top of page

How to Write a Great Resume

Lately we’ve working with people to help them improve how to present themselves. Some of the people we know well as great security consultants present themselves very poorly. This is to be understood, as most of these folks have reputations that speak much louder than resumes. But it always helps to have a version of you on paper that will wow anyone who doesn’t already know you by reputation.

I always like to see a submission knock me over with why the candidate not just qualified, but why I’d be an idiot for not hiring them. Make me want to shelve all the other resumes and call this person as fast as my fingers can dial. To do that, a resume must focus not on what the candidate did, but why I should care, then support those claims through the story of their history. 

A “perfect” resume is one where as I read over it I get more and more excited. Every new line adds to the perceived quality and relevance of the candidate. No lines leave me wondering why I care or asking if it’s a liability. There is a clear progression and/or I can see how all of the experience contributes something to the value presented.

This can only mean a document specific to whatever you’re looking for. That is, what you want to do rather than what you have done. Highlight leadership, strategy, and management experience and skill building. It doesn’t matter as much what you did (tasks, technologies, responsibilities), as how you did it, and why you were successful. But these need not be created each time for each job you apply for – that’s what the cover letter is for.

The cover letter can make or break a candidate, write a custom one each time. Often this is all a hiring manager ever reads, and it can be the quickest way to the top of the stack or the bottom of the bin. Treat this as a roadmap to your resume. Bring out specific highlights from your career that are precisely what the role calls for, in the way it’s been written. Shorten the distance between job requirements and your qualifications to near-zero. Reuse and customize your best bits from other cover letters, but make sure it is specific to the job you’re applying to.

On your resume you might lead with 3-5 bullets that highlight your best outcomes and experience. 

  1. Advanced degrees, security industry presentations, OWASP or other community participation and involvement shows you are hoping to be a leader, not just in it for the money.

  2. Categorize your experience through the lens of whatever you’re aspiring to so I can instantly see that you can do and have done what you will be asked to do.

  3. An outcome you helped generate that ties into the story of your work history, particularly if you can relate a statistic or specific accomplishment.

  4. Tell me how I will know you can do the non-technical parts of your job, like communicating to management, working in a team, hitting deadlines, etc.

  5. Relate an extracurricular activity to how you can excel at your role, how it relates to security, or makes you a better employee.

Then tell a story with your professional and academic history. Expose a clear narrative, with each plot point building on the next over the course of your career, with the logical conclusion resulting in you having all the prerequisites. Make sure that the story doesn’t get confused and that it all ties into the overall plot line. Career or job changes are twists – if done correctly they strengthen the story. Be your own editor and ruthlessly cut out ancient history and tangential detail, rewrite to make the lines clear to the reader, bridge gaps or multiple short chapters so they don’t distract, and make the major points explicit rather than implied.

Having a great cover letter and resume will reduce your work, not increase it. You’ll cut the time spent looking from weeks to days. You’ll spend less time trolling craigslist, Monster, LinkedIn, and other sources. And you can land a much more competitive role (think about it, would you want to work for someone who accepts candidates who look weak?).

Recent Posts

See All

Can you be too secure?

When I hear someone say “you can never be too secure,” I assume they don’t understand the implications of that statement. Perfect security can be seen as the absence of risk. This sounds like a tradeo


bottom of page