Resume/Career Path Questions

Hello everyone. I posted in this forum a while back to get advice on a career path and I very much appreciated the responses I got. I'm hoping to re-visit that a bit and get some resume advice as well.

Currently I do IT/Helpdesk support for a company in Oregon. Over the past couple of years I've acquired my A+, Network+, Security+ and recently my CISSP. I'm looking to move into the InfoSec world but am a bit unsure of where to start or what to look for. I found this sticky thread in a different forum and thought it was pretty informational with regards to deciding what path I'd like to go down and from keatron's post I feel like the Network Security Analyst/Network Security Policy path is my desire. Attached are two resumes: the one titled "CO - SA Resume" is my resume that I used to apply for a Security Analyst position that came open within my organization about a year ago - unfortunately I did not get the position. The second resume is my current resume and is the one I submitted to ISC2 for official certification. I feel like I need to tweak it for use when applying for new jobs but just not sure what is relevant on there and what isn't. I'm essentially in a position where I have some certifications but not a ton of in-depth extensive experience in the InfoSec realm. To reference keatron once again he has a great blog post and with reference to this post I'd say I'm between level 1 and level 2. I would love any feedback regarding the current resume and any adjustments I can/should make to appeal to current Security roles - as of right now I really feel like an Analyst role is what I'm looking to obtain. I certainly would welcome any thoughts regarding this and/or advice as well. Thank you in advance! Happy Friday!

IT Support Specialist-NOPIIv4-.pdf

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

You need to delete your personal information from the resume immediately. Never upload your PII to the Internet like that, it's a really bad idea.

Also, you should delete your high school diploma from the education section. You have an associates degree, therefore the high school diploma is not only implied, but redundant and unnecessary.

I will take another look at this after you strip out the PII and reupload.

Done and done. Thank you for the advice and catch.

Ok, so your professional summary section could use some work. Instead of relying on bullet points, I would type a paragraph using complete sentences. See the sample resume listed below for a great example.

Within the certification section, list the CISSP first. Always list your highest cert, then list the rest in order of decreasing value. A+ would go at the bottom.

Within the experience section, each job position should begin with a high-level overview of your daily duties and responsibilities as well as commonly used technologies. Then use a few bullet points to highlight projects, special accomplishments, achievements/promotions, etc. Don't rely solely on bullet points like this.

I highly recommend that you try and edit this resume down to two pages. You have a lot of good work experience, but this is just way too much information to read through. HR and hiring managers generally don't want to spend any more than 20 seconds browsing through any single resume. I would type of the high-level overviews for each job, club and edit some of the bullets, and get this thing condensed down. Once you reach the 15+ experience mark, then you can add a 3rd page to the resume.

Once you make some changes and are ready to re-upload your resume, I recommend that you save/convert it to pdf format. That way every viewer sees the exact same format when viewing the resume.

For a fantastic reference resume, I highly recommend that you take a look at ptilsen's resume. It doesn't get much better than his:

http://www.techexams.net/forums/jobs-degrees/91333-resume-time.html

I'm no resume expert by any means, but I spent a lot of time and energy on mine, and had some good help with it. If you want to take a look at mine, it's posted in this thread:

http://www.techexams.net/forums/jobs-degrees/104429-resume-critique-advice-final-draft.html

Thank you for your feedback! I will work on this over the next couple of days and upload a revised version for more feedback. It is very much appreciated.

srabiee,

Edited resume has been attached. I checked out the thread you linked with ptilsen's resume and must admit that I fell for it and thought the formatting of it was great - so I'll admit that I borrowed it. After looking at it and then looking at mine I realized mine seemed too bulky and large and needed to be formatted a bit better. I also tweaked some technical terminology after looking at his and your resume (Ex: Security+ to Security+ | ce). I hope that is ok. =]

The biggest fear I have right now is that my resume is too short and needs to be a bit longer - problem is my "security" experience is just not super huge and a lot of my previous roles (including current..) deal with Helpdesk type stuff with some security functions thrown in. I feel like I've got the certifications but just not a ton of experience or what employers are looking for. I know that it will be a bit of a long road finding something and fortunately I'm not in a position of worry right now with my current role - just done with the Helpdesk and ready to move on.

Welcome any additional feedback you can provide and thank you again!

I kind of skimmed through the thread so you might have addressed this but you say 13+ years of experience, yet your professional resume starts at 3/2008 = 6+ yrs != 13+ years.

A nit picky thing but I would use bullets and not check marks for each point.

If you're going with the paragraph professional summary format I would mention your certs, at least CISSP. It's semi-redundant since you have it after your name but it is an integral part of the direction you want to move.

I like how you used your support positions to emphasize security--well done on that.

I know you said you scrubbed your personal data but is that phone number still real?

List the completed dates next to your certifications. This is very relevant. Do this in a 2 column table format.

The professional summary has elements that reads sort of like an objective meets a cover letter. Most of it is good, but I wouldn't include the part about "eager to further my skills within your organization." I wouldn't address the reader in that manner in the resume itself. You can create a nice cover letter to address the reader.

Are you currently a security analyst, or have you ever been a security analyst? If not, I'm not sure how I feel about using that as your title at the top of the resume. I'm not sure what the "rules" are for that, but I personally wouldn't do it. Maybe some of the heavy-hitters can stop by and give their opinion on this. I would personally recommend using the title of your current or most recent position, or something very similar.

Under the first job, provide should be "provided," as everything else is written in past tense. Take a fine comb over your resume and make sure you don't have any present vs past tense discrepancies.

I agree that the 13+ years of experience looks suspect based on your listed work experience. You want this number to reflect professional experience, not personal experience. You can discuss personal experience either in your cover letter or in the interview.

I agree that an advanced level cert like the CISSP would benefit being mentioned in the professional summary in some manner. As a matter of fact, I may go back and see if I can find a way to incorporate by MCSE into my summary as well. It's not a bad idea to draw attention to yourself as soon as the reader starts reading the resume.

Your 2nd job listing seems a bit more fleshed out than the 1st job listing. They both contain good info, but I can get a better sense of your duties in the 2nd job than I can in the first job. You may want to take another look at that.

It's looking good so far.

srabiee,

Thank you again for the feedback. To address:

1.) Will edit the "eager to further etc..." part.

2.) Currently I'm not - I wasn't sure if I should put what I am aiming to be there or what I currently am - meant to ask that in the previous post. I will change that to reflect what is current.

3.) The 13+ years part is in reference to how long I have done Helpdesk/IT work - my first Helpdesk role was started in 2001 with Canon but I didn't include it on the resume because I felt that it doesn't really reflect where I want to go currently and would prohibit me from keeping the resume at two pages. I will update that to reflect what is on my resume.

4.) Will also update and incorporate CISSP into the summary and try to get some more detail into my current role.

Thanks again! I'll get this done either this evening or tomorrow morning.

lsud00d wrote: »

I kind of skimmed through the thread so you might have addressed this but you say 13+ years of experience, yet your professional resume starts at 3/2008 = 6+ yrs != 13+ years.

A nit picky thing but I would use bullets and not check marks for each point.

If you're going with the paragraph professional summary format I would mention your certs, at least CISSP. It's semi-redundant since you have it after your name but it is an integral part of the direction you want to move.

I like how you used your support positions to emphasize security--well done on that.

I know you said you scrubbed your personal data but is that phone number still real?

List the completed dates next to your certifications. This is very relevant. Do this in a 2 column table format.

The phone number isn't real - it comes out to 1-900-MIX-A-LOT. It was the first thought I had when I got to that point.

I thought the check marks were kind of neat and unique which is why I kept them but is it really a bit thing? I like it but if it is truly something that could deter folks then I'll certainly change it.

As I mentioned previously I will integrate my certs into my professional summary. Also thanks for the completion date information!

If you have 13 years of professional IT experience and can show that with work history without any large gaps in dates between jobs, then I think you may benefit greatly by including that older work history on your resume. The more experience, the better, even if you are looking to change career paths. 13 years of experience still speaks volumes, especially when you hold a cert like the CISSP. I think you should definitely consider expanding on your work history if you can do it without any significant gaps in the years that you worked. (for example, you worked IT in 2001, then sold cars for 6 years, then went back into IT in 2007. If that were the case, I may be inclined to omit the work history stuff prior to 2007)

I just caught this, but in your opening line on the summary, "talented" and "highly skilled" is a little redundant. I think highly skilled sounds more professional, so you could open with that, or you could say something like "Experienced IT professional...." or "Highly skilled IT professional...."

There are no gaps with regards to my Helpdesk work. Essentially I worked with Canon from April 2001 to October 2006, then worked with Cox Communications from January 2007 to March 2008. My biggest concern as I stated was again - it's going to make the resume three pages. If having the experience put on the resume > keeping the resume at two pages then I'm all for it.

One thing I did forget to mention that I read is the following: I do have an active Secret Security Clearance from the DoD from my previous role. Someone had told me it would be good to mention that just for the pure fact that it proves you are a reliable individual who can pass a background check and going into InfoSec that can matter greatly - thoughts?

Will also make the "talented/highly skilled" change as well!

I would absolutely include the secret clearance designation. That's very good to have in the infosec world.

There's some space on the 2nd page to allow you to add more work info. Also, if you were to delete the border that surrounds the entire resume and then decrease your margins a bit, that should give you a bit more space to work with. I think it's important that you get that additional IT experience on there somehow.

For the CISSP under the certs section, I would type it like this:
* Certified Information Systems Security Professional (CISSP)

then you can bold the CISSP acronym if you'd like

Thank you both for all of the suggestions. I will work on this today and upload for review this afternoon.

srabiee/lsud00d/anyone else,

Ok - third version of the resume is now uploaded for your review. Changes I made:

1.) I added jobs to the bottom to show my work experience from April 2001 to March 2008. Adding those reflects the 13+ years of work experience in the professional summary. With the jobs at the bottom I didn't dabble in any security type of tasks - should I differentiate somewhere in the summary to reflect this (Ex: 13+ years (6+ within Security)) or just simply leave it at 13+ years of experience?

2.) I mentioned my security clearance, Security+ and CISSP certifications in the professional summary. I'm not sure if there's a better placement for them (Beginning, end, etc..) but they are there. Thoughts on if they should be showcased in a different manner?

3.) Listed completion dates next to certifications.

4.) Removed the "eager" and tweaked the "talented/highly skilled" portion of the professional summary.

5.) Changed the job title to reflect my current role.

6.) Changed "Provide" to "Provided" to keep tense accurate across the description.

7.) Deleted the border to get more space and was able to successfully keep it at two pages!

8.) Spelled out CISSP in the certifications portion of the resume.

9.) Emphasized my current role a bit more in detail to match the 2nd role and beyond.

10.) Did not change the checkmarks to bullet points but curious is this REALLY a big deal? I like the checkmarks but if it is a big no-no or has the potential to be a big deal with hiring managers then I will change it.

Thanks in advance for your feedback!

I'm not sure why you have IT Support Specialist at the top of your resume. Do you want the job you have or the job you're going for?

To me, the check marks are cheesy. Check's are used to affirm something or mark it as complete. This purpose does not lend itself to resumes. If I saw a resume come across my desk with check marks instead of a standard bullet point, it would be very hard to take it seriously and it would probably go in the no pile very quickly.

What area of security do you want to move to? Your professional summary leaves more to be desired; similarly how you scope your work experience, do so with the summary as well. It's about working all angles.

I don't have time to proofread the rest of the content right now so I'll check it out later.

lsud00d,

IT Support Specialist is my current job title and it is not the job that I want going forward - I would like to become an analyst. I had Security Analyst there before but I was going off of advice given previously from srabiee when he stated the following:

"Are you currently a security analyst, or have you ever been a security analyst? If not, I'm not sure how I feel about using that as your title at the top of the resume. I'm not sure what the "rules" are for that, but I personally wouldn't do it. Maybe some of the heavy-hitters can stop by and give their opinion on this. I would personally recommend using the title of your current or most recent position, or something very similar."

I'm not sure exactly what should go there - what I am currently or what I want to be? Or perhaps that should be stated in my summary? I'm certainly open to all and any suggestions.

I will look at upgrading the summary a bit and certainly take the check mark aspect into consideration as well.

Thanks for your feedback!

To clarify, I would recommend taking the title off in that spot

Your titles will be visible in your experience section. If you start off your resume with OLD TITLE then you'll be treated like old title. Don't give ways for the person reviewing your resume to instantly discount you or your abilities.

That, along with my check feedback, is playing into the psychology behind the resume. You have to step outside of yourself as the composer and ask what would someone think and feel immediately when looking at my resume?.

In the professional summary, you used the word experience twice in the first sentence, which reads kind of funny. Change that to something like "Accomplished IT professional with over thirteen years of experience...." The second sentence sounds like it contains a bit of fluff, as does the third sentence. You may want to take another look at the professional summary. I think you would benefit more from an achievement or accomplishment-based approach based on your thirteen years of experience.

Instead of saying "Macintosh machines," you may want to say "Apple computers." Likewise, where you use "Macintosh", you may want to use "Apple" instead. I think it sounds better and makes more sense that way, but I'm by no means an "Apple guy." I don't and have never used their products in any capacity.

The check marks are up to you. ptilsen seemed to like them and didn't have any problems with them, however I personally used traditional bullets for my resume.

You mentioned your DoD clearance in the professional summary, which is a good idea. I would recommend that you also list it again at the bottom of the second page, under the certs. It's always a good idea to reinforce the fact that you have secret clearance, because as I understand it, this is a high benefit in the infosec world. I think that may open up a lot of doors for you, especially in the DC area.

I will take a more thorough look at the content of the resume when I have some extra time.

lsud00d wrote: »

What area of security do you want to move to? Your professional summary leaves more to be desired; similarly how you scope your work experience, do so with the summary as well. It's about working all angles.

Realized I forgot to address this part. Ultimately I'd like to become an Information Security Analyst and move into management within that area. I really enjoy the problem solving that goes with the role and the challenges it presents.

Ok - third revision is up for viewing. Changes made:

1.) Changed "Experienced" to "Accomplished" in first sentence.

2.) Removed check marks and replaced with bullet points.

3.) Removed job title from the top of resume.

4.) Re-did the summary at the top. I tried to be a bit more descriptive in what I've learned but also made sure to use "knowledgeable" since it is topics/methods I've yet to actually ever implement. It's essentially things I learned to help pass the CISSP and have read to get a more in-depth understanding. I worry about the 3rd sentence but I wanted to convey the point that while I don't have a ton of hands-on experience I can learn and do whatever I need to do for the job. I also find it a bit difficult to give accomplishments and achievements outside of certifications since my career up to this point has not been super in-depth into security. If there is a different way to present all of this however I'm all ears. =]

5.) Changed "Macintosh machines" to "Apple equipment." I used Apple equipment because I work with a wide variety - MacBook Pros, Mac Mini dektops, iPhones, iPads, etc. I thought that terminology would fit better.

6.) Added my security clearance underneath certifications. If there is a better way to word it please let me know. =]

Thanks you all again! Look forward to your comments.

What do you think about this format for the summary?

Accomplished IT professional with over thirteen years of progressive technical experience spanning desktop support, enterprise-level administration, and ......{I would include something about your professional experience with anything anything related to the security domain here}. Proficient in NIST 800-53 and ISO 27001/27002 standards, as well as risk and vulnerability assessment measures. ............. etc.

* Department of Defense (DoD) Secret Security Clearance
* Certified Information Systems Security Professional (CISSP)
* CompTIA Security+

I think this format for the professional summary would make the secret clearance and the CISSP pop out.

The part that you had that said "looking to move into a security role" reads too much like an Objective section. Instead of telling them you want a security job (they already know because you are applying for it), try to focus on explaining to them and showing them how you would be qualified for said job.

Ideally you want to add some information in there that shows that you have some type of professional experience in the security domain. I'm not a security guy so I wouldn't know what to write. I wish I could be of more help in that regard. Maybe you could make a list of everything that you have done professionally over the past 13 years that may relate to the security domain, and then see what you can incorporate into the summary.

You got the formatting down, the only thing left is to polish it off. It's like writing a formal college paper, you just want to make sure everything sounds as competent and professional as possible. I always thought the professional summary was the most difficult part to write.

Very much appreciate the information. I will work on this today and upload an updated version!

srabiee wrote: »

You need to delete your personal information from the resume immediately. Never upload your PII to the Internet like that, it's a really bad idea.

Also, you should delete your high school diploma from the education section. You have an associates degree, therefore the high school diploma is not only implied, but redundant and unnecessary.

I will take another look at this after you strip out the PII and reupload.

I think he should be okay with the email and phone number. I had until recently gone a step farther with my address on my resume but after making the rounds with a bunch of staffing firms all of them strongly suggested removing my address. One of them basically said up front that they were going to remove my phone number anyway because, well they're a staffing firm since they're the one providing the resume they have to make sure theres no back door to get their candidates. After all placement is how they get paid.

Believe it or not my last two jobs were direct hires and both of them appeared to have come across a resume I had made public online (ie I didn’t apply and I didn’t contact them). The first one being on some website I hadn't been to in ages and my current employer, though I'm still not entirely sure, either came across mine on Dice or some random Linux job board. Both times my initial contacts with my future employers were essentially cold calls from them in that there was no networking involved just a name and number on a resume. And the initial contact I had with both came via phone.

At the same time just understand that there are still risk to having your phone number and email publicly available but I think on most job boards you have to be a verified employer that has pay for the right to look through public resumes (don't hold me to that though). Very good chance though you'll (if you haven't already) be getting calls from insurance companies looking for 1099 contractors, 100% commission jobs. From those you run. Then again at one point my resume was geared for sales so maybe they’ll pass you over.

I also had a certifications section which I was told to change by two recruiters to Professional Development. For that matter they also suggested I change my Experience section to Professional Experience.

If possible see if you can condense it to one page, or at least try to make an alternate version that covers only the most important parts. Usually this involves shrinking text, omitting a job or two, combining certifications. In regards to smaller text I always made sure to send a copy to my Dad who needs glasses these days to make sure it’s not too small. I figure if he can read it then that’s one less thing to worry about.

I realize you’re more than capable of printing it front and back but just be aware that a decent amount of HR people screening your resume could easily be the types still using IE7 so when they print it out its going to be two separate pages. And the general rule of thumb is that one page is preferred though certainly no mandatory. You’d also be surprised how many can’t readily access PDF’s. And if your only option is word just beware that certain templates and formats can have trouble on different versions of Word (like 2003 vs 2007 vs 2010)

With that said also might want to try making a basic text version so you have something that can easily be copied and paste on certain job boards or websites where you apply directly, as I’ve had cases where the only way they accept a resume is via copy and paste (ie no uploads).

It's kind of tragic though. You use to be a Quarterback in the NFL and now you have to become an average Joe like the rest of us? Marone!

Ok - revision #4 is up. I made the subtle tweaks that you mentioned (srabiee) and tried to get a bit more description in the summary while keeping it at two pages and conveying what bit of actual expertise I had. I hope I did it well enough because from a security perspective I'm not sure there is much else I can add!

Loved the summary layout you listed as well so I changed that to match what you suggested. I think it flows nicely and makes the clearance and CISSP stand out.

Welcome your thoughts and feedback!

dirkxxvi,

Such is the life of an unemployed former NFL quarterback who can't keep away from the bottle. I got to find $$$ somewhere right?

Appreciate all of the suggestions and information! Good stuff. =]

There should be a comma after "access control administration" in the first sentence.

I'd rewrite the last sentence to say "Ability to quickly learn and understand current trends in the information security domain." The information security part shouldn't be capitalized.

I think this looks really good. This resume is bound to draw some positive attention.

I have an idea for you on how to polish this thing off. Give me a few minutes to find a document that might help you so I can scan it and upload it....

The PDF file was too big to attach to the post so I had to upload it to Filedropper. Here's the link:

http://www.filedropper.com/resumeguide

Ok so this resume guide has a lot of good info in it. There are sample resumes, as well as sample professional summaries, guidelines, etc.

Page 5 contains an extremely helpful list of action verbs that you could use to diversify the wording of your resume. For example, I noticed that you used the word "Provided" alot. You could use Provided once or twice, and then find other action verbs with a similar meaning to use instead. The last page of the document contains additional action verbs and other words related to the IT field that will help you come up with more ideas on how to diversify the language of your resume. What I did for my resume was went through it sentence by sentence and made a list of every action verb that I used, and tallied up how many times I used each word. I then replaced the words that I used too many times with something else. It made the resume sound a lot more academic, like I had a better mastery of the English language. (which in turn can convey intelligence)

The sample resumes and sample summaries may also give you some ideas on how to restructure or reword certain sentences to improve upon the resume.

Very helpful information! I will make the changes you suggested, take a look at the attachment you provided and go through this resume again with a fine tooth comb to make some tweaks and consider this done!

Can't say enough how much I really appreciate all of your feedback and assistance. It's been a tremendous help.

No problem. Let us know how it turns out. And especially let us know if the resume is successful in landing you an infosec gig.

Quick Links