Moreno Carullo, co-founder and CTO, Nozomi Networks, discusses what budding cyber security professionals need to include in their CV to land the job they want.
It’s widely recognised that cyber is the next frontier: where battles will be waged between nation-state actors and cybercriminals and their targets, infrastructure will be brought to a halt, reputations will be irredeemably damaged, and adversaries will greedily line their pockets.
In the face of this dystopic reality, it has become a financial and operational imperative for all industries to recruit the right cyber security professionals to defend themselves, their partners and their users.
However, entering a sector that places so much responsibility upon those that work in to protect others, their profits and their networks, this can be an incredibly daunting prospect to budding cyber security professionals.
While they may possess the necessary technical skills, they first need to demonstrate to prospective employers how they have acquired and developed them in the form of a written CV.
To inform these individuals and go some way to bridging the skills gap that is afflicting the cyber security space, I thought I’d share some advice I’ve gathered from decades’ worth of personal experience working, and applying for new roles, in the sector.
Making a good impression
The most important step is the first one; make a good first impression. Usually, the first point of contact is your CV so it’s essential to have one that stands out. Most professionals don’t have lots of time when undergoing the recruitment process, so keep your cover letter short.
The exception to this is if you’re applying for a job that mainly requires writing, in which case, the cover letter is the first introduction to your writing style. In my experience, I find it more conducive to outline technical ability and work experience concisely. This allows your CV to stand out at a glance when other long-winded attempts would end up in the recycling.
For me, experience is the most important thing. I’m not expecting 20-year-olds to have 25 years’ experience for an entry level job, but the more experience you have the better – especially if it’s in the form of research conducted through personal initiative, or self-published research.
A relevant university qualification, teamed with practical experience, is also an increasingly helpful asset to have as an applicant. Because most computing degrees offer curriculum that are too broad in scope and fail to get into the nitty gritty of cyber security, it’s important that students are proactive in pushing for more practical learning modules or finding it through extracurricular work experience.
Most universities and lecturers have industry contacts so students hoping to get into the profession should use these networks to proactively search for companies. This shows a passion for the industry that supersedes scheduled contact hours.
Do qualifications matter?
Qualifications don’t always require years of study. When I see qualifications awarded by the SANS Institute, I immediately register that the applicant is skilled. As qualifications like this are mainly based in the US, having them in the UK would be a great way of standing head and shoulders above the competition.
While I know that these courses can be costly, experience doesn’t just have to be supported by an expensive piece of paper. You can also learn at home and by providing instances of self-made research or published projects you show the necessary passion and autodidacticism that is essential for the job.
The best way to stand out is to have meaningful work experience. I don’t just mean being another brick in the wall of a multinational corporation, but by being part of the wall itself. Gaining meaningful corporate experience is a sure-fire way to build up a network of contacts and important communicative skills. Some companies will hire from their own networks because trust is as important as experience. This provides a clear career trajectory where learning on the job is encouraged. Skills can be learned, but trust must be earned.
It might sound an obvious point to some, but once you’ve incorporated these qualities into your CV, it’s important that you’re proactive and apply! The cyber security sector is not a place reserved solely for formally educated men. On the contrary, it’s an expanding space that currently lacks the personnel and diversity to combat the growing threats facing businesses, networks, infrastructures and societies across the globe.
Rather than penalising diversity, it’s an industry that fundamentally relies on it. So, if you have a propensity for learning and growing, and can demonstrate this in your journey of personal development, make sure put yourself in contention for the role(s) you want. If you’re more technically minded, or struggle with written communications, ask for help in polishing up your CV and seek advice on how to “stand out” on paper.
Above all, remember experience is essential. Recognise that you can acquire it at any stage of your journey and be proactive in chasing it down. It’s rare that opportunities fall directly into your lap. Therefore, make sure you never stop learning and seeking out new opportunities to do so. And make sure you show it off on your CV.