Introduction

The role of a security analyst ranges from entry-level positions within a security operations center to senior, specialized roles within incident response teams. The first step in the process of getting a new or a more senior security analyst role is creating a resume. 

The resume is the most important part of the application and must be perfect to maximize the chances of getting invited for an interview. Fortunately, keeping some important focus areas in mind, that is not too difficult.


Resume length

A key part of the process of writing a professional document is to imagine the intended audience. Who will be reading the document and why? 

In the case of a resume, this will usually be either an HR person or a manager who has read through many, many resumes, often in too little time. This means the person reading the resume will have limited time to read the resume and the applicant will therefore only have a limited time to capture the attention. 

These days, a resume should be between one and two pages, depending on the amount of experience of the applicant. Three or more pages should be avoided, especially for a security analyst role.

When it comes to listing previous work experience, the closer a previous or current role is to the desired security analyst role, the more detailed the description can be.

Technical skills

A technical resume needs to highlight relevant skills. This will allow a manager or recruiter to instantly see where connections can be made between the skills of the applicant and the requirements for the role. Avoid the use of specific version numbers and editions, however. Also refrain from listing irrelevant skills in this highlighted list. An employer looking to fill a security analyst position is not interested in the fact that an applicant has extensive Adobe Photoshop version X knowledge.

An employer is also not interested in whether the applicant has Splunk 6.2 or 6.4 experience; keep the level of detail appropriate. A much better approach is to list, for instance, the skill of writing SNORT rules based on exploit packet capture data or the skill to write ArcSight content for use case development.

No sensitive information

Always keep in mind what the information about previous (and current) roles could reveal to anyone with access to the document. Not only do attackers actively browse job advertising sites for their target’s position descriptions that include security applications and versions of security products, but these days, they also search LinkedIn profiles or shared online resumes of (ex-)employees to learn about their target environment. 

And this does not only place the former employers at risk: a potential new employer might also frown upon the publication of such data by the applicant, expecting the same leak to happen to them in the future. A short note on the resume where needed, that details can be discussed in person (or cannot be shared at all) could make a good impression. 

When it comes to specific government agency clearance levels, be extra vigilant listing these on publicly accessible sites and forums. This information can turn the resume owner and related coworkers into a spearphishing target.

Consistency

When applying for a position, the resume is the single most important — often the only — shot at being selected for an interview. The difference between an average-looking resume and a great-looking resume does not only lie in its content. The surrounding information is just as important.

A little extra time and focus can avoid missing dots, inconsistent fonts and sizes, spelling and grammar mistakes and an overuse of capitalization. These examples show that the writer lacks interest and attention to detail — very important skills for a security analyst. 

Another mistake is the inconsistent use of first- and third-person language within the resume. This can indicate a copy-paste process and a lack of effort from the applicant to write a proper resume.

These conclusions might not be true, but it’s best to avoid them all together by putting that little extra effort in.

Certifications versus academic achievements

There is an increasing interest in industry certifications within the cybersecurity field. Discussions are ongoing as to whether this is a positive development. Some industry experts claim universities are too slow to keep up with the rapidly changing sector, while other arguments center around the universities’ lack of focus on practical skills. 

For a security analyst role, it is important to prominently place any certifications such as CISSP, CISM and the range of SANS certifications such as GIAC®️ and GCFA®️ within the resume. Because of the limited length of the resume discussed earlier, there should be enough room for the certification and potentially a short description. Any formal academic degrees should also be clearly listed, because they too have value, especially when it comes to long-term career paths.

Community support

When applying for a position where any form of coding or development is involved, some examples of work and collaboration in this space or even the mention of a GitHub repository can be beneficial. 

Other community support activity and the display of a general interest in advancing others within the security field, such as the organization and attendance of conferences, will also certainly be noted by a potential future employer. This will show the difference between security as a job and security as a passion. This is especially important for applicants without much relevant experience who are looking to enter the cybersecurity sector.

Entry into the first security position

For many people, a security analyst role is their first entry into the professional security sector. This often raises questions on what to put in the resume, because there are seemingly few relevant pre-existing skills for the role. 

That is not entirely true, however. Because of the shortage within the labor market, many employers are open to the idea of training someone up if they show a passion for the industry and a dedication to personal development. 

Again, listing conference attendance and community support is important, but focus can also be placed on relevant non-technical skills. Cybersecurity is rapidly developing sector and staff will need to continually read and train to keep up. 

An employer looking to fill an entry-level position will focus on prior learning and motivation. If the applicant has completed any certifications, followed any courses, built a home lab or read any books in their own time without having that security role yet, it shows commitment to getting that first security role by investing time without getting paid for it (yet). This needs to be highlighted in the resume, because it is evidence that the applicant is not simply looking for a well-paid job. 

Also highlight non-technical skills that can be beneficial to the role. Customer service experience and the ability to communicate at many different levels within an organization are very important skills for a security analyst.

Conclusion

Writing a resume is not rocket science. It is important to spend enough time, however. The effort put into the resume will directly reflect on how the resume is received on the other end. Keep the resume relevant, on-point and consistent, and then fingers crossed … 

 

Sources

  1. How to Highlight Your Security-Cleared Skills on Your Resume, Without Revealing Classified Information, ClearanceJobs
  2. A DEGREE IN CYBERSECURITY OR A CERTIFICATION COURSE: WHICH IS BETTER FOR YOUR FUTURE?, EC-Council University
  3. How Many Pages a Resume Should Be, The Balance Careers

Be Safe

Section Guide

Frank
Siemons

View more articles from Frank

Earn your CySA+ the first time with Infosec and pass your exam, GUARANTEED!

Section Guide

Frank
Siemons

View more articles from Frank