How to Build a Resume Funnel
When you're just starting in cybersecurity, you're up against tough competition. After all, a hiring manager can open a job requisition and get 500 applicants the same day. Getting a cybersecurity job has always been semi-difficult, but today, it's tough. A perfect storm of an influx of candidates graduating and preparing for roles in this industry, coupled with the reduced amount of work due to automation and AI, means there are just so many people who want jobs and so few who are hiring. This is how to build a resume funnel.
When a hiring manager reviews the 500 applicants, it's a job no one wants to do; it's boring, and all the candidates look the same. The strategy for you is to make the hiring manager invest more time in you as a unique candidate and invest in you as a unique person.
On your resume, at the top center should be your name and any significant certifications, the following line should be your contact details, and the third line should be a link to your blog/medium. The hiring manager will immediately see this as unique in a classy, non-flashy way. If the hiring manager scans the rest of your one- to two-page resume and likes it, they will click on this link and your LinkedIn link to learn more about you. The goal of this funnel is to make the hiring manager invest time in you as a candidate.
In the following two sections, we are going to talk about your LinkedIn and your Medium
Improving your LinkedIn is almost universal advice for increasing your chances of getting a better-paying job. LinkedIn is the new resume; most recruiters find you there if they are looking for your skillset.
If your LinkedIn is drab and boring, you significantly reduce your chances of being discovered, no matter how strong your cyber-security knowledge is. Apart from the general stuff like putting in your certifications and job title, there are some tips you should keep in mind.
Use the LinkedIn banner image and headline to grab attention. Take full advantage of the “Featured” section on your LinkedIn profile. This is the best place to showcase your achievements and awards you might have won. Also, please provide any good articles you might have written, videos, etc.
When describing your current job experience, do not just include your job description and what you do; also include your achievements and the extra stuff you did to stand out in your current position. Remember that the hiring manager is interested in your unique strengths, not just your 9–5 duties!
Use the media section for each job to add any awards or conferences you attended while in this position.
Medium
If you want to start building up a brand as a cybersecurity expert, then Medium is quite possibly one of the best places to start doing it. It is a free blogging site with a massive built-in audience of technology professionals, and the next one might be your new manager. Choose a few topics on your road to cybersecurity, tutorials for any projects you've worked on, cybersecurity product or service reviews, training reviews, and reviews on any books you've read; try not to sound too pessimistic, and write at least two articles every week. Share them on LinkedIn and see the magic happen as more people follow and interact with you. Leave a banner at the end of every Medium article connecting to your LinkedIn profile.
SOC Conferences & Meetups
Word of mouth is your friend! It is important to grow your network. Having a broad network of people you can talk to professionally opens up new opportunities and gives you people to discuss your new ideas with. Professional connections help you stay on top of the latest trends, such as news or technical techniques, that will benefit you greatly. There are many opportunities to get involved in projects or communities that are local to your area. Some of these include:
2600: 2600 (2600.org) is an organization deeply rooted in hacker culture. Today, it exists as a website, meetup space, conference, and magazine, to name a few. The history of hacking is fascinating, and their name comes from 2600hz, which is the frequency at which a plastic whistle found inside a Captain Crunch box sounded when blown. Blown into a payphone allowed the hacker to make free phone calls.
DEF CON: The crown jewel of hacking conferences. The DEF CON conference is traditionally held annually in the summer in Las Vegas, NV. It is considered a pilgrimage for anyone in infosec! There is so much to do, so many knobs to twist, bells to ding, and big red buttons to push; you will never have time to do it all. What makes this conference great for your career is that recruiters love it! I have heard so many stories of people getting job offers on the spot at DEF CON. DEF CON is even better if you volunteer at the events. You will meet more people and at a deeper level. Additionally, DEF CON has “DEF CON groups,” which are smaller DEF CON meetings in your local areas, usually every month. This is also a great way to network with your regional infosec peers to see what is happening in your local infosec industry and hopefully pick up a lead!
BSides: BSides is a popular conference held locally in many cities and during the same time frame as DEF CON in Las Vegas. It is relatively popular and offers a lot of value. Tickets are cheap (and free if you volunteer), giving you access to what is happening and the people in your area.
OWASP: The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve software security. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the Web.
Hackerspaces and Makerspaces: These meetups in your local areas are a great way to meet people, tinker, pull knobs, and push buttons. Sometimes, these meetings allow their members to give presentations in a show-and-tell format, which is a great way to build your presentation skills.
If you have been attending meetings in your surrounding areas, don’t forget to take a pencil and notepad to write down emails and contact info of the people you meet. It is not weird and doesn’t feel uncomfortable; everyone there is there for the same reason, and you’d be lucky to have a notepad. Most people would feel flattered if you cared enough to write their information on the notepad. Tell your new friends you want to keep in contact and be on the lookout for them. Follow up with everyone the day after, and send them your resume to share with others.
Knowing someone who will refer you might be your only way in with so many applicants. If someone refers you, you get to skip the line and miss the whole first stage, and they will automatically pick up your resume from the pile and give you an interview.
Online Chats
Getting your name out there online is also important. Start getting involved in groups like the Cyber NOW Discord and the more popular ones like the Black Hills Information Security Discord (BHIS). There are many other online Discords and Slacks that you can join to get to know people and sometimes get the latest job offerings before they hit the public.
Competitions
This KB wouldn’t be complete if we didn’t take a minute to talk about capture-the-flag (CTF) competitions. Capture-the-flag has been around since the beginning, and it started with vulnerable applications and systems with text strings hidden inside of them. The participant finds the text string and submits it to the judges, and they get points for every proof that they’ve hacked it. It started in 1996 at DEF CON (mentioned above) and today has evolved into all sorts of various capture-the-flag challenges inside and outside of conferences. Tyler’s favorite challenge is the DEF CON Blue Team Village capture-the-flag, but he has competed in Ghost in the Shellcode, SANS Netwars, Holiday Hack, and CSAW, and was a mentor for high schoolers for the CyberPatriot program. Tyler was never fantastic at them but always competed on a team, which was fun. Most bigger conferences other than DEF CON will have their capture-the-flag competitions. For instance, the Splunk conference, Splunk.conf, hosts a popular capture-the-flag called BOTS for the Boss of the SOC, which is very challenging and popular (congrats, VMware, for taking 3rd in 2023!). If you are in college, there are many student-oriented capture-the-flag competitions, and perhaps the biggest one that should be on your radar is the Collegiate Cyber Defense Competition (CCDC).
In addition to these, there are many online CTF competitions and challenges that not only have communities that you can join and participate in to enhance your networking by finding common ground with new people but also provide awards, credentials, and overall bragging rights. The most popular online CTF platform today that I would recommend you look at is TryHackMe (THM). TryHackMe’s popularity has skyrocketed for being the premier hacking challenge, and it's expected to look around on LinkedIn and see analysts advertising that they are “Top 2% in TryHackMe” or “Top 5% TryHackMe”. If you get serious about playing the game and showing off your skills, you can purchase the subscription to make your learning and earning points faster. TryHackMe offers guided walkthroughs and is best suited for beginners.
Hack the Box (HTB) is another platform like TryHackMe, except it is a little more expensive for its subscription program, and you’re a bit more on your own with its challenges. HTB's claim to fame is that it is the top cybersecurity upskilling platform. However, the platform does require a basic understanding of pen-testing and may not be as beginner-friendly as other alternatives. It is very comprehensive and challenging.
On the other hand, for defense (blue team) challenges, Lets Defend is rising in popularity. They have a free option, but it's a subscription purchase for the SOC Analyst track. They have some neat challenges that would give you hands-on exposure to some of the things we do daily and even give you a certificate to share on LinkedIn.
I hope this short KB has given you some ideas for building your brand The Resume Funnel Strategy. We will continue to work on building a brand that employers want.
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University and CISSP, CCSK, CFSR, CEH, Sec+, Net+, and A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, and ten online courses specifically for SOC analysts.
You can connect with him on LinkedIn.
You can sign up for a Lifetime Membership of Cyber NOW® with a special deal for 15% off with coupon code "KB15OFF" which includes all courses, certification, the cyber range, the hacking lab, webinars, the extensive knowledge base, forums, and spotlight eligibility, to name a few benefits.
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Some of our free resources include the Forums, the Knowledge Base, our True Entry Level SOC Analyst Jobs, Job Hunting Application Tracker, Resume Template, and Weekly Networking Checklist. Ensure you create an account or enter your email to stay informed of our free giveaways and promos, which we often offer.
Check out my latest book, Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success, 2nd edition, published June 1st, 2024, and winner of the 2024 Cybersecurity Excellence Awards and a finalist in the Best Book Awards. If you enjoy audiobooks, I suggest the Audible version, but you can also get it in beautiful paperback, kindle, or PDF versions. The downloadable PDF version can be grabbed here.
Komentarze