations, I ask them to ensure both written and verbal communication skills are included in their curriculum. Your resume is an extension of these skills, and if you can’t write a concise, accurate resume representing your own experience, what can an employer expect when you are writing a report evaluating a new security tool or reporting back following some pen testing you have performed?

With that in mind, here are my top 5 InfoSec resume tips:


Pick a format that is relevant to your industry and stick to it. If you have a resume that you have added to over the years, be sure your format is consistent and that you are using the same font throughout. One tip is to stay away from formats that involve columns or tables. When resumes are uploaded to some organizations’ systems, this type of formatting can be lost – so keep it neat and simple.


The company has been kind enough to give you a list of their requirements, so make your resume specific and tailored to show how your experience has prepared you to meet those needs. Share relevant projects and skills performed during your time at your most recent companies.


This one is important because rereading for typos and using spell-check is simple, while not bothering is an easy way to make you look lazy. As for grammar, if it’s a weak point for you (like it is for me) then get someone else to check it for you.


Resumes should accurately represent your experience in a concise manner. That being said, the length of time you’ve been working will determine how long your resume can be. I would recommend one page for a recent graduate and three (four at most) for a seasoned professional. I understand many experienced candidates are worried about this, so here are some effective ways to shorten your resume:

  • Only go into detail on the jobs you have held for the last 10 years. For older positions, a company name, job title, and dates are sufficient.
  • Get rid of your objective. If your resume is tailored to the job, a prospective employer should understand why you want to apply for the position.
  • Review your Education and Training sections. Are they up to date and relevant? Maybe it’s time to take the Novell CNE you got twenty years ago off your resume.
  • No need for company descriptions and logos – employers can easily search that information on Google.


This one is a non-negotiable. Lying on a resume will quickly get exposed and result in a waste of time for you and anyone you interact with during this process. And of course, it will tarnish your reputation. The InfoSec industry is in some ways a small place – your network can be your biggest asset or your greatest hindrance in your job search.

Think of your resume as the first impression you give to a recruiter or prospective employer. Follow these five tips to show them you are a clear communicator with a focused presentation and get the interview – then it’s time to turn on the dazzle and lock down that job!

The original article can be found here in ITSP Magazine.

Posted in ,