Hack this Resume
Security experts offer tips on breaking into cyber career field
In these times, a security job can mean job security.
Almost 40 percent of business and IT leaders surveyed by the MIT Technology Review said the lack of in-house cyber talent is their No. 1 challenge. The talent gap is impacting not only industry, but the U.S. government as well. In July, the White House announced a Cybersecurity National Action Plan with the intent of hiring 3,500 cyber and IT workers by January 2017.
In a time of such critical shortage, landing a cyber job should be easy. Think again. Hiring managers and human resource departments are seeking unique skills and qualifications. Raytheon spoke to several of its experts to find out what they're looking for.
It's all in the details
The most effective cyber resumes offer specifics backed up by experience.
“When a candidate puts in details about their experience, that really stands out to me,” said Mary Kim, a Raytheon cybersecurity engineer. “It shows that they’re really proud of what they’ve accomplished. I don't want to see a bunch of buzzwords with no meat behind them."
Another important practice: Do some research about the company and the job before you apply.
“Tailor your resume for the job you are applying for. For instance, have an objective statement that aligns with the position,” said Patrick Miller, a cyber engineer at Raytheon's Center of Innovation. "Prove that you have the depth and the breadth of skills associated with the position."
It also helps to be both innovative and curious.
“Basically, [employers seek] people who can grok (understand) a system and write the next generation of tools versus people who use the tools they have,” Miller said.
Degrees are Great, But Not a Must
In many professional occupations, the lack of a degree is a deal-breaker, but that's not true in cybersecurity.
“Typically, a degree will give you an edge in salary,” Kim said. “If you’d don’t have a bachelor’s degree, then elements like military or job experience using or learning new technical skills can make up for it.”
A Very Particular Set of Skills
There's some debate, even among experts, on whether cybersecurity professionals should be generalists, "hackers-of-all-trades," so to speak, or if they should specialize.
"This isn't a binary question," Miller said. "You need some specialists, some generalists, and some people in between. But even with your generalists, they need to have a sufficiently deep understanding to be a competent practitioner."
There's more opportunity for candidates possessing a broad swath of overall skills, according to Kim.
"However, when it comes to technical skills, I feel that it's beneficial to specialize in one or two core areas," she said.
A Ticket to Government work
While educational requirements are sometimes flexible, companies working for the U.S. government often require specific certifications (depending on the contract).
“If you have the super skills, but don't have the qualifications, then that can sometimes be a deal-breaker for government customers because they have become stricter in the past few years.”
The Desire to Learn
When Kim conducts assessments on computer networks, she always learns something new or sees information systems that’s she’s never encountered before. The yearn to learn, so critical for those in the field, is highly sought after.
“The cyber landscape is ever-evolving,” Kim said. “So that's why it's important for people to be curious and hungry for learning, so that we don't just dismiss new things that could potentially introduce further vulnerabilities.”
Curiosity is a quality professionals recognize in each other.
“Cybersecurity professionals are always solving some puzzle, figuring out how to penetrate a network, uncovering evidence in a forensics investigation or identifying vulnerabilities in a system.," Miller said. "To solve these new puzzles, you need to be curious and to have a drive and sense of satisfaction that comes from learning something new. Cybersecurity is an arms race, with the tools and techniques available to both sides constantly evolving.”
Don't get ALLTechnical
It’s not all bug-hunting and penetration-testing. Both Miller and Kim said that cybersecurity professionals need soft skills, such as the ability to collaborate on teams, communicate and manage their time.
“Cybersecurity professionals definitely need to have people skills and be able to communicate well, whether it’s giving an overview of a test plan, presenting an outbrief, speaking at a conference or facilitating a telecom,” Kim said.
Large technical challenges benefit greatly from team efforts, Miller said.
“Sure, bugs can be found by individuals, but more complex bugs can be found and understood much faster with a team to support a primary researcher,” he said. “Additional eyes and technical backgrounds are often necessary to uncover key information in a timely fashion.”
“A resume with a lot of buzzwords with no details to support them is a red flag for me,” said Kim.
Even so, make sure you dot your i's and cross your t's — literally. "Significant spelling or grammar errors in a resume shows a lack of attention to detail," Miller said. "It's also not good to include basic technologies in a list of skills, such as word processing or every version of Windows."
This document does not contain Technical Data or Technology controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. E16-CY7J