EPISODE 45
Live Resume Review
EPISODE 45
Live Resume Review

LIVE RESUME REVIEW

About this episode

In this episode, we are focused on the ever-divisive question of the importance of certifications in the cybersecurity industry. The answer to this question has changed over time from certifications being unimportant, to them being extremely important, to well, it depends.

 

Certifications can be extremely important for several reasons, including their ability to help your resume get through the Applicant Tracking System (ATS) filters used by the human resources and recruiting team, but they are not a silver bullet that will instantly land you a job.

 

As Jason Dion (Lead Instructor of Dion Training) shares with us in this episode, certifications can be your ticket to getting an interview, but they alone won’t get you the position. That said, without having that certification on your resume, you can easily be filtered out of consideration before a hiring manager even gets a chance to look over your resume. This makes having the right certifications and experience imperative if you want to land your dream cybersecurity position.

 

Just as a certification isn’t a substitute for a college degree, you will also learn that a college degree is not a substitution for having the right certifications. This is often not an “either-or” thing, but a “yes-and” type of thing that you must achieve for many cybersecurity positions.

 

What you’ll learn

  • Why certifications are important in the cybersecurity industry?
  • Are certifications or experience more important to a hiring manager?
  • Are certifications or college degrees more important to a hiring manager?
  • Which certifications should you be getting to advance in your career?
 

Relevant websites for this episode

Tags:

Episode Transcript

Kip Boyle: 

Hi, this is Your Cyber Path. We’re the podcast that helps you get your dream cybersecurity job. I’m Kip Boyle. And as you can see, I’m not here with Wes Shriner, my regular co-host, for this episode, but instead, I’m happy to introduce you to Glen Sorensen. He’s my guest for this episode. And in case you’re wondering, yes, Glen is also an experienced hiring manager of cybersecurity professionals. And I’m going to introduce Glen to you in just a moment, but I just want to do a little housekeeping, just remind you that the episode that we’re doing right now is available as an audio only recording in your favorite podcast app, and we’re also on YouTube. We have our own channel, and it’s youtube.com/yourcyberpath. What amazing branding we have?

So if you’ve been checking out the episodes that we’ve been doing for the past several months, we’ve been touring a common cybersecurity organization with Wes, and we’re going to continue to do that, but we’re going to slow down the pace a little bit, because turns out Wes has a full-time day job where he’s super, super busy. And so, the pace that we were keeping with Wes just wasn’t sustainable. So what we’re going to do instead is we’re going to have Wes back every other episode, as we continue to go through the common cybersecurity organization so that we can help you understand what all the different options are that are available to you in your cybersecurity career. But what we want to do today with Glen is we want to do some resume review. 

So for those of you who have to struggle over what should that resume that you’re turning in actually have on it, we thought it would be helpful to go ahead and do a resume review. We’ve got three, these are real resumes, and we’re going to review them for you in just a moment. But first, I want to invite Glen to introduce himself. So, Glen, tell everybody who you are, and what do you want them to know about you?

Glenn Sorensen: 

Yeah. Well, I’m Glen Sorensen. I’ve been in IT and security for 15 or so years. Have interviewed for a lot of jobs, have landed a lot of jobs, and have hired for some jobs myself. So I want to be able to share that experience with you a little bit. My current role is Information Security Officer for TwinStar Credit Union, but I’ve held a number of different roles, both in consulting and operations and audit and compliance, those sorts of areas. So I’ve seen a lot of things in my time. So I’d just like to help share my experience and help maybe make your resume-building and your journey a little bit easier.

Kip Boyle: 

Really appreciate that you took some time out of your massively busy schedule to be here today. Thank you. Well, I’d like to start just by, before we show these real resumes that have been anonymized, I would like to ask you first, Glen, when your screening resumes, what are you looking for? Like, what is a killer resume when you’re going through the stack and you come across one? What are some of the things that cause it to stick out for you?

Glenn Sorensen: 

The first thing on my list is that enthusiasm and passion shine through. I want somebody with that, that is the self-starter sort, but is really just coming from a place of I’m really passionate about cybersecurity or about whatever specialization within cybersecurity that they’re interested in and after. That’s the biggest thing on my list. Some of the other things I look for are that there’s kind of a higher level, big picture view that the person can tie things together from various roles they may have had before, even if they’re not in cybersecurity. I like the synthesis of job roles of information and bringing kind of a holistic person to bear on a job or on a job role. I also want to look for technical skills if I’m hiring a technical role or that the language presents itself that you might speak in a GRC role, for example. You’ve got to know that this person is capable of doing the job and someone that you can work with. So those are the things I look for typically.

Kip Boyle: 

Great. When you were first talking about you were looking for passion, I mean, what’s an example of a way that somebody can demonstrate that they have passion for the job that they’re applying for on the resume? Can you give me a couple of examples of what kinds of things on a resume actually says, “Hey, I’m a passionate candidate?” How do you do that on a resume?

Glenn Sorensen:

So I like energetic language. I like to see that a person has taken some time to craft a resume and the attention to detail that goes into that. That’s kind of only one piece of it. The other things I like to see are have you gone and pursued education, certifications, home labs? Have you done things without somebody making you do it as part of your job? That to me demonstrates that there’s enough interest in passion that it doesn’t take some external force to get you to go do something.

Kip Boyle: 

Right. Yeah. And that goes back to the self-starter characteristic that you mentioned early on. That makes a ton of sense. Yeah. I would not disagree with the things that you’ve said, but I want to add a couple ideas. And one idea is that when I’m doing resume screening, I don’t have a lot of time to spend on any one resume. I’m sure that’s true for you, Glen, and I’m sure that’s true for most hiring managers. And so one thing in particular that I really appreciate is when somebody writes their resume in a way that makes my workflow smooth. For example, when I’m looking at a resume, the first thing I’m doing is I’m looking across the top of the resume, and I’m trying to figure out who is this person and what is it that they would like to do on my team. So that’s the first thing. 

And if I can’t figure that out, just by looking at the top of the resume, what is your name and how do you identify yourself in terms of area of specialization, then I might read down into the next section to see if it pops out at me, but that’s about as far as I’m going to go. Now, if that information does appear at the top, well, that’s a hook, you’ve hooked me. Great. All right. So this is Glen and Glen is a aspiring security operations center analyst. Fantastic. Right away, I can either say, “Great, that’s what I’m looking for.” Or I can say, “Not quite. I was looking for an incident responder or a digital forensics person.” Either way, it helps me know quickly, is Glen somebody I should spend more time looking with, or should I set Glen aside? Right? So that’s super important.

And then below that, what I’m looking for is skills. I want you to tell me what are the skills that you have that are relevant to the job that you want. And then below that, I want to see how those skills show up in your job history. So that’s kind of the workflow that I’m using when I’m screening resumes. And so when I can see that kind of a workflow in a resume, man, it’s nice. 

Glenn Sorensen:

Yeah, absolutely. 

Kip Boyle: 

I don’t know how to say it any better than that. It’s nice. 

Glenn Sorensen: 

And anything to ease the hiring manager’s experience with all this is a point in your favor as the resume writer. 

Kip Boyle: 

Yeah, I do believe that’s true. And I don’t know that what I just said is anything that a resume writer may have ever heard of before, but I would be shocked if most hiring managers didn’t already think that way. 

Glenn Sorensen:

Indeed. 

Kip Boyle: 

Okay. Well, let’s take a look at some resumes then. You’re driving the screen share today, Glen. Let’s take a look at example number one here. So why don’t you go first? Why don’t you tell us what you see here that you like and anything that you think should be improved.

Glenn Sorensen: 

Okay. So starting in the skills and expertise section at the top of this resume, I see a number of good things, but I also see where some of these are a little bit disjointed and can maybe be put into a category, and then more of those skills could be brought up into it, more of those categories of skills, I guess, could be brought up. There’s a few things that are about digital forensics in this that are good skills, but could maybe be under one point. I see a couple that are related to networking and potentially like recon of networks. And those could be in a point or two around either networking or reconnaissance of networks. And I’d like to see more categories of things like that, because I think, as I scanned through more of this resume, I see other things that come out in this person’s experience that should be highlighted as skills and expertise, and maybe aren’t.

I think the software and hardware bits there, I think there’s some redundancy with the bulleted skills there. And I think there’s absolutely room for the software and hardware bits, but I would focus them a little bit on what might be relevant to the sort of job that they’re looking for. 

Kip Boyle: 

Yeah, that’s where my head went right away, is the first thing when this went on the screen is I said, “Well, okay, who is this?” Well, that’s not fair because we had to take their name off. So that wasn’t fair. So then I thought, well, what job does this person want? And I couldn’t tell. I could not tell what job they wanted. 

Glenn Sorensen: 

Exactly. 

Kip Boyle: 

And then I start looking at the skills and expertise, and it’s a shotgun. It’s like well, if I’m trying to find a SOC analyst, how does RAM and removable hard drives? And I not really sure. And you understand the difference between a 486 and an 97 and AMD. If you’re doing break fix on a help desk, I get that, but if you’re going to be a SOC analyst, okay, maybe not. So I’m just confused right off the bat. I mean, this looks like a complete inventory of all skills and expertise this person possesses. And what I encourage people to do is no, don’t do that. Don’t give me a full catalog of everything you can do. Think about the job that you’re trying to get with me and just highlight the skills and expertise that are particularly relevant to that job. That’s what I would like to see here.

Glenn Sorensen:

Yeah. I would agree with that. And kind of more as I scroll down through this resume here, mentally and visually scroll down, not actually scrolling on the screen here, I see other things like there are writing skills. There are some mention of saving dollars for the organization. There’s mention of quantifiable effectiveness of things. There’s very kind of deep engineering skills in here. So I’d like to see those brought out a little bit more. I think strong communication and writing skills is something that should go in a skills and expertise section. 

Kip Boyle:

Definitely.

Glenn Sorensen: 

That should very much be highlighted. As a cybersecurity professional in kind of any role, if you can’t communicate effectively, you’re not spurring the action. You’re not getting the help you need. You’re not getting the organizational support that you need to move the needle in the right direction.

Kip Boyle: 

Yeah, that’s right. It’s not just about hard skills. There are soft skills that are needed. And it’s interesting, I think, what I’ve observed is most people who are job hunting in cybersecurity and information security, they’re all hung up about the hard skills. They think that hard skills are the determinator. And I think that most hiring managers would be disagree with that. I think most hiring managers would say something like, “Well, if you have the right aptitude, you probably can pick up any skill with enough time and with the right training and the right opportunities to use those skills.” What’s not as easy to train people for is the soft skills. And if I’m going to put you on the security operations center team, then I need to know that you have soft skills because you’ll be in a customer-facing role. And so I’ve got to know that you’re going to be courteous to the people who reach out to you for help.

Glenn Sorensen:

Exactly. There are very few roles that you don’t have to deal with people in some fashion and be able to communicate effectively. 

Kip Boyle: 

There are some.

Glenn Sorensen: 

There are some, but not as many as folks may think.

Kip Boyle: 

No, not as many. And as we talk, in my mind, I’m seeing the faces of many people who just were cranky geeks, and they were really good at the hard skills. They could really produce, but I mean, I put them behind a door and I was like, “No, this person’s not going to be interacting with internal customers.” And to the extent that they can get along with their team members, okay, but yeah, the soft skills were lacking, and I had just had to make an ongoing decision about whether that was okay or not. So yeah. But soft skill is so important.

Glenn Sorensen: 

Being in a security management role, you have internal politics and political capital to deal with. And I mean, you have to present your part of the organization well and effectively. I mean, the rest of the organization needs to know that you’re somebody that can be worked with and that your team can be worked with in a reasonable way. 

Kip Boyle:

Yeah, that’s right. Okay. So is there a second page to this resume?

Glenn Sorensen: 

There is a second page of this resume. And this scanning through here a little bit more, there’s some more of the same, but a few things that have stuck out here are the relationship with Chinese students and the time spent in China as a business instructor, there’s a role like that. So there’s teaching in this as well. Like, there’s a math instructor, there’s a business instructor. So now we have kind of a multicultural element in this as well. And I think that’s something that should be highlighted. I mean, in our increasingly global world, that’s more and more valuable. So I think that’s something that should be highlighted here as well.

Kip Boyle: 

Yeah. And again, I can’t help, but to go back to the fact that I have no idea what kind of job this person wants. And so I don’t know how strongly they should emphasize that, right? Because if they’re thinking about getting a job at a smaller-sized company that only does business in Washington state, which is where you and I live, and they’re really not expected to work with people from China, or they’re just not expected to have job duties where that’s really important, then-

Glenn Sorensen:

For a large global enterprise, that’s something to highlight quite a bit. And you’re extremely right about it.

Kip Boyle: 

Yeah. And so it’s not about, do you highlight it or don’t you highlight it? I think it’s more like a sliding scale, right? From, don’t mention it at all to start moving that slider over. Okay, mention a little bit, a little bit more, a little bit more. Okay, and I really pile it on, and I just think it’s job and employer-specific. And I think that’s really my feeling about this entire resume is it’s too generic, it’s trying to cover all bases, and-

Glenn Sorensen: 

And there are just too many bases to cover. 

Kip Boyle: 

Yeah. It’s really got to be tailored to the specific job that they want, whatever that happens to be.

Glenn Sorensen: 

There are a couple of careers worth of experience here that I see. I think each one is important to touch on, but that sliding scale on all of them, what are you looking to get? What is the role you’re looking for here?

Kip Boyle: 

That’s right. That’s right. Okay. Well, that’s resume number one. Any final comments?

Glenn Sorensen:

I do have one comment here, and it’s looking at the summary and what this person is kind of portraying themselves as in the summary, and then the professional experience. It’s unclear how that joins together, how that lines up. 

Kip Boyle: 

Yeah, I agree. 

Glenn Sorensen: 

I think I like doing some in the summary where you can start talking about a little bit of what you’ve done, but maybe the bullet points are better left for past professional experience. I mean, I guess that depends a little bit on the individual, but-

Kip Boyle: 

Yeah. Can I say something about the hyperlinks in here? 

Glenn Sorensen: 

Sure, by all means.

Kip Boyle: 

I’m not clicking any of those.

Glenn Sorensen: 

Yeah.

Kip Boyle: 

Not a one. So I don’t see that as being helpful in a resume situation. I don’t know. What do you think?

Glenn Sorensen:

Well, as a cybersecurity hiring manager and receiving lots of resumes from the internet at large, I’m a little bit skeptical, a little bit hesitant to click on things myself. 

Kip Boyle: 

Yeah, absolutely. So one of the last things I’ll say about this resume, and it’ll probably come up again is you need to write your resumes like a newspaper article. Okay? And maybe newspaper’s too archaic, but a news article, where you’ve got a headline, you’re trying to hook me because you want me to read rest of the article. If you can’t get me to read it because the headline’s not catchy enough, it doesn’t really get my attention, then I’m not going to read the rest of it. If I do read the headline of your article, well, that first paragraph had better be really, really good. Otherwise, I’m not going to read anymore. I’m going to read the headline, the first paragraph, and I’m not going to read the rest of that article. I pretty much know what’s going on there. 

And that’s the same thing with this resume. You’ve got to hook me at the top, you got to give me a reason to read down, and then you got to give a reason to keep going, because I just don’t have time to do the heavy lifting.

Glenn Sorensen: 

To sort through it all. Yeah. 

Kip Boyle: 

Yeah. I don’t.

Glenn Sorensen: 

So interesting and compelling.

Kip Boyle: 

Yeah. Yeah. How about the next resume? We got three all together, right? 

Glenn Sorensen: 

Yeah. So here is number two, and I believe this is just one page. No, this is two pages.

Kip Boyle: 

Two pages. 

Glenn Sorensen: 

Okay. So reading through this, we see someone has experience in other areas and has done other things and is looking to move into a GRC analyst role and kind of move into cybersecurity that way. I see some interesting things here in the description of the analyst in terms of bringing another career to bear. What I think might be a little bit lacking here is how this is immediately useful in cybersecurity. How do I immediately put this person to use? I think I can put someone like this to use over a period of time, regardless, but I see some passion here, but I don’t know if it’s focused yet. I can’t really tell that from the resume.

Kip Boyle: 

You know what I liked about it immediately is where we have example too, that’s actually where the person’s name was, and this really follows my workflow. I look at the top of the page, oh, it’s example too. Okay. Great. That’s their name, whatever-

Glenn Sorensen: 

You know what this person is after. You get who this person is. Yeah.

Kip Boyle: 

And then junior GRC analyst, wow, okay. That’s fantastic. I know your name and I know either who you are right now or who you want to be, right? You’re a junior GRC analyst, boom, there you go. Now, that’s fantastic. You have hooked me. I am hooked. I am now going to read that first block of text right underneath junior GRC analyst. And that’s where I start to feel like you just described where, okay, conflict resolution, diverse industries, multiple campaigns, mature planning organization, and delegation skills. And I’m like, hmm, some of that makes sense because if I’m going to do governance risk and compliance, I’m definitely going to talk to people who are going to want to tell me that I’m all messed up and that that policy doesn’t make any sense, that risk assessment’s dumb, and whatever else. Right?

So conflict resolution, and that sort of thing, okay, I can see that. Yeah. But I guess this is a case where it’s all soft skills or mostly soft and what’s really missing is some of the harder skills about what does it mean to do governance risk and compliance? Like, I wonder if there’s anything on this page where they’ve done a risk assessment. I would need to see that.

Glenn Sorensen: 

And scrolling through, that’s not clear that that’s been something that’s happened. I think, and skipping ahead a little bit, but we see some certifications that are getting into more harder technical skills, but are kind of in progress at this point. So we don’t know that much yet.

Kip Boyle: 

Yeah. So that last one, did that last one say something about GRC, Glen? On the bottom of the second page?

Glenn Sorensen: 

Yeah. So the GRC profession certification here which I’m not that familiar with, but-

Kip Boyle: 

I’m not either.

Glenn Sorensen:

 it’s occurring in hiring for such a role. 

Kip Boyle: 

Yeah. But what’s interesting is that the point that I want to call out here is I would’ve stopped reading this. If we weren’t doing resume review, I would never have gotten to the bottom of page two. And so my advice to this person is, have that there at the bottom of page two, but also say in your summary statement at the top that that’s in process.

Glenn Sorensen: 

Yeah. Because that then demonstrates, okay, these are the things that I’ve done. I know I’m looking for a junior GRC analyst role, and maybe I’m looking to switch careers to get there, but this is what I’ve done to help me get there. And I think that’s the gap there.

Kip Boyle: 

Yeah. Yeah, definitely. Definitely. Okay. I also want to make a couple of comments about the… Visually this format is very interesting. I actually enjoy it, the iconography, and so forth. The concern that I’m going to raise, and I don’t know what the answer is, so I may be off base, but this resume is going to get scanned into an applicant tracking system probably. And I wonder how well that system’s going to navigate the fact that this is multi column, and I wonder what it’s going to do with those icons. It could choke on those icons, and it could… Yeah. The applicant tracking system could have a hard time parsing this and therefore, once it’s in that system, an internal recruiter might not find it in a search that they might run on that database.

Glenn Sorensen: 

Yeah. Maybe screened out for technicalities rather than-

Kip Boyle:

That’s right. 

Glenn Sorensen:

the content.

Kip Boyle: 

Yeah. So now it turns out that there are applicant tracking system simulators on the internet that you can use. Jobscan.co I believe is one. There are many. I didn’t get paid to tell you that URL just now. They’re not a sponsor, but I wanted to give you one example of a place where you can go, and so do that. Whatever resume you come up with, find an applicant tracking system simulator and run it through there and see what it says.

Glenn Sorensen: 

Absolutely. Another thing I think here that just kind of ties into what we’ve talked about previously is in the skills section here on the right, a little bit harder skills about like, what sort of risk assessments have you done. And when you take a step back and think about a risk assessment, we all do them all the time. We just do them in such a way that we don’t think about them. But think about some of those things, like, okay, in the past, when I took job A over job B, what was the risk assessment that went into that? What were the key points? Well, in this one, I would have to move, and in this one, I wouldn’t have to move. So I mean, it’s weighing the trade offs.

Kip Boyle: 

Yeah. I also think that if you’re in this situation where you are trying to get into a junior GRC position, and you don’t have a lot of expertise, I’m going to go back to something you said before, Glen, which was, show some passion, right? And so it turns out that an easy way to do that here, I think, is the National Institute for Standards and Technology, and I’m looking it up right now on my mobile device, has a special publication, it’s 800-39, managing information security risk. I would say if I was this person, I would’ve read that from cover to cover, and I would put it in my resume. I would mention it as something that I studied and maybe went to a nonprofit organization. I found somebody who would let me actually try it for free. And that would be very powerful to add that. That would really make a difference here.

Glenn Sorensen: 

Yeah, absolutely. And some of the other things I see in here looks like we have another case of someone who’s very multicultural and maybe has a lot of soft skills. Those are very useful, but the gap is the hard skills again. The languages here, I think I look at the second page here and I’m a little bit torn on, do we need this page? Or could we do this page a different way? Or could we maybe combine it in some way? Or could we fill this page out? I’m kind of a proponent of either do it in one page or do it in two pages, but don’t be in between.

Kip Boyle: 

Yeah. And the bars, like the little progress bars on the languages, again, I think the applicant tracking system is going to completely mangle that.

Glenn Sorensen:

Yeah. I think that’s maybe something for the bottom and much less real estate, if you’re going to try and do that. I think it’s taken up a lot of real estate here. 

Kip Boyle: 

Yeah. Now, a way that this might work is if this was the version that handed to somebody, right? So if you had two versions of your resume and you had one version that you submitted online for ATS to analyze, and that one was like more of a plain version that didn’t have columns and graphics, and then you brought this with you and you handed it to me when I met you, that would be fine.

Glenn Sorensen:

Yeah. I think that would demonstrate that you’ve even thought about that a little bit. And what I may be seeing that has been spit out of whatever applicant tracking system or HR system that I’m using may not be in a great format for me to read, but if you hand me one, that’s visually appealing like this, that’s going to score a point with me.

Kip Boyle:

I think so. Yeah, me too. 

Glenn Sorensen: 

Yeah. 

Kip Boyle: 

Third resume.

Glenn Sorensen: 

All right. Third resume here. 

Kip Boyle: 

Oh my goodness.

Glenn Sorensen: 

Yeah. Yeah. 

Kip Boyle: 

I’m holding my eyeballs into my head because the density of the text is stunning. I’m not saying that’s bad, I’m just saying, wow, there’s a lot here. 

Glenn Sorensen: 

Yeah. So I think we see this person is a security analyst or looking to be a security analyst. I feel like maybe there’s more room to call that out and be more obvious about that. But when I start reading into the first line there, the first couple lines there do grab my eyes. And then when I parse through it a little bit, this does demonstrate some energy to me, or at least presents energy to me. 

Kip Boyle: 

Okay. 

Glenn Sorensen: 

Fast-paced environments, adds value to every team, so somebody that’s looking to be part of a team and team player, that matters to me. Enthusiastic, persistent, resourceful, detail-oriented. Okay.

Kip Boyle:

You know what’s interesting about their summary? Is when you talked about energy, I just realized that because they’ve italicized the text, the text itself is adding energy to the experience because it’s leaning forward, right? 

Glenn Sorensen: 

Yeah. 

Kip Boyle:

Isn’t that interesting?

Glenn Sorensen: 

Yeah. So I think that really works right there. It makes me want to read some more.

Kip Boyle: 

Now, were you joking a moment ago when you said that you thought that they could highlight the security analyst better? Because I think it’s pretty clear.

Glenn Sorensen:

Well, the way I’m reading this, it sits off to the side a little bit and kind of like it’s just kind off in its corner. I mean, it’s blue, so it’s different texts. I mean, I can see it, but I feel like, I don’t know, what am I looking for here? 

Kip Boyle: 

Okay. Okay. Yeah. 

Glenn Sorensen:

It’s just-

Kip Boyle: 

Off with placement. 

Glenn Sorensen: 

Yeah. Yeah. That’s more than anything, and that’s how it feels to me. 

Kip Boyle:

Yeah.

Okay. And I don’t know if that happened because that could have been created in the process of anonymizing the document. I don’t know.

Glenn Sorensen: 

That’s possible. Yeah. 

Kip Boyle:

But I agree with you, the placement is awkward. But I do like the fact that I didn’t have to spend any time finding it.

Glenn Sorensen:

It was there. Yeah. It was there, and one of the first things we see right after the name. 

Kip Boyle: 

Yeah. And even though it’s a dense wall of text, below the header, it’s very well organized. There’s clear delineation between the sections. The use of color, I think, in this case for the-

Glenn Sorensen:

It works.

Kip Boyle: 

Yeah. I think it works. Yeah.

Glenn Sorensen: 

Yeah. And I would agree. I mean, that makes me want to read more. 

Kip Boyle:

Yeah. 

Glenn Sorensen:

And we start getting into skills in the skills section here, and we kind of immediately lead off with harder skills. Okay, so we’ve got scripting languages and some of the tools. These are security tools that I would expect a security analyst, especially a technical security analyst, to be familiar with. So yeah. Some of the technology, firewalls operating systems, virtual machines, networking fundamentals. We get into some meat there. So yeah, that works for me. 

Kip Boyle: 

I like it as well. I think it fits to the idea that you want to be a security analyst, and so you’ve got a lot of these hard skills. I do want to also compliment the fact that while there are no soft skills listed in the skills section, there’s a lot of soft skills being referenced in the summary statement at the top. So I think that’s fine. But here’s the thing that I think could work against this candidate in the skills section, you’ve listed a lot of skills. If I put you in a practical interview, any of those go, right? Any of those are-

Glenn Sorensen: 

That’s a good point.

Kip Boyle:

possible, right? So if I’ve got Splunk in my environment, I might sit you down at the console and ask you to run a query and find something for me. And if you can’t do it, man.

Glenn Sorensen: 

You’re going to have to be able to back those up at least to some degree. And if you lead with, hey, you know what, I’m fairly new to this, but here’s some of the things I can do, and I sit you down in front of one of those things and you can do some of the basic things, all right. I mean, that’s a win.

Kip Boyle: 

Yeah, that is a win. 

Glenn Sorensen:

But you do have to be able to back it up a little bit, at least a little bit.

Kip Boyle: 

Well, and I would just say that any skill you list, be prepared to be tested. Either I’m going to ask you a question or I’m going to ask you to solve a problem using one of those skills. So just because you went to a class on… What? I’ll pick one. Just because you went to a class about IP tables, that’s not good enough. You need to actually be able to create rules in IP tables and troubleshoot rule sets in IP tables in order to be able to claim that as a skill. In other words, have you applied that skill in a working environment? That to me is the gold test for whether you should have a skill on your resume.

Glenn Sorensen: 

That seems reasonable to me. Yeah.

Kip Boyle: 

Because otherwise you’re opening your self up to looking foolish because I tested you and you couldn’t do it. And then I’m wondering about your integrity, oh man, that’s a bad place to be. You better be a high integrity person. And I also want to make mention of the fact that it’s really important that when I look at your resume, you got to remember, this is the first work product you’ve ever made for me. And so, I’m going to assume that your resume is a very good representative sample of your typical work product. So if it’s got a bunch of awkward formatting, misspellings, bad grammar, all that stuff, then I’m going to assume that that’s just the way you roll all the time.

Glenn Sorensen:

Yeah.

Kip Boyle: 

All right. Anything else on this one, Glen?

Glenn Sorensen: 

Just looking through certifications. I mean, that seems like a decent place to put that. It gives, at least, some indication of how recently you’ve been working on these skills. I think having the fairly recent certifications lends a little bit more to your point too, about, well, if you’re going to put these skills on there, you better be able to back them up because this seems like somebody who’s fairly new. 

Kip Boyle:

Yeah. 

Glenn Sorensen: 

I like that projects are listed. And that, hey, this is something that’s been done outside of any employer telling me I have to do it. So I mean that speed to enthusiasm, that speaks to some passion for what they’re doing and what they want to do. So that helps quite a bit. 

Kip Boyle: 

The part that gets that kind of throws me for a loop, not completely, but a little bit, like, I’m trying to figure out how the recent work experience reconciles. So the bottom half of the resume, the recent work experience, doesn’t match the top at all.

Glenn Sorensen: 

Yeah. So we quickly determine that this person is pretty new and is just getting into cybersecurity. And what they’ve done in the past may have been a incidentally exposure to some of the things that we deal with in security and in compliance, which is not to be discounted, but is also not direct experience in a security analyst role. 

Kip Boyle: 

Yeah. Now, that’s not the worst thing in the world, and I’m not saying that that’s a disqualification by any stretch, but when you’re doing a resume and you’ve got skills at the top, you remember I said that the kind of the gold standard for listing a skill is you’ve used it in a work environment, you’ve applied it to solve real problems. I should see that in your work experience. In this case, that’s not possible, because in the jobs that are listed, I would not expect those three jobs to provide opportunities to do any of the things in the skills section. So that means you would really need to beef up your projects area, to really emphasize like, oh, I did venomous. And when I did that, I wrote a bunch of scripts, and I ran burps weed like 1,000 times. You know what I mean? That’s really where you would tie together the skills with a situation where you used them. 

And in this other work experience here, I would tweak that so that it only talked about the transferrable skills or the parallel skills that would be applicable to a security analyst role. So really trim that section down and really expand the project section. Make those skills that are listed at the top come alive.

Glenn Sorensen: 

What I would consider doing as your potential boss in this case going forward is I would maybe ask about those projects and maybe can you show me some of the work product from those projects? 

Kip Boyle: 

Yeah. 

Glenn Sorensen:

I mean, if you can do that and show good product from some of those, I mean, you might score some points there too. I’m still going to say, okay, this person is junior, but somebody I can work with and somebody that wants to do all these things.

Kip Boyle: 

Well, I think we’re just about out of time, Glen. Did you have any final comments?

Glenn Sorensen: 

No, not to speak of. I think this resume as a whole speaks to, hey, I’m new, but I’m past about it. Like, this is worth a conversation in my mind- 

Kip Boyle: 

Yeah. Okay. Cool. 

Glenn Sorensen: 

In certain roles. If I’m looking for somebody that’s very senior, probably not, but-

Kip Boyle: 

Junior security analyst, maybe they could have said junior up there and then you would’ve went, oh, okay, this person’s got some passion, they’ve been doing the right stuff, let me bring them in and talk to them.

Glenn Sorensen:

Yeah, exactly.

Kip Boyle:

Cool. Okay. Well, let’s see here. I think that’s going to wrap us up. And Glen, if you wouldn’t mind rolling to the next page in the doc. Oh, yeah. Yeah. Yeah. 

Glenn Sorensen: 

We’re done. 

Kip Boyle: 

We’re done. All right. Everybody, thanks for hanging out with us this time. I want to say thanks to Glen Sorensen for popping in and doing resume review with us. I hope this was really helpful and it helps get you into a place where you can get a more impactful, more powerful resume into the applicant tracking system so that they will pluck you out and put you into an interview schedule. So that’s what I hope for you. Now, if you haven’t gotten the free guide that we created, then I think you should go and snag yourself a copy. It’s called Play to Win: Getting Your Dream Cybersecurity Job. And it talks about using a capture, the flag approach, as kind of a mental model and a framework for going on the job hunt. 

It’s a visual guide. It’s about 20 pages long. And I really like it. I made it, so of course, I’m going to say that. But if you think that it needs to be improved, then I want to hear from you. So I think you should go get it, you should take a look at it, and with the goal of telling me how it could be better. I mean, I would just love to get that kind of feedback from you. So if you want to get it, it’s really simple. You just go to yourcyberpath.com/pdf, yourcyberpath.com/pdf. And I just want to close with this thought, you’re just one path away from your dream cybersecurity job. Thanks, everybody. We’ll see you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!

Headshot of Jason DionYOUR CO-HOST:

Jason Dion
Dion Training Solutions

Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.