Penetration tester resume tips
Resumes are the window that organizations use to see what candidates have to offer and are used to filter all who interview for job positions. You can also think of resumes as the face of your career up to this point: it should show an organization what you can do for them from just a quick glance.
When you are applying for penetration tester (pentester) roles, do you know what to include in your resume? This article will explore what to include in your resume and tips for how to improve it in order to give you a leg up over the competition. Interesting jobs like this often require a specialized resume to help seal the deal — so sit back, relax and let this article be your guide.
The role of pentester is often an essential part of security teams, and pentesters can make or break an organization’s information security defenses. They fill these big shoes by testers using an array of ethical hacking, general hacking knowledge and other information security skills to test computers, information systems, networks, and IT systems for exploitable vulnerabilities that attackers can take advantage of.
After zeroing in on these vulnerabilities, pentesters simulate real-life cyberattacks with a variety of tools and methods. The aim of all of this is to find potential weaknesses and to resolve or strengthen them before attackers have their way with them.
Pentester resumes need to be role-focused and should highlight the relevant experience and skills you have that will make you a valuable member of a security team or stand-alone pentester professional.
Don’t be alarmed when you realize that your educational experience takes more of a back seat in your pentester resume. Unless you have taken specialized courses when earning your Bachelor of Science degree (which you will want to highlight what you learned and how it applies to pentesting), organizations really just want to confirm that you have earned said degree. More on this later.
Do not lie
Never lie on your resume — and I mean never. The thing about high-level, specialized skills is that they are very difficult to fake if you don’t know what you are doing. Those who legitimately have this experience, including your supervisor and/or others on your security team, will quickly be able to spot your hesitancy and lack of experience. It will probably cost you this coveted job.
To put it bluntly, your experience will be what gets you through the door, at least for the first round of job interviews. This is because your acquired skills will be representative of the value the organization will expect you to bring to their proverbial table.
When listing your professional pentesting experiences, list them in reverse chronological order and be as detailed as you can. The key here is to extrapolate the skills you have picked up and present them in a format you can quickly glance at for a snapshot of what you will be able to do on the job.
What you can actually do versus what tools you have mastered
If you want an organization’s HR professional to be bogged down and possibly toss out your resume on appearance alone, list all the relevant pentesting tools you know how to use. Since this is not what you want, you’ll want to take a different approach.
To convey to HR what tools you know how to use, think about them in terms of what the tools actualize when you use them. For example, instead of simply listing Aircrack, Aircrack-ng, Burp and Wireshark, use this language: “Wireless testing, automated/manual web testing and manual packet inspection.” This will give the HR professional the most real-world view of what you can actually do. If you have some special connection to a tool for some reason, such as how you either helped develop or improve it, this is best discussed during the phone interview or face-to-face.
As mentioned above, tool-based skills should be displayed as what you can do with them, and all these skill extrapolations should be listed in the Skills section.
As a matter of fact, this section should be included even before your professional experience section. Remember that resumes are often viewed for a very short amount of time, especially when many professionals have applied for the same position. You will want these skills to take center stage in your resume.
Accolades and honors
The accolades and honors you have accumulated over the years of pentesting can be another great way to stand out from the pack of pentester applicants. Have you ever spoken at an event, such as DefCon or BlackHat? Great — add it! Have you ever won a workplace competition that shows off your pentesting skills, such as capture the flag or hackathons? Fantastic — add that too. Have you ever written technical documentation, security research or any other scholarly writing associated with pentesting? Throw that in there too. These will all go the distance in proving your worth to the organization and may be the factor that attracts the HR professional’s eye to your resume.
You will want to clearly state what relevant certifications you hold, including Certified Ethical Hacker (CEH) and Certified Information System Security Professional (CISSP). While the placement of your certifications section is not anywhere near as important as skills or experience, they may still be the determining factor in whether you get the job.
Pentesting is a great role that will allow you to showcase all of the ethical hacking skills you have accumulated in your career and will give you the cool factor of being able to legitimately hack for a living.
Hacking is what has attracted many to information security, making it a veritable dream job for some. If you were applying for the job of your dreams, you would do anything legitimate to get the job, right? If this is you, follow the tips offered above for your pentesting resume. It may be the last resume you ever have to work on if you get the job.