Information Security CV advice

Viewing 17 reply threads
  • Author
    • #4177

      Ive been wanting to write a CV with all of my infosec experience/education on for a while. Ive started to write it using my ‘regular’ CV as a template.

      Is it a good idea to keep two CV’s? One for regular and another for security job applications? (I’m still a full time student)

      Ive been told that on my security CV I should also incorporate my other non related work experience as it shows I am flexible. Is this a good idea?

      I normally have my date of birth on my CV, is this really necessary?

      And finally… does any one have any good examples? tips? advice?

      Thanks in advance!

    • #26463

      There are many guides around on the net.
      If your a student and starting out include all your work experiance would be my suggestion.

      Perhaps post a masked version of your CV for review?

    • #26464

      hey ethicalhack3r!

      I keep a good ‘base’ resume for myself, then when i want a job i tailor it to the position I want to apply for.

      My basic advice is a resume that goes like this:

      1) Personal statement – no one wants to hear an objective anymore, write what you’re passionate about related to the position you are applying for. Mine was all about pentesting and learning new things. Show tenacity, interest, and enthusiasm in this small paragraph.

      2) Now we have a choice, if you have a lot of work or volunteer experience then do that next. highlight projects, deadline completions, milestones, training, and cooperating wtih different departments. If you do not have a lot of work experience do your education section next, highlighting interesting projects, groups, awards, research, etc.

      3) Do the section you didn’t do before.

      4) Small section with awards, certifications, extra training.

      5) If you still cant flesh out two pages (or one as some people will say is better) do a self rated proficiencies list. Rate yourself 1-5 on specific things. Mine was pentest/VA so i have nessus, MSF, and all kinds of related products and languages involved in that field.  Be honest and comprehensive.

      A family member of mine is the lead tech recruiter of Panasonic and this is what i got after reading some good books on tech resumes and conspiring with her.

      just my 2c =)

    • #26465

      A friend of mine actually ran his resume through a professional resume writer and was able to pass some advice to me.  The one thing that really struck me and I hadn’t considered before was to list bulleted accomplishments at the end of the paragraph describing your job responsibilities.  If you worked on a difficult project, met an unreasonable deadline, etc, employers want to see it.  I really think that I have gotten many more leads after restructuring my resume with the above. 

    • #26466

      I see no particular reason why two CVs would be necessary. Maybe when someone has quite a lot of experience etc. and to only list the things which are of interest for a specific job, but especially as a student I would list also other things I have done.

      If you are into security and everything but have done previously something like construction worker (e.g. because of money) I would only list it if your CV would be very short without those things, otherwise I don’t think that this would be of interest for your employee.

      In terms of your birthdate I would say you have to include it. Is there a specific reason why you are considering to not put it there?

      No examples here (I guess it wouldn’t hurt if I write my CV in English too), but there should be many examples available on the net. If you don’t care, you could anonymize yours (and remove “unimportant” details ) in order to let it review others. Maybe this way we could improve it somehow or at least proofread it.

    • #26467

      awesec: Never put your birthday on your resume. You’re opening yourself up to discrimination. At least where I live, you’re not allowed to ask about age on interviews. I learned that last year when I was interviewing people for a Jr Network Engineer / Help Desk position. The only people who should know your age, is the HR department.

      As for gaps in your resume… I worked out of IT for about 2 years. One was spent going to college while living off my savings, the other was spent going to college while working a bar. I usually get asked about the 2 year gap by the head hunters, and the interviewers.

      I know different countries different rules.

    • #26468

      I also don’t (and wouldn’t) put my birth date on my resume. As noted above, it opens you up to discrimination.

      I think Jason offered up a lot of good advice. One thing I’ve been told by recruiters that helps is being very detailed when listing things you have experience with (e.g., instead of ‘firewall administration’ list ‘Juniper SSG540 Firewall administration’).

      When/if you focus on what you’ve done with an employer, don’t just bullet responsibilities (many people tend to do this). An employer doesn’t want to see that you were “responsible for the administration of the helpdesk system.” No one cares. Now, if you “implemented a new helpdesk system that cut trouble-ticket response time by 65%” that’s much better. Try to quantify things and make it appealing from a business perspective.

    • #26469

      Mh interesting bit about the birthdate. In my country we get taught at school that this should/ have to be included beside some other details as well.
      Discrimination because the interviewer may assume that one have not much knowledge because of age? Maybe I didn’t think about this one because I have no problem with telling my age nor have any bad experience with this. Just curious, but do you include a picture of yours in the CV or is that also not common in your countries?

    • #26470

      Pictures aren’t common here. Basically in the US (or at least my part of it) all they want is a documented history of what you thought your work was. If it matches what they need you’ll get an interview.

    • #26471

      I don’t include a picture and I would say that’s probably pretty rare here in the US.

      Well, I started to type a lengthy reply but decided to skip it. All that I’m going to say is I very much dislike being judged by my age. I’ve pretty much had to deal with that since I was 20 (though it’s starting to go away now) as the youngest in my position across the country for a global company. The strange looks, the attitudes and plain being ignored. I surely wouldn’t want a hiring manager or a recruiter having the same type of attitude after seeing my age on my resume. I want to be judged by knowledge, skills and experience – the way it should be.

    • #26472

      Interesting to read about how different the same procedure is done in different countries.

      I agree with you, that one should not be judged by age, but by knowledge, skills, experience and others – though I must admit that I would probably presume that a fourty year old person have more experience than an eighteen year old. However, just because someone is young, it doesn’t mean that he is not knowledgeable nor have skills.
      Thanks for sharing your personal experience with this, Bill.

    • #26473

      I have found that the one page resume rule really only applies to non-IT related jobs. In IT Security, hiring managers want to see all of your experience and skills. The more experience you document the better.

    • #26474

      Thanks to all for the great tips/advice. I have removed my DOB from my CV, as I too think it is unnecessary. I have seen people put pictures on their CV’s in France so it must be quite common world wide, not here in the UK tho.

      I have almost finished my ‘security’ CV now. One more question… should I include a link to my personal blog? It contains a lot of what I do/have done.

      Thanks again everyone!  🙂

    • #26475

      @ethicalhack3r wrote:

      One more question… should I include a link to my personal blog? It contains a lot of what I do/have done.

      No. It’s a personal blog, if they want to see it, they can find it via Google. If it was a professional blog, and only talked about computer security and nothing else, then maybe. Like Jhaddix’s site. (Sorry if it’s not a blog). But even then I’d scrub everything I could of personal information.

    • #26476

      The blog thing can be touchy.  In my opinion, I think you’d be fine to link it.  It’s almost entirely focused on security related content as well as your personal work on DVWA.  I would hunt through your archives and make sure there’s nothing that you wouldn’t want them to see.  Such as “Went out drinking last night and somehow ended up dancing on the bar naked.  Here are some pics!” 

    • #26477

      Definitely keep your professional blog and your personal blog separate. You never know who’s looking at either of them. Even if you monitor the logs, it could be your boss surfing from home. Same goes for Twitter and other similar sites. There are numerous examples if people getting fired, not getting jobs, etc…

    • #26478

      I did not go through all of your posts on your blog, but from what I have seen, there shouldn’t be any problem when including the link in your CV (I mean this one, don’t know if there is a more personal one too). As already said by the others, I too would only include related things and nothing personal (seperation).
      What I would definitely include, if you haven’t already, is your DVWA project.

    • #26479

      I would reference your blog, no address (if theres NSFW content) and then your DVWA project with an address because its very noteworthy =)

Viewing 17 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?