Getting into infosec: Top 2 Ways to make a Junior Analyst Resume pop

Are you worried that when you submit your resume, it looks like all the rest in the pile? Well, you are not alone. Even with the deficit of infosec practitioners, the competition for quality jobs is still high.

To get an offer, you still must stand out from the crowd to get noticed. This proverbial pile, I speak of, isn’t just a single stack but is actually made up of multiple interview phases that companies use to sift through candidates.
​
This blog will discuss things you can do to your resume to supercharge it to land multiple interviews.

Add Courses

Our first step is adding content to your slim resume. Most junior-level analysts have pretty bare resumes because they have no experience yet. So, when a recruiter is looking through their stack of one to two-page resumes, they all look the same.

• Contact Info
• Summary
• Experience
• Degree
• Skills

No offense, but if you are entry-level, your experience is most likely useless to the infosec field, and your skills listed mean nothing. Don’t feel bad. Everyone in the stack looks exactly the same except a few. My goal is to make you one of those few.

As these first part of the fix, you want to add courses to this resume that show you have the skills you claim. But where do you find free or cheap courses? You are a recent college graduate, after all, or transitioning careers.
​
You have plenty of options for this.

Related Blogs: Tips on Finding a Job in the Infosec World

LinkedIn Learning

If you are a veteran, you can get free access to this site and a premium LinkedIn account while you are at it. LinkedIn Learning was once called Lynda until LinkedIn snagged it up. They offer high-quality surface-level courses on pretty much any topic you can think of.

For some suggestions for infosec check out:

• Cybersecurity Foundations
• Cybersecurity for IT Professionals
• Learning Cyber Incident Response and Digital Forensics
• Network Forensics
• Operating System Forensics
• Ethical Hacking: The Complete Malware Analysis Process
• Wireshark: Malware and Forensics

​I haven’t sat through all these courses myself. However, the topics covered are in line with the knowledge that will come up in your interview and on the job. Make sure to add the completed courses to your resume.

Site: https://www.linkedin.com/learning/

TryHackMe

TryHackMe is my favorite recommendation of 2021. They offer hands-on activities that cover both the red and blue team side of things. Some of their content is free, but the rest is paid for.
I highly recommend getting a subscription at some point but do what you can for free. The courses are very well made (mostly without hiccups), and you will learn plenty.

In addition, you will get hands-on practice that you can talk about in your interview. When I was teaching courses, I used TryHackMe as my lab to help drive home the lessons. The students loved the experience and continued using the platform.

For future Junior SOC analysts, check out the paths:

• Pre Security
• Cyber Defense

​The great thing about TryHackMe is that they actually give certificates after completing the learning paths. You can add this to your resume in addition to the individual rooms.
​
Site: https://tryhackme.com/

Udemy

Udemy has a ton of courses across pretty much any subject, and they are cheap. You can usually score your first course for about $15.

I haven’t taken any intro classes on this platform, so, unfortunately, I can’t make any recommendations. However, I have taken others.

The quality varies substantially from instructor to instructor. Make sure to only purchase those from reputable people or those with 4+ star reviews. I typically only trust reviews when there are more than 1,000, but you do you.

Look into intro infosec courses that dig into topics that are applicable for a SOC analyst, such as:
​

• Wireshark
• Networking
• SIEM Analysis
• Forensics
• Malware
• Cryptography

Site: ​https://www.udemy.com/

Antisyphon InfoSec Training

I believe these guys are relatively new as well. The legendary John Strand teaches two of these courses at various times of the year at a “pay what you can” rate. Meaning you literally pay what you can. If you spend at least $195, Antisyphon will give you six months of access to the their Cyber Range.

The pay-what-you-can courses are:

• SOC Core Skills w/ John Strand
• Active Defense & Cyber Deception w/John Strand

 
These are also courses that I haven’t taken myself, but these courses are a steal based on who the instructor is. He is one of the SANS instructors, meaning he is good.

The SANS Institute doesn’t play around when it comes to its instructors. It takes a long time to work your way up to an instructor. And at free, it beats the usual $7,000 SANS price.

If you want to check out these courses, you will have to wait a bit, depending on when you read this.
​
The next SOC Core Skills is coming up on March 28, 2022, and Active Defense Cyber Deception is coming on January 24, 2022.

Site:  ​https://www.antisyphontraining.com/

SANS Cyber Aces

A free offering by the heavy hitter and usually very expensive SANS institute. When I first started out in cyber security, I took this course and learned a ton.

In the material, they cover the topics Operating Systems, Networking, and System Administration. All beneficial topics, especially for those with zero experience.
​
I can’t remember if you got a certificate for completing this training. I also didn’t see that listed anywhere on the Cyber Aces website. If you complete the training, just record it as a course on your resume.

Site: ​https://www.cyberaces.org/

Google’s IT Security: Defense against the digital dark arts

A final course that actually comes recommended from a Reddit user, Google IT Security.

This course is part of a more extensive professional certificate program called “Google IT Support Professional Certificate.“ Google is doing incredible work by putting its weight behind this training initiative. Besides infosec, they provide training in various subjects as well.
​
This course is free and by a big name. So check it out if none of the other options suit you.

Site: ​https://www.coursera.org/learn/it-security

Complete a Certification

You may have heard this a time or two. But guess what? It’s true. Get a certification!

Many candidates who get out of school and enter the job market are doing so without certifications. The candidates simply write on their resume “certification in progress.” Honestly, that means nothing to me because you could say that about anything whether or not you have made any progress.

Do you know what looks even worse? When candidates put, they are actively working on multiple certifications. Nobody can legitimately study for two and three certifications at once.
This looks bad to hiring managers because the reality is everyone likes to make goals, but most people fall short in accomplishing them. Hiring managers want to see that you have continuously improved your skillset as you wait to get your foot in the door.

Online courses help. But if you want to score serious points on your resume, get a certification.
I typically recommend getting the CompTIA Security+, but the CompTIA CySA+ is another entry-level option. Personally, I have the Sec+ and not the CySA+. But, talking with junior analysts, they seem to be equal in difficulty.

If I were starting out today, I would likely take the CySA+ over the Security+ because the certification focuses more on SOC skills.

Honestly, you can’t go wrong with either one. The Security+ is most likely listed more in job descriptions because the CySA+ is a relatively new certification. But the CySA+ will be more in-line with the skills you need.

Either way, you go, I recommend knocking one of these bad boys out. If you are still in college and planning your path into the workforce, knock it out one summer. Trust me, you will thank me.
​
Another benefit of taking the certification while in school is that you will likely get free or discounted vouchers for the exam. For more information, ask a professor or your school’s career development department. 

​How to Add Training and Certifications to Your Resume

If you have an “Education” section, perfect! Create another subcategory called “Additional Training” or “Professional Training” for your online courses.

Make sure to list the course name and date completed. One caution with courses. Some people may be a little unscrupulous and add things that aren’t true on their resume. Your interviewer may look these courses up and ask questions about them. Be prepared to answer.

If you actually took the course, you will be fine. If not, you will look dishonest and blow the interview. I always advise people to be prepared for questions about anything on the resume.
​
For certifications, you can add a section called “Certifications” or “Professional Certifications.” List the name of the certification, when you acquired it and when it expires.

​Conclusion

If you add some online courses and a certification, you will stand out like a neon light from the crowd. Will it get you the job every time? No. But it will open more doors and provide more opportunities.

Make sure to prepare for your interviews and follow our other suggestions from this series. If you have any other suggestions for your peers, shoot me a message or comment.
​
Please let me know any success stories as well! They motivate me to keep putting out content.

Happy Hacking
- Silverbits

Author

Silverbits is an infosec practitioner who has spent time in the crazy SOC life, at a help desk, as a penetration tester, doing digital forensics and malware analysis. All together, he has over 7 years of experience in Information Technology.

Related Pages

Top 8 Junior SOC Analyst Interview Questions to Study

Land a Job

​Tips on Finding a Job in the Infosec World