In an article last month, we covered some of the major hiring challenges we face in the cybersecurity industry – namely, the fact that we often don’t know quite what to look for in the wave of new recruits wanting to offer their talents to the field.
Coaching both potential new hires and recruiters in what to look for on resumes and resume ‘best practices’ has always been a small joy to me. I am a firm believer that a workplace environment benefits just as much (if not more so) from eager and passionate individuals as it does from the most educated or experienced contributors.
In what used to be a rock-star-orientated career, one of the greatest advancements I’ve noticed lately in InfoSec is the growing industry awareness that those who look good on paper may not always be the best hire for the job. Giving passionate people more than a passing glance when looking at their resumes benefits both companies and our community as a whole.
Interview Tips for InfoSec Jobseekers
For those of you who have that passion, make sure you show it. As someone who used to sift through piles of resumes, I confess that eagerness is sometimes easy to see, but more often than not, you may get overlooked due to issues such as lack of experience.
• Make sure to include a section in your resume about your home lab or activities and interests outside of school or your normal learning environment that are pertinent to the position you’re applying for.
• Don’t be afraid to ask questions if you can’t figure out how to do something in the technical assessment part of an interview.
• If you get stumped by a question or test at the interview, ask, or even better, research it yourself and send a follow-up email explaining what you learned. You may not get the job, but I promise you will impress someone – and you will also better yourself.
As a community, we often get so swept up with everything happening around us that we forget that a major part of this career path is to constantly learn and better ourselves and those around us. If you show the interviewer that you put in extra effort despite not receiving a job offer, they may well remember you the next time a similar job opens up at that company.
The Passion Equation
It maybe 2017, but the spirit of hacking (in the positive sense) is very much alive. Passion can go a long way and it is something many of us who were once looked on as ‘dank basement hackers’ still very much have.
Hacker culture has now gone mainstream. Practitioners of every level may express their love for the craft in many different ways. Today it has many forms: it could be reading the latest retro-style polyglot e-zine release; watching an exceedingly bright individual’s livestream as they 3D-print and disassemble electronics; reading the deep technical advisory of a security researcher who just absolutely wrecked a complex; or it could be laughing at geeky memes rewritten to include the latest security faux-pas shared on social media. Whatever your interests, you are part of an all-inclusive community, and that can be a great feeling.
Right now, the people who make up the information technology ‘friends and family’ group are some of the brightest minds the world has ever seen, because they see things differently - whether they’re the steadfast database administrator, the eclectic malware reverse engineer, the dedicated devops guru, or someone involved in new forward-thinking job titles like digital archeologist, cybernetic necromancer, or artificial intelligence factory worker – I can’t think of a more exciting field and community to be in.
In my next post, we’ll talk about real world experience versus academia, the challenges these two seemingly polar arenas face and how as an InfoSec community, we must focus on finding a better balance in both the expectations placed upon individuals, and the research they conduct, to improve our community and ensure the safety of society as a whole.