Tips On Finding a Job in the Infosec World

​Finding your first job can be a difficult task. Scratch that. Finding any job can be a terrible experience. Full of emails saying no thank you. Never hearing back from a job you thought was perfect. Or just getting destroyed in an interview. I think we have all been there.

Although there is no preventing letdown during the job hunting process in information security, a few things can make the process more productive. This blog is dedicated to the best tips for job hunting provided by a dear friend of mine who happens to be a recruiter, Mr. Derek Iannelli at Samurai Hire, and my experiences.

You may find advice on the internet that is contradictory. Still, in my opinion, these tips are not only more likely to get you hired but help you find a place that you can excel.

1. Use LinkedIn for Your Resume
​

​This tip was entirely new for me until a couple of weeks ago. Apparently, you can export your resume with LinkedIn. Do you mean I have been wasting my time keeping up a resume? Yup.

According to Samauri Hire, you can export your resume in two different formats: LinkedIn Resume and CV. Business Insider has a great post on exporting your resume.

So focus your efforts on improving your LinkedIn resume, and don't worry about your regular resume. If you have spent time and money on producing a polished piece of work, great! Take that and put into on LinkedIn. Maintain your profile. And next time you are in the market for a new job, export an updated resume. Easy.

2. Make Sure You Have the "Must Haves"
​

​Contrary to popular wisdom, Derek says to not waste time on jobs with "must have" requirements that you don't meet. He says that most of the time, your resume will be rejected.

If you do have the required skills, make sure they are reflected in your resume. Often recruiters use an automated system to parse through resumes. This system can't read your mind or in between the lines. Therefore, if the skill is not mentioned, the software interprets you do not have the requisite skill. Denied.

3. Don't Rely Solely on a Recruiter
​

This tip came from HiredStudio's blog 10 Ways to Piss Off a Recruiter. Do not. I repeat. Do not rely solely on your recruiter to find a job. Recruiters are your friends. And they are doing their best to find a role. Most recruiters, not all, will try to find you a position that fits the company and you like a glove. This is because they get businesses to work with them based on reputation. They also get candidates by referral of other candidates. Therefore, if they do a lousy job matching up, they lose money. 

With that being said, Infosec recruiters are only looking at roles they get paid for. This translates to there are many other roles out there for you. Don't miss out on these other jobs. You should be job hunting with your recruiter.

​With two people looking, you are more likely to find a role that is a good match. My favorite places to look for jobs are:

• LinkedIn Jobs
• Google Jobs
• Dice
• Glassdoor

4. Add Continuing Education Courses to Your Profile
​

​Most people think that courses other than certifications don't mean anything on your resume. Wrong. This is especially true for those looking to break into the cyber security industry. Taking courses are a great thing and can set you above other candidates.

Believe it or not, most candidates don't do any extra study outside of certifications and college. Whether they don't care that much or don't know that training is out there, they just don't do it. From my personal experience of sitting on hundreds of interviews for SOC Analyst positions, we almost exclusively only hired people who did additional training or had a lab. Yes, you read that right, “almost exclusively.” 

It's not that we were discriminating; these candidates just tended to crush the interview. Those who solely rely on certifications and degrees to get jobs missed out on the intricacies of technology, techniques, and knowledge. They just couldn't answer questions well. However, candidates who did additional work understood what they learned better. They could speak at length in areas they spent more time studying. Think about it. Who would you hire?

Don't worry, I have some resources for you.

• If you are a veteran, you are eligible for free access to LinkedIn Learning.  
• If you went to college, see if alumni have free access to any training platforms.
• HackTheBox and TryHackMe are two of my favorites if you are looking to get into the SOC or become a pen tester.
• Udemy is usually free or low-cost courses. Often course authors drop discount codes on LinkedIn, such as The Cyber Mentor.
• John Strand has a "pay what you can" course on SOC Core Skills

If any of the courses have certificates of completion, make sure it gets added to your LinkedIn profile.

5. Create a New Cover Letter for Each Position
​

​Some people tend to use the "spray and pray" approach to send the same resume to hundreds of positions. Don't do that. Instead, focus on the positions that are most interesting to you because you will be spending time modifying your resume and cover letter. I know what you are thinking. Is this man serious? Yes, I am. Each time you submit something to a company, your resume, and cover letter should be crafted to meet their requirements.

Yes, this takes work. But that is also why you are not sending out hundreds. You should sprinkle in verbiage from the job posting into your documents. But only if it is true. This will catch the recruiter's eye and help you pass the automated parsing. It will also set you up for success in the interview. This leads me to my next tip.

6. Don't Misrepresent Yourself
​

​As an interviewer, if you put something in your resume related to the job you are applying for, I will ask about it. If you fumble on the answers, I will no longer trust anything on your resume. 

Honestly, this breaks my heart. I read a resume and think this person will be awesome. I am excited about the interview. Then I start asking questions and see a deer in the headlights.

Do not misrepresent yourself! Use words that convey your understanding of the topic, such as "a working knowledge." There will probably be zero reasons for you to have the word  “expert” on your resume.

Funny story. I interviewed a college graduate who rated himself a 5 out of 5 in Windows Operating Systems. I start asking about registry hives, and he had no idea. Permissions. Nope. Commandline syntax. Nope. I stopped probing and asked him what he was comfortable within Windows. He said he could transfer files, install programs, create users, and do other similar tasks. That is not an expert. 

The moral of the story is to use appropriate language to reflect your actual skill level. You may get an interview by telling a white lie, but it won't save you come game time. So save your interviewer and yourself some heartache by being more transparent on your resume.

7. Not All Recruiters are Created Equal
​

Just like no two people work the same, recruiters are all different. Some recruiters ask what you are looking for and want to make a good match. While others just want to put your butt in any seat. Use your street smarts. Listen for queues that the recruiter isn’t listening to what you want. The job is below your skillset.

For instance, I have recruiters reach out almost every day. Some of them are offering me jobs for a help desk. Really? All my experience, certifications, and degrees, and you ask me about a help desk position? Yes. Some just don’t care. I used to just think this was foreign recruiters; however, this is anyone. Stay sharp and ignore these types.

Instead, focus on recruiters who get to know what you are interested in, what type of salary you need, provides job hunting tips, and give honest insight about the company you will interview for. I like to look at this type of recruiter as job hunting partners.

Realize that recruiters are business professionals. They only get paid for seats they fill. And companies only work with the recruiting firm if they like their work. Therefore firms with a good reputation can be expected to have your interest and their client's interest in mind.

Make sure to confirm this by looking at the company website and Glassdoor review. If the website looks like it came from the 90’s, or doesn’t look well made, move on. If the Glassdoor reviews scream this recruiting firm doesn’t care about you, run. And do this all before you give them any personal information or waste time with them.
​
Firms I like to work with:
Samurai Hire
HuntSource
NinjaJobs

Conclusion
​

Best of luck on your job hunt. I hope these tips help you avoid common pitfalls and enable you to land even more quality interviews at businesses that you would thrive.

Don’t feel bad if you get nos. We all get the terrible no. Just keep your head high and move on to the next potential opportunity.