Reading resumes from the eyes of the employer...

The organization I work for has been collecting resumes for a network security opening for some months now and since my manager's been way too busy to actually follow-up on them, he's passed me the virtual stack for my perusal. I had a hand in writing the job description (which I tilted a bit towards what I consider "real" security work rather than just configuring security appliances with a sheet of best-practices in-hand) and now have over a hundred resumes looking back at me.

Here are some observations in regards to what I must sift through:

Be sure to correctly spell the names of the various security products if you're going to list them (it's "Check Point," not "Checkpoint," for example). Infosec work requires a serious attention to detail and your resume will get scrutinized accordingly. And if you're naming a product made by the company you're applying to, do not misspell it!
There are generally two kinds of candidates applying for network security positions - those that present themselves as device-configuration savvy, and those who dig deeper into the foundations and use open source/low-level tools to supplement their vendor-solution knowledge to go beyond the textbook and assumptions made by the vendors. Guess which direction I'm going to lean towards.
If you're a CCIE, great ... but do not plaster the CCIE logo as a LARGE background watermark. On every page. Seriously.
Proofread your resume ten times for grammar errors. And then have five other people look your resume over. If you screw up more than once, I'm going to have a hard time taking you seriously as a professional who has to demonstrate excellent communication skills.
Parsing through a hundred resumes when I'm already super-busy means I'd like to spend less than ten seconds per candidate on paper. Please grab my attention at the top of the first page where my eyes initially settle and make sure that it reflects the type of skills mentioned in the job description. Don't make me visually hunt for exciting selling points at the bottom of the page.
I don't mind a four or five-page resume ... but that first intro must pull me to it in the first place.
Merely listing device categories or models (Cisco ASA 5550, IPS) under a "Technical Proficiencies" section does not tell me what you know or the kind of value you bring to the table.
Don't just tell me what your job duties are/were at your current/previous positions - tell me what you accomplished and the value-add you provided that makes you stand out from others who would be doing the same job.
Don't try to bury a relatively simple job duty description under heavy jargon in an attempt to make it sound grander than it really is. I can see right through that.
Show me your motivation and mindset. Your creative use of language with the appropriate industry terms (without playing corporate buzzword bingo) will help me realize it. I smile when I see people who are truly hungry and want more than just a job.
If you're applying to a networking position, especially a network security opening, please realize that listing Photoshop and "Coral" Draw is not going to get you very far. Resume spray-and-praying irritates me.

These issues apply to every role which I've conducted resume/candidate screenings and technical interviews for, but it's astonishing that time and time again these are very common traits among a good majority of submissions.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Master Of Puppets

Very good information. Thanks for sharing it. Although I already have a job in network security, I still find it very useful.

fredrikjj

Parsing through a hundred resumes when I'm already super-busy means I'd like to spend less than ten seconds per candidate on paper. Please grab my attention at the top of the first page where my eyes initially settle and make sure that it reflects the type of skills mentioned in the job description. Don't make me visually hunt for exciting selling points at the bottom of the page.

I don't mind a four or five-page resume ... but that first intro must pull me to it in the first place.

Sure, that's what most people do, but it doesn't really paint you in a good light. I'm actually surprised that people are this open about not really caring more than this when recruiting for, presumably, an important position. I understand that it's tempting to equate people's ability to write a resume that stands out with actual tech skills, but I seriously doubt there's any significant correlation.

TechGuy215

+1 Docrice, great information and insight.

SteveFT

fredrikjj wrote: »

Sure, that's what most people do, but it doesn't really paint you in a good light. I'm actually surprised that people are this open about not really caring more than this when recruiting for, presumably, an important position. I understand that it's tempting to equate people's ability to write a resume that stands out with actual tech skills, but I seriously doubt there's any significant correlation.

I will open with the fact that I am very inexperienced in this field. That being said, I consider myself a highly motivated person. People who are motivated seek out others for help when they are deficient in areas. For instance, if you have exceptional networking skills and experience, but have a lackluster resume, you should consider seeking help from others in this area. In addition, you should understand that many people apply for these positions, so you want to be efficient and grab the hiring manager's attention.

I think the most important thing is not to be good at everything (such as writing resumes), but make an honest assessment of your strengths and weaknesses.

And thank you for the post. As someone who just accepted the offer for an entry-level position, this insight should prove to be useful in the future.

neo9006

I agree with you Steve, I think if you can do the job and that is your strength you use it to your advantage and get help on things you are not good at. I always believed be the jack of all trades.

SteveFT

neo9006 wrote: »

I agree with you Steve, I think if you can do the job and that is your strength you use it to your advantage and get help on things you are not good at. I always believed be the jack of all trades.

Exactly, you don't have to give up completely on resumes because they aren't your strength. You will learn along the way, especially if your seek the help of those who write them professionally, or frequently see resumes. In the mean time, I'm sure you can find plenty of people to help you for some relatively small investment, considering what a great networking job might pay.

BGraves

docrice wrote: »

If you're a CCIE, great ... but do not plaster the CCIE logo as a LARGE background watermark. On every page. Seriously.
-Someone did this..? That's...awesome! But seriously...

-Parsing through a hundred resumes when I'm already super-busy means I'd like to spend less than ten seconds per candidate on paper. Please grab my attention at the top of the first page where my eyes initially settle and make sure that it reflects the type of skills mentioned in the job description. Don't make me visually hunt for exciting selling points at the bottom of the page.
-This is spot on and a huge point!

Don't just tell me what your job duties are/were at your current/previous positions - tell me what you accomplished and the value-add you provided that makes you stand out from others who would be doing the same job.
-Excellent advice, generally we already know what a "position" should detail...we want to know how you performed and what you accomplished in that position!

If you're applying to a networking position, especially a network security opening, please realize that listing Photoshop and "Coral" Draw is not going to get you very far. Resume spray-and-praying irritates me.
-Same guy that added the CCIE logo on every resume?

Really excellent post docrice, this can apply to more than just network security, really any job field in IT or otherwise! Thanks for sharing!

networker050184

Number 7 and 8 are my biggest issue when reading someones resume. A big list of of devices and protocols that tell me nothing and then a copy/paste HR style job description for your experience? Next.

Dieg0M

networker050184 wrote: »

Number 7 and 8 are my biggest issue when reading someones resume. A big list of of devices and protocols that tell me nothing and then a copy/paste HR style job description for your experience? Next.

For some firms, if you don't write those specific acronyms you won't get through the robot filter. I personally don't do it but I can understand why other people would.

networker050184

If you are trying to hit a keyword filter than at least tell me what you did with that technology. Work it into your experience section. A wall of words means nothing.

ptilsen

Agreed with all points, docrice, although I will see I do mind 4+ page resumes. I will almost always disregard a resume that large, though we probably hire for very different positions.

fredrikjj wrote: »

Sure, that's what most people do, but it doesn't really paint you in a good light. I'm actually surprised that people are this open about not really caring more than this when recruiting for, presumably, an important position. I understand that it's tempting to equate people's ability to write a resume that stands out with actual tech skills, but I seriously doubt there's any significant correlation.

Being able to write well for a given format and audience is a skill unto itself, and an important one for most jobs, at that. Whether it correlates to tech skills (which I would argue it does, actually) is irrelevant. When I see a poorly-written resume, it indicates the candidate either lacks the care/motivation or the intellectual curiosity (or capability, frankly) to have done research on how to write resumes. If someone can't Google "how to write resumes" and such, I sincerely doubt they'll be able to do competently any job for which I'd be hiring.

Items 7 and 8 are my biggest as well. Skill and protocol lists are next to useless. I want to know what your major career accomplishments have been. If you have some skill or quality that needs highlighting, in can go in a summary. I'd generally rather read a slightly-too-large (i.e. 5+ sentences) summary than a stupid table of product names and protocols that mean absolutely nothing.

Everyone

Great post. #3 had me cracking up. I'm a Systems guy so I don't see applicants with CCIE when I'm doing this, but I could just picture it. Be happy that you are able to have a hand in choosing from the stack of resumes. I have not had that luxury. I get told "You're interviewing this candidate on Friday" and handed their resume. Quite a few that make it through to my level are pretty bad. The fun really starts when you're conducting the actual interview. One of my favorites are the long pauses on phone interviews. Yeah I just asked you a tough question, and you just made it obvious that you're "Googling" the answer. "I don't know" is a perfectly acceptable answer. If you don't know, just say so, don't try and stall while you look online for it. I can tell that's what you're doing, if you're lucky enough to find the right answer, I'm doing to dig deeper.

krjay

docrice wrote: »

8. Don't just tell me what your job duties are/were at your current/previous positions - tell me what you accomplished and the value-add you provided that makes you stand out from others who would be doing the same job.

I've had the opportunity to sift through quite a few resumes in search of a junior level candidate. If a single one of them would have taken this piece of advice they'd probably be hired on the spot. Every line reads 'supported 500 uers', 'setup imaging software' or something similar. Even if they would add a couple words 'setup desktop imaging software to improve IT efficiency' it makes that same line so much better. It shows they are at least aware of the impact their role had on the business.

cyberguypr

I love this type of thread. It must be required reading for those "critique my resume" posts.

Adding to points 7 and 8, you must provide some context. When I see "TCP/IP" listed I ask the candidate if they mean running ipconfig or doing packet analysis with tcpdump, Wireshark or similar tool. 90% of the time they ask "wire what?" If they specify the extent of their experienc ein any particular topic/product, it's easier for everyone. The less time I have to waste figuring what you now, the quicker we can move to establishing an productive conversation on how you may be a great candidate for my company.

Point one is my biggest pet peeve. The ones I see the most are vmWare and CISCO. Honest to God, I've even seen c.i.s.c.o.

ratbuddy

cyberguypr wrote: »

Honest to God, I've even seen c.i.s.c.o.

What I wouldn't give to be a fly on the wall when you ask them what it stands for..

tjh87

I suppose I'm guilty of number 7 myself then. I've always listed the different gear/make/models I have worked on somewhere on my resume. My reasoning for this was to 1.) hit the HR/Recruiter filters if they had specific requirements setup and 2.) to show the prospective employers that I have worked on the models relevant to what they have sitting in their data center/office right now. To my knowledge, it hasn't hurt me yet. In fact, that very block of information came up in two of my latest interviews. Both prospective employers skimmed through it and identified the gear they were currently utilizing and asked my specific background with those devices. I am employed by one of those companies now.

I can't speak to how many employers threw out my resume because of that category. I must say, however, I'm not in a rush to go take it off my resume now either. I understand the reasoning behind listing more in depth knowledge or demonstrating relevant experience with those models. But if I were to do that on my resume, it would be about 100+ pages long. I don't see the harm in listing them so that they can be brought up in a technical interview for a more in depth conversation.

Am I the only one thinking this way?

networker050184

I think it is wasted space that could be much better used, especially since this seems to be the first thing people list. I know when I first go through resumes it's a quick scan of the first page. If all I see is an objective (Your objective is to get a job? Who would of thunk it!) followed by a bunch of keywords and models of equipment it tells me absolutely nothing about what you have actually done and certainly nothing to convince me to keep reading your resume.

YFZblu

tjh87 wrote: »

I suppose I'm guilty of number 7 myself then. I've always listed the different gear/make/models I have worked on somewhere on my resume. My reasoning for this was to 1.) hit the HR/Recruiter filters if they had specific requirements setup and 2.) to show the prospective employers that I have worked on the models relevant to what they have sitting in their data center/office right now. To my knowledge, it hasn't hurt me yet. In fact, that very block of information came up in two of my latest interviews. Both prospective employers skimmed through it and identified the gear they were currently utilizing and asked my specific background with those devices. I am employed by one of those companies now.

Am I the only one thinking this way?

If you're applying for network admin positions, I think model / gear information would be relevent. I may be wrong, but I believe docrice is hiring moreso on the Incident Response / handler, sec analyst side of things.

j23evan

I was at a client site who was bringing in a network admin and a server admin, they wanted an unbiased third party to review the applications that they received. I was responsible for cleaning up and clarifying the job position and requirements from them, and at the same time I wasn't particularly picky. My job was just to filter into a good pile and bad pile.

Wow... Granted they used Monster for the job posting, but they were both one of those generic vanilla requirement jobs.

Server Admin - MS Server experience, server os related certifications, A+/Net+. Bonus if you have itil or any vendor specific experience/certs with the clients vendor.

Network Admin - Network Experience, CCNA+, A+/Net+. Bonus if you have higher/more knowledge.

Out of over 100 applications, maybe a dozen met the bare minimum requirements. The wage was posted with them it was $54k for server admin, $83k for network admin (local government). I didn't think I really asked for a lot, but I was getting graphic artists, java coders, and none of them met the bare requirements.

I believe very few people pay attention/care about specific jobs and just throw their resume at as many jobs as they can and if someone nibbles at it so be it. A very apathetic way to job hunt.

neo9006

Not so much that j23evan, you have a point, but I think what annoys someone like me is, you want this and that for the job requirement, you know what why not give a shot to someone, I mean people want exp, well how is someone going to get experience if no one is willing to take a chance. I understand you do need to know something in the field in order for someone to be hired. I at least know I know as a graphic artist I will not getting a job anytime soon in IT. I get what people want experience and we need to meet the min. requirements. I hope they found someone. People are in need of jobs these days.

docrice

YFZblu wrote: »

If you're applying for network admin positions, I think model / gear information would be relevent. I may be wrong, but I believe docrice is hiring moreso on the Incident Response / handler, sec analyst side of things.

Model / gear information is a start, but it's much more helpful to frames things in context by describing actual experience with them. Using firewalls as an example, I'd have a much better picture if I knew that the candidate connected 15 branch offices via VPNs, deployed HA-paired upgrade units across 10 of those sites, watched the logs daily, and periodically audited the policy to ensure compliance to the corporate acceptable use guidelines.

And you're right about the analyst mindset. I find that too many network admins who have been handed "network security" duties simply because a firewall is a network device don't have a good defense mindset. In other words, they're missing out on realizing how actual threats and host/app/user-engineered pivoting works. Simply managing security devices hardly means having a good security perspective.

An additional example I'd make is this - it's probably easier for an IPS engineer to do firewalls than vice versa. If you're doing real intrusion prevention/detection (not just updating signature sets daily and reading the red dots on the radar), you need to have a much deeper understanding of threats, evasions, and other subtle protocol abuse tactics. A lot of firewall admins don't have a grasp of traffic characteristics at this level, nor do they keep up with the constant stream of news, trends, and threats.

The Technomancer

My view on this, as someone who's trying to hunt down another DevOps Engineer for my team. Mind you, I'm a systems/DevOps guy on Linux and I'm currently looking through resumes of people who want a startup gig rather than enterprise, so my comments will likely be slanted accordingly.

Be sure to correctly spell the names of the various security products if you're going to list them (it's "Check Point," not "Checkpoint," for example). Infosec work requires a serious attention to detail and your resume will get scrutinized accordingly. And if you're naming a product made by the company you're applying to, do not misspell it!

Doesn't particularly bother me, although a well-crafted resume does stand out. Even detail-focused people make mistakes, and I've gained a vast majority of my knowledge from learning from mistakes I've made. Frankly, I'm more interested in seeing what a candidate does when confronted with those errors....this is also why I take the answer to "What's the biggest mistake you've made in your career, and how did you resolve it?" during an interview VERY seriously.

There are generally two kinds of candidates applying for network security positions - those that present themselves as device-configuration savvy, and those who dig deeper into the foundations and use open source/low-level tools to supplement their vendor-solution knowledge to go beyond the textbook and assumptions made by the vendors. Guess which direction I'm going to lean towards.

Make sure you're being clear about that in the job description, and that you're paying a salary/granting a title to match. If your job req reads like just another config gig, or you're undertitling the role, you aren't even going to get resumes from the people you're looking for.

If you're a CCIE, great ... but do not plaster the CCIE logo as a LARGE background watermark. On every page. Seriously.

ROFL! I'd damn near print something like that out and hang it on the wall. That's hilarious!

Proofread your resume ten times for grammar errors. And then have five other people look your resume over. If you screw up more than once, I'm going to have a hard time taking you seriously as a professional who has to demonstrate excellent communication skills.

While I understand your reasoning on this, some of the most brilliant engineers I've worked with have been terrible communicators, and as a high-level engineer, one of your responsibilities is mentoring. I'm a diagnosed Apsie, and if a former lead colleague hadn't pulled me under his wing and taught me how valuable communication skills are (and how to communicate with the non-techies), I doubt I'd have made it as far as I have today in my career.

In the meantime, he got a few years of great work out of me. Always look for an opportunity to mentor -- you'll keep people longer that way and motivate better work out of them.

Parsing through a hundred resumes when I'm already super-busy means I'd like to spend less than ten seconds per candidate on paper. Please grab my attention at the top of the first page where my eyes initially settle and make sure that it reflects the type of skills mentioned in the job description. Don't make me visually hunt for exciting selling points at the bottom of the page.

Damn, I envy you. I'm lucky to get a dozen to sift through, most of which suck. Once again though, while this is excellent advice for non-technical positions, shitty communication comes with the territory in this job, and the best talent cares a lot more about building great things rather than talking about what they've already built. And since those people (generally) aren't getting callbacks from overworked minions like us, they come cheaper and work harder.

I don't mind a four or five-page resume ... but that first intro must pull me to it in the first place.

This is key. The first part of the first page should tell me what you're good at, and the rest of the resume should tell me how you implemented those things at your previous position. And if you worked with a team on your accomplishments, say you did so. Yes, all of us systems/infrastructure guys are credit whores (I have a whole other rant on why that's the case that I'll share sometime), but that also means that we're not gonna work with a jackass who isn't gonna give us our due.

Merely listing device categories or models (Cisco ASA 5550, IPS) under a "Technical Proficiencies" section does not tell me what you know or the kind of value you bring to the table.

I find this useful only because I've never been averse to a quick phone screen, and these highlights give me topics to ask some basic questions about. If a candidate can't answer those, I advise them to brush up on the topics before listing them on their resume and send them on their merry way.

Don't just tell me what your job duties are/were at your current/previous positions - tell me what you accomplished and the value-add you provided that makes you stand out from others who would be doing the same job.

Quoted for truth.

Don't try to bury a relatively simple job duty description under heavy jargon in an attempt to make it sound grander than it really is. I can see right through that.

Indeed, with a caveat. I'm more tolerant of this for candidates where they obviously are looking to take a step up from their current role when they might otherwise be underqualified for the role I'm interviewing for. The phone screen will let me know if you're ambitious and trying to get my attention by (clumsily) talking the talk, or if you're trying to baffle me with BS rather than dazzle me with knowledge.

Show me your motivation and mindset. Your creative use of language with the appropriate industry terms (without playing corporate buzzword bingo) will help me realize it. I smile when I see people who are truly hungry and want more than just a job.

I envy you if you can actually determine this from a resume. At the end of the day, resume-crafting is a skill like any other, and not always aligned with the skill-set actually needed to do the job at a high level....especially in an industry with resume-writing services abound as well as one that draws people that enjoy working with computers/other gear rather than people. I'll find out your motivation and mindset when I start tossing the hard questions at you that I don't expect you to know. Granted, this filter of yours might be a function of having to look through a massive pile of crappy resumes, which is not something I have to deal with.

If you're applying to a networking position, especially a network security opening, please realize that listing Photoshop and "Coral" Draw is not going to get you very far. Resume spray-and-praying irritates me.

Absolutely true, and I have an addendum: You are expected to be able to use standard office software in any job nowadays. Don't list it unless you're a wizard that can teach me something about them that I don't know.

These issues apply to every role which I've conducted resume/candidate screenings and technical interviews for, but it's astonishing that time and time again these are very common traits among a good majority of submissions.

If anyone's read this far, I've got a secret to tell:

I don't give a rat's hindquarters about a resume beyond it being a filter for people far, far underqualified for the role. In fact, if I'm not the one reviewing the resumes, but called in for my turn during the face-to-face interview, I probably didn't read your resume. Not because I don't care, but because it's not relevant. I know what needs to be done -- my questions are going be laser-focused on how much of it you can do now, and your aptitude and ability to learn the things you don't know. I want to see your thinking process, I want to hear the questions you'll ask, and I want to hear you ask those questions of me because my system design is solid and I want to teach you how I do it because it'll let me take a vacation sometime before The Singularity.

instant000

About the hardware model thing:

I had one manager who told me that he almost didn't call me because I didn't have hardware models on my resume.

It's nice to see differing viewpoints on this thing.

Zartanasaurus

#9 is always my favorite when I look at resumes. And we've probably all been guilty of it when we first started trying to make that move from help desk to admin. Set up a couple thin clients because you were moving to VDI? I have VMWare experience!

#7 is hard to avoid since we all know we're trying to get past the HR keyword bingo filter at the 1st level. I try to sprinkle the words throughout my resume in a way that shows what I actually know how to do with that technology. Some of the more important words for the job position get put into the summary at the top to give them a reason to keep looking. If they're hiring for a data center engineer role, you best believe stuff like virtualization, storage and blade systems gets put in the summary somehow. Listing every firewall and router model known to man just wastes space.