Re: CV for InfoSec Jobs

[Patrick Laverty <patrick_laverty () brown edu>]

Along the same lines with what Allison said about getting your name out
there and making the contacts, often there are bonuses paid to employees
for referrals. So if you meet some of these people at various venues,
whether it's at a conference or local DC meetings, someone may send in your
name as a referral. At that point, you know you have someone pulling for
you from within the company that isn't a part of HR.




On Wed, Jan 30, 2013 at 11:18 PM, allison nixon <elsakoo () gmail com> wrote:

> If you don't have the buzzwords necessary to get past HR you should
> consider trying to get that job in ways that bypass HR.
>
> The best advice i ever got was to start a blog and start documenting
> projects, and go out there and get your name associated with accomplishing
> cool stuff.  people read those things and chances are a good number of
> those people are trying to fill headcount.  companies will approach you and
> from there it isn't so much of an uphill battle to convince them you're
> capable.  Even if you aren't experienced in that specific area, showing
> you're capable of problem solving counts for a lot because people value
> that skill even though theres no buzzword cert for that.  Also, people WILL
> google you and you're a lot better off if you leave behind a trail of
> breadcrumbs that impresses them, than either an empty google history or
> stuff by other people with your same name.
>
> also in the process of doing that, you learn a lot of stuff.  good times.
>
> -a
>
>
> On Wed, Jan 30, 2013 at 10:52 PM, TheTolik <thetolik () yahoo com> wrote:
>
> > You need to determine the track you are going in. Your income potential
> > and ability to enter the space will significantly improve if you have
> > knowledge and any level of experience (Read: even in-lab experience) with
> > common enterprise security tools and technologies, especially SIEM, DLP,
> > Encryption, Application Control, Mobility Solutions, etc. If you don't have
> > specific keyword skills, you will be quickly surpassed by a candidate that
> > may have less experience overall, but one that has key solution-based
> > knowledge and experience.
> >
> > You also need to understand your security domains. The best way to
> > present that knowledge is via certifications. Many in the industry brush
> > them off as a joke, but most people in HR, as in the folks that actually
> > qualify you before you get to talk to the hiring management, will look for
> > those and prefer candidates with any relevant certifications. If you cannot
> > qualify for one, at least do self-study to learn the necessary security
> > fundamentals as your interviews will likely be broad, and learning the
> > CISSP domains, as an example, will do a great job preparing you.
> >
> > Hope this helps.
> >
> > Andy | Oxbeef
> >
> >   ------------------------------
> > *From:* Andrew Case <atcuno () gmail com>
> > *To:* PaulDotCom Security Weekly Mailing List <
> > pauldotcom () mail pauldotcom com>
> > *Sent:* Wednesday, January 30, 2013 10:09 PM
> > *Subject:* Re: [Pauldotcom] CV for InfoSec Jobs
> >
> > I might be answering your questions out of order, but hopefully this
> > helps:
> >
> > 1) Do not worry about the 1 page rule as long as your information is
> > reasonable...
> >
> > 2) List any relevant certifications (obvious, but was not on your list)
> >
> > 3) I have seen many people list security tools that they are
> > comfortable using for pentests, reversing, etc (whatever it is you
> > focus on)
> >
> > 4) If you have never spoke / presented / demo'ed at conferences, then
> > you can list ones you attended, but otherwise I would just list where
> > you had active participation. If you have never spoke then you should
> > start! Events like Bsides are a great place to get your first
> > experience speaking and many bsides run tracks specifically for new
> > speakers and have speaker coaches, etc.
> >
> > 5) I would definitely list any local groups you belong to as it shows
> > an interest outside of 9-5 in the field
> >
> > 6) If you can code and have written any applications, small scripts,
> > etc, then definitely list them. Even if its just utility scripts to
> > automate things you normally have to do by hand.
> >
> > 7) List any trainings you attended including the class number, link to
> > the page if its still up and so on
> >
> > Hopefully that is a good start. If you are job hunting I would also
> > recommend making a linkedin profile if you dont have one and make sure
> > it closely matches what is on your resume/CV.
> >
> > On Wed, Jan 30, 2013 at 10:17 AM, Bacon Zombie <baconzombie () gmail com>
> > wrote:
> > > Hi All,
> > >
> > > I'm looking to move from Network/System Admin role into pure Security
> > > and in the middle of updating my CV.
> > >
> > > I would like to see if the hive mind has any opinion on what should
> > > and should not go into a CV and should a CV for a Security Job be
> > > different from a standard Tech CV.
> > >
> > > Soon difference that come to mind are:
> > >
> > > #> Do you list conferences you have attended and if so what section do
> > > you list them under or do they deserve there own section.
> > >
> > > #> Do you list projects and CTF.
> > >
> > > #> Do you list that you are a member of your Hackerspace, DC or 2600
> > > group and what do you put it under.
> > >
> > > #> Do you follow the no more then 2 or 3 pages rule or has that
> > > changes now since most people will read your CV via TXT/PDF/DOCX and
> > > not a printout.
> > >
> > > What are some thing really should include and also really should not
> > > include on my CV.
> > >
> > > Thanks in advance,
> > >
> > > P.S : Just realised CV may not be a common term for all; CV =
> > > Curriculum Vitae or Résumé.
> > >
> > > --
> > >
> > > BaconZombie
> > >
> > > LOAD "*",8,1
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom () mail pauldotcom com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com