Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I’ve worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I’m also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

  • shellsharks@infosec.pubOPM
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Having a CTF on your resume and being able to speak to that experience is great imo. Early-career is always a bit difficult for resumes since you wanna beef it up but you don’t want to fill it with things that don’t matter. CTFs, trainings, content you’ve created (blog, podcast, write-ups, GitHub), etc… are all great things to put on there imo. If you have any coding projects or cloud experience (easy enough to get) you can put that on there too. Will you be looking to get a job while pursuing your masters?

    • iamak@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’ll go for something like a TA maybe. I have some job experience already (sde, not cybersec) so idk if it counts.

      things that don’t matter

      Can you give some examples so that I can avoid that

      • shellsharks@infosec.pubOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Mostly non-tech experience. This is subjective and will vary hiring team to hiring team but in this field I have always glossed over any non-tech things on a resume. There’s so much opportunity for people to learn and get involved with IT/security that there’s no excuse to not just focus on those competencies on the resume. Just my opinion.

        • iamak@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Okay. So my experience as a software developer while not the main thing being judged will still be relevant?

              • shellsharks@infosec.pubOPM
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Kinda depends what you want to get into. If you’ve let to land your first security job maybe something like Sec+ to help get your foot in the door. If you know what discipline you want to get into (appsec, endpoint-sec, etc…) this could help further filter down what cert/training might be best to shoot for. Do you know what you think you want to do?

                • iamak@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  I was thinking Network Security. But I’m not sure about it. Sec+ will help me decide that?

                  • shellsharks@infosec.pubOPM
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    Depends what you mean by “Network Security”. A lot of companies have adopted cloud-first environments so traditional netsec is more so cloud infra. In this case there are cloud-specific certs from Azure, AWS, GCP you can take that would be great. If you’re considering traditional network security it may be different. (Though a lot is very much shared).