EPISODE 46
ATS Secrets–Boost your Resume with these Clever Tips
EPISODE 46
ATS Secrets–Boost your Resume with these Clever Tips

ATS SECRETS–BOOST YOUR RESUME WITH THESE CLEVER TIPS

About this episode

In this episode, we are focused on the ever-divisive question of the importance of certifications in the cybersecurity industry. The answer to this question has changed over time from certifications being unimportant, to them being extremely important, to well, it depends.

 

Certifications can be extremely important for several reasons, including their ability to help your resume get through the Applicant Tracking System (ATS) filters used by the human resources and recruiting team, but they are not a silver bullet that will instantly land you a job.

 

As Jason Dion (Lead Instructor of Dion Training) shares with us in this episode, certifications can be your ticket to getting an interview, but they alone won’t get you the position. That said, without having that certification on your resume, you can easily be filtered out of consideration before a hiring manager even gets a chance to look over your resume. This makes having the right certifications and experience imperative if you want to land your dream cybersecurity position.

 

Just as a certification isn’t a substitute for a college degree, you will also learn that a college degree is not a substitution for having the right certifications. This is often not an “either-or” thing, but a “yes-and” type of thing that you must achieve for many cybersecurity positions.

 

What you’ll learn

  • Why certifications are important in the cybersecurity industry?
  • Are certifications or experience more important to a hiring manager?
  • Are certifications or college degrees more important to a hiring manager?
  • Which certifications should you be getting to advance in your career?
 

Relevant websites for this episode

Tags:

Episode Transcript

Kip Boyle: 

Hi, welcome everybody. Typically, what we’re doing today is Office Hours, but today we’re going to try something a little different. We’re going to combine a podcast episode with Office Hours, and I think this is going to turn out really well, but if it doesn’t, then we’re never going to do it again. So let’s give it a try, okay? So if you’re listening to this as a podcast episode, this is your cyber path and as always, our goal is to help you get your dream cybersecurity job. My name is Kip Boyle, and if you’ve been watching the podcast or listening to the podcast, you know that what we’ve been doing lately is we’ve been giving you a tour of what we call the common cybersecurity department, because we want you to know what are the jobs that are available to you as you get into cybersecurity. We want you to also know what are the opportunities in the future as you accumulate experience, where could your career path go?

So typically we do that with Wes Shriner and we’re not going to do that today, but Wes is going to be back so don’t worry we’re going to continue the tour. But today I’m joined by Glen Sorenson who has been on the show before, he’s an experienced hiring manager. And today we’re also joined by our guest Arthurine Brown and Arthurine is going to share with you what her cyber path has consisted of. Kind of where she started, the kind of work that she’s doing now, and then some tips and some ideas for those of you in the audience who are trying to get your cyber security career off the ground.

So this episode is available as an audio recording in your favorite podcast app, you can also watch it as a video on YouTube. You can just go to YouTube and then search for Your Cyber Path Podcast and you’ll be able to watch us that way. So, as I said today, we’ve got a guest. Her name is Arthurine Brown and I want to welcome her and Arthurine and I want to thank you for dropping by, really appreciate you being here today.

Arthurine Brown: 

You’re welcome.

Kip Boyle: 

I wanted to start with the work that you’re doing now, learning a little bit about what you’re doing now. So would you mind sharing with the audience what your current job is, and anything else about the work that you’re doing now? Just so people can get a really strong under of the kind of things you do on a daily basis and the kinds of conversations that you’re have and the kinds of problems that you’re solving.

Arthurine Brown: 

All right. So for the past seven years, I’ve worked for Altria Client Services and I work in the IT risk department. I started initially doing identity and access management, and after about two years.. So for the past five years, I’ve been directly being a business information security officer. So what that means is I’m aligned to two business areas, one is our IT risk management team and my role is to help them take safe risks. So through projects, suppliers, doing risk assessments, advising on projects, weighing in on governance and compliance. What should we be looking out for, what’s next in our roadmap and kind of just giving them strategic direction in one way or another.

Kip Boyle: 

I think that’s a very valuable service that you’re performing. And I think it really strikes to the heart of what good cyber risk management can do for an organization. And you said you’re a business information security officer, that’s kind of a newer title, isn’t it? I’ve noticed that that’s kind of come up only in few years or so, but what’s your experience with that job title been?

Arthurine Brown: 

Most people don’t know what it is, even within the cybersecurity world. It’s kind of this unknown role, it is emerging. Some of the organizations I belong to I’ll introduce myself as a business information security officer and others who, technically, have this role will kind of [inaudible] me and say, “Hey, that’s kind of my title too, but I just say I’m a information security manager because no one ever knows what a BISO actually is.” But I would say we’re just more focused on providing security governance to a particular business area versus a security program or to the organization as a whole. It’s just very narrowly focused, so that’s kind of how you can look at it. Other BISOs I’ve met their roles kind of align the same way, they concentrate on maybe the accounting area of their business and finance or the media side of their organization. So it’s usually focused so that you understand a business and its needs and its security challenges.

Kip Boyle: 

I think that’s fantastic and Altria’s a pretty big company so I can see why it would make sense, why it would be affordable for them to have dedicated roles like a BISO role that you’re describing. I want to ask you one more question and then I know Glen wants to get an opportunity to ask you a question too. Okay, so a lot of times when you’re doing cyber security work or cyber risk work, you are part of the IT organization. Is that where you’re located or where in your organization does your job report up to?

Arthurine Brown:

Yeah, so we report into IT.

Kip Boyle: 

Got it.

Arthurine Brown: 

In my previous security role, prior to coming to Altria, we actually were independent of IT. So we were a separate organization that sat outside of IT, just because of the governance role that we held. And contractually, based on who we were supporting, they wanted that way, they didn’t want to muddy the water since we were the same organization providing services.

Glen Sorenson: 

All right. So that makes a lot of sense to me, both ways. So how did you get it here? What was your path into cybersecurity?

Arthurine Brown:

It was long and windy. I’ll say I’ve been doing IT probably for about 20 years, spending the last about 10 in information security. So that first 10 years included the normal lot of help desk roles that give you all the bumps and bruises and helps you learn about the organization. I did customer support roles, learned some of the soft skills you need about process improvement and customer service and partnering with the business. I was working as a application analyst when I got tapped on the shoulder for my first security role. And I was completely honest with the person and told them I had limited experience in security, but what he needed for this role which was, to a SOC, was the other skills that I had, which was ticket management, working with end users, working with difficult clients, being able to explain technology to non-technical people.

And I brought those skills to his team and his team and the manager taught me security. So they helped me start to get a little bit deeper in security. I went from tier one to tier two and managing the SIM tool and IDS, the intrusion detection, making sure AV compliance on our systems and those type of roles. And then I got the opportunity to kind of put more of my application management chops back into my work and got a job with Altria doing identity and access management. And after that, just being in the security realm, I started learning, even though I had a master’s degree, that I needed to become more of a SME in my space said I was starting to develop a career. So then I started getting relevant certifications based on what I was doing and trainings and conferences, and that allowed me to get the opportunity to become a BISO in my organization.

Glen Sorenson: 

Awesome. That’s not all that dissimilar from my own path in there, in terms of the different windy ways that you end up [crosstalk] where end up. So, yeah.

Kip Boyle:

Hmm. 

So Arthurine, I was going to point out that a lot of the people who are here in Office Hours and who listen to us on the podcast haven’t yet broken into cybersecurity, right? They’re still trying to identify what is a good cybersecurity job for them and then to actually accumulate the experience that they need in order to be able to compete successfully to get that job. Now, one of the things that you were just explaining to Glen about your windy path is that at some point you had enough, what I would call, transferable skills that allowed you to make that leap where somebody recruited you and then taught you what you needed to know about cybersecurity.

Arthurine Brown: 

Mm-hmm (affirmative).

Kip Boyle: 

And that seems to be a very common experience, but I was wondering if you had any thoughts for people who aren’t in a situation where they’ve got years of IT experience with transferable skills. Do you know of other people who have been able to get the right amount of experience in a different way, and have you seen any other ways for people to break in?

Arthurine Brown: 

Yeah, so ways I’ve seen people break in is really show interest. So getting their foot in the door in some other capacity and showing interest to their IT risk management or security group, learning, taking opportunities to learn from them, understanding processes, educating themselves so that they can, at least, be at a high level familiar to be able to weigh in on conversations. Something as simple as asking about emerging tech to show your interests, I think, shows a lot of proactiveness and I think that can go a long way to someone recognizing that you might be an asset to their team. Because I think once you are in and you can bring those other soft skills to the job, that’s perfect. If not, I know some people have gone the certification route so that they understand the basics and there are definitely the entry level jobs, like a SOC that you can walk into.

I think if there’s something of interest, there’s a trick that I recently learned about that I never considered before, but if you’re interested in a certain position and you’re not quite sure how to approach it or what skills you think you need to approach it, dump the description into a word cloud and see what’s the most prominent words that come out and how you can align to, or demonstrate those capabilities. And that will shine through when you’re interviewing or applying.

Kip Boyle: 

Wow. That’s a great idea. So let me just recap that, right? So take the job description, go find a word cloud making tool on the internet because there are several free ones, right?

Arthurine Brown:

Right.

Kip Boyle: 

And just probably a lot of different freeways to make one of these things, but take the job description, put it in the word cloud tool. And then that tool will then tell you based on the size of the word in the cloud, what’s coming up most frequently. Is that right?

Arthurine Brown: 

Yeah. Because most hiring companies are using analytics to decide which applications are most relevant for them to pick up or give a call back to. So if you do that for the job description, you can also do it against your own resume to see how well they match up.

Kip Boyle: 

Oh.

Arthurine Brown:

And that’s a good way to make sure you’re getting on people’s radar. It may not necessarily be that you don’t have enough experience, it’s just that your resume isn’t speaking to the analytics or data analytics they’re using to say these keywords must be in the resume for us to make a selection of who’s getting a call back.

Kip Boyle: 

You just taught me something super important, that was a fantastic tip that you just shared. That’s amazing. [crosstalk].

Glen Sorenson: 

We’re stealing that.

Kip Boyle: 

Yeah, absolutely. It’s stolen, I have my copy right here. That’s just great. What I tell people is imagine that the employer has their own privat, Google search engine, but instead of the web, it points to a giant pile of resumes, right?

Arthurine Brown: 

Right.

Kip Boyle: 

And you are one of those resumes, right? How are you going to make sure that your resume pops up first in the search results, right? So just to help people sort of conceive of these analytics that you’re talking about. That’s that’s fantastic. Oh, cool. So, Glen, I think you had another question, right?

Glen Sorenson: 

Yeah. So that kind of ties in a little bit with what we’re talking about here, but really puts your hiring manager’s hat on here for a second. And how do I, as a candidate, prove to you as a hiring manager that I have what it takes?

Arthurine Brown:

I think some key things is not just all the technical chops, it’s how well you’ll fit into teams. So be thoughtful with your answers, don’t just blurt something out. If you need a second to consume it, just say, “Okay, give me a moment, let me think about that.” Because usually they’re very textbook questions of give me an example of where you’ve done this, which may be limited if you haven’t held a security job or a job relevant to what you’re applying for, but try to see how you can convert that to something you’ve done, whether personally or professionally or within school. Come with questions, it shows interest that you’ve researched the company, you understand the position. Key questions, like what does my first 90 days look like? What does success in my first 90 days look like? What’s the typical day in the life of this position? They sound generic, but it actually shows that you… The worst thing is to get to the end of the interview and someone says do you have any questions and you say no, because that show that…

They’re never going to cover everything about the job, but you having question shows that you’ve given thought and that you’re focused on not only getting the job, but being successful in it. Making sure you answer the question that you’re being asked. Seems simple, but doesn’t always happen. [crosstalk]. And I mean, we’re all human, just be yourself, bring your authentic self to the interview. And I think that’s all I can think of at the moment.

Kip Boyle: 

Yeah. Those are great responses, Arthurine, thank you. And actually it’s interesting. I feel like you’re reading my mind because this is the second time that I have a question actually prepared for you where I feel like you’ve already either answered it or already you’ve already touched a lot on it. And so I’ll just tell you the question, but there may not be a lot more to say. Excuse me. Well, the question I want to ask you is what’s the number one mistake that you see job candidates make? And you’ve actually given us several so far, but I don’t know if that’s number one for you. Is there a number one mistake that you’re seeing candidates make that you haven’t mentioned?

Arthurine Brown: 

Not being concise. They kind of lose track of the question, they go into it one way and come out a completely different other way and the question was answered in it five minutes later.

Glen Sorenson: 

So a lot of me entering and not necessarily getting to the heart of the matter.

Arthurine Brown: 

Right. There’s usually a target to say, “Okay, for the question that was being asked, what did you do, what was your contribution and what were the results?”

Kip Boyle: 

Right. Right.

Arthurine Brown: 

And usually companies, especially larger companies, they have tips on their websites of how to interview with them, basically their interview style, so that’s another good thing. Definitely do your research, do your research, don’t just apply for the job from Indeed, and not ever go to that company’s about us careers site because usually mid range to large companies will have some details of this is how our process goes. Here are common questions or here’s we like answers structured. So if you haven’t done that due diligence that will shine bright to them that you actually didn’t.

Kip Boyle: 

Yeah.

Arthurine Brown: 

But also it helps you when you interview with other places that may be smaller, but doesn’t have that on their website that it can help you structure your answers to be clear, concise. Answer the question with relevancy. And I would say also just everyone wants a team player, but everything can’t be we, we doesn’t indicate what your contribution was. You want to highlight what you are going to bring to the table.

Kip Boyle: 

Oh, that’s fantastic. It reminds me of a couple things that we’ve talked about with our students. One is that you’re going to get a lot of behavioral questions.

Arthurine Brown: 

Yeah.

Kip Boyle:

Right? Tell us about a time when, and so you can use a framework to prepare yourself to answer that question, right? So sometimes that goes by the name of star, sometimes it goes by the name to share, right, but we’ve definitely covered that before. So that’s a way that you can structure your answers. You may not know what the actual questions are going to be, but there’s one question that you always get that you can prepare for which is almost everybody’s going to ask. So tell me about yourself, right?

Arthurine Brown: 

Yeah.

Kip Boyle: 

Who’s Kip? Tell me about Kip, right? And so that question, you can almost always be guaranteed that that one’s going to come up. So there’s really no excuse for not hitting the ball out of the park when you hear that question.

Arthurine Brown: 

Yep. I think that’s a perfect way to showcase your passions and what you care really care about. And with that, you should practice that because that kind of comes up… Another key thing to the job market is networking. So what’s your elevator speech, if you got like 30 seconds to tell someone who you are and why you’re important, what would you say? And you can practice that on friends, family, spouses. It’s really what do you want that person to remember about you 10 minutes later when they’re talking to someone else? If they run into you at another event, and was like, “Oh yeah, that was Glen. And I remember Glen because he and I both love wine.” [crosstalk]. Or I don’t know, anything like that, but practice your speech. Know if you had to introduce yourself to an employer or just at a networking event that you have those key points about you.

Kip Boyle: 

Right. Yeah. Good soft skills. That’s great, we’re almost out of time for this portion of our Office Hours, which again is going to be released as a podcast episode on Your Cyber Path. Glen, was there anything else you wanted to ask Arthurine before we wrap?

Glen Sorenson: 

Well, I did want to say one thing and that is this wine thing with Arthurine and I is in fact true because we did some work that involved wine together.

Kip Boyle: 

And she remembered, you’re now Glen the wine guy. Not such a bad thing. Okay. Well, Arthurine, I want to thank you for being here for Office Hours and for being willing to also share what you know with our podcast audience. And so what we’re going to do now is we’re going to wrap up the podcast portion of today’s session, we’re going to transition into open Q&A time with our cyber pathfinder students. And so as we wrap up this segment, I want to thank you for being here. I want you to stick around, but I wanted just say a few words to folks who are just consuming this as a podcast. We’ve got a free guide for you, we actually made a downloadable PDF that we think is going to be very helpful, it’s called Play to Win: Getting Your Dream Cybersecurity Job and the whole idea is that we want you to win at job hunting.

And so if you’ve been playing capture the flag as part of your training as a way of gathering experience, if you’ve played capture the flag then you can actually take those skills and transfer into job hunting. So it’s a 20 page, very visual guide and I think you should go get it. And here’s a URL, it’s at yourcyberpath.com/pdf. And if you think that this is not a helpful guide, if you go get it and you think, “Eh, not as great as Kip made it sound.” You to tell me all right? Because if anything about that guide needs to be changed, I want to hear about it so that I can change it because we want it to be super useful. So it’s at yourcyberpath.com/pdf and remember you’re just one pathway from your dream cybersecurity job. Thanks everybody. And we’ll see you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!

Headshot of Jason DionYOUR CO-HOST:

Jason Dion
Dion Training Solutions

Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.