Professional development

How to include hobbies and events like home tinkering, family dinners and changing your locks in your cybersecurity resume

July 22, 2021 by Kurt Ellzey

Being regional spelling bee champion three years running isn’t exactly the best bullet point on a resume. But when people are first starting out or changing careers, it can be difficult to have the kind of relevant experience on your resume that you’d feel comfortable with. One of the easiest ways to get around this is to show other related things that you’ve done-  participation in various competitions, education you’ve taken or even hobbies.

Hobbies are one thing that a lot of people tend to forget about despite the time, energy and expense we put into them. It’s been said that the only real difference between a career and a hobby is that a career makes money while a hobby costs money (at least that’s what the IRS thinks).

So how can we apply these to a resume? Let’s take a look at some possibilities.

Home labs

One of the things that we often forget is that we have resources in our own homes that we use on a daily basis. This may only be a handful of systems, but with minimal additional investment this setup can be turned into a method to practice with firewalls, virtualization, remote access and penetration testing. 

pfSense is an excellent open source firewall, which can be run either on dedicated hardware or on an old PC. With the proper configuration, this can allow you to not only protect your network from external attacks, but also allow secure remote access. VMWare’s ESXi free product allows you to get started with converting physical machines into virtual machines and learning how to manage VM’s in a safe manner. Once you have everything in place, you can head over to a friend’s place and point a Nessus Vulnerability Scanner Trial at your network to see what it finds. In addition to the raw information it discovers, Nessus also creates executive summary reports, a vital element when trying to showcase what you find in an organization setting. 

Capture the flag (CTF) competitions

Capture the flag (CTF) competitions are events where you play as either security personnel, red team members or sometimes both and attempt to attack the other team’s systems while defending your own.

Many events take place at security conferences, but there are a number of free versions that are available online that can be played through on your own schedule. These can be extremely effective tools since they provide hands-on experience without the risks of actual systems being compromised.

Physical security

Physical security is vital to protecting assets. As a rule, if someone can gain physical access to a device, they own it. 

At home, we usually have locks and deadbolts on doors, gates, sheds and garages. But what does it take to bypass those locks? What would it take to make them properly secure? Is that even possible? Resources such as the LockPickingLawyer on Youtube can be fantastic to see what isn’t worth your time and what can be modified to be significantly more difficult to bypass. This not only will help increase your home’s security, but also provide access to a particular set of skills that can be a tremendous asset to any organization trying to lock down their locations.

Disaster recovery

It happens every family dinner without fail: someone will have accidentally deleted all of their photos from the past year and begs you to help bring them back.

This one can be a bit trickier to do without additional investments, but is still certainly possible. The easiest way of course is to already have had them set up scheduled automatic backups to something like an external drive. Windows has actually made massive strides over the years in making this very simple, as have various hardware vendors. The more difficult way (and the more expensive one) is dedicated hard drive recovery software. As long as they haven’t written too much new data onto the hard drive, there is still a chance that the sectors still have the deleted data on them. Disaster recovery is a factor that all organizations have to consider. Hope for the best, prepare for the worst. If you have experience in disaster recovery, even if it is minimal like this, it is a great start and an excellent addition to your resume.

Diagnosing and troubleshooting

The other thing that happens with every family dinner is somebody dropping their laptop into the sink, or it won’t power up or somebody went onto a questionable website and now the whole thing is filled to the brim with viruses and adware.

Cleaning up and repairing systems in a non-destructive manner is a vital skill when you’re working in any sort of desktop environment. Sure you can always format a computer and MOST of the time that will be enough, but that takes an enormous amount of time to get the user back to a usable state and that’s before they have to rebuild all of their data. 

Being able to give an estimate of what is wrong with hardware at a glance, or having the tools at hand to clean up viruses and malware is a huge time saver for any organization and is a critical skill to put on your resume.

Public speaking

The executive board has just finished reviewing the proposal your department has brought together regarding security recommendations and has asked you to give a quick summary and answer questions. What do you do?

If you’re in a situation where you regularly provide information to a number of people in a public setting,  whether it be in a Discord server, on a livestream or in-person, being able to get used to that sort of situation is a critical skill that takes large amounts of time. If an organization can choose between the person that can explain the situation and how you’re going to fix it versus the person that can’t? Easy choice.

Bug bounties

Have you ever been using a piece of software when all of a sudden you come across an action that makes you go “Huh? That’s funny.”

Every level of software vendor depends on bug reports from users to show what issues they run into when using their products. Sometimes it’s just little things like “This quest glitches out if you’re standing on a horse,” but it can quickly ramp up to “If you click these 34 options in sequence, you gain root access to the host server.” Being able to create a report with essential information on what the issue is, what it does and how to reproduce it is essential for organizations and vendors. Plus it’s an excellent incentive when the vendor is giving out cash rewards for these kinds of reports.

Highlight your hobbies on a cybersecurity resume

Just because you’re starting out doesn’t mean you don’t already have some of the skills necessary to be successful in the cybersecurity industry. With the right spin on things, and using resources you may already have access to, you can help move your resume from the pile to the short list. Once you have access to those resources though, what can you do with them? We recommend that you visit InfoSecInstitute.com for additional articles, study materials and full courses on how to make the best of your time and resources.

 

Further Reading:

Hobby or Business?  IRS Offers Tips to Decide https://www.irs.gov/newsroom/hobby-or-business-irs-offers-tips-to-decide
pfSense – The World’s Most Trusted Open Source Firewall https://www.pfsense.org/
VMWare vSphere Hypervisor https://www.vmware.com/products/vsphere-hypervisor.html
Nessus Vulnerability Scanner Professional https://www.tenable.com/products/nessus/nessus-professional
Capture the Flag-  What is it? https://blogs.cisco.com/perspectives/cyber-security-capture-the-flag-ctf-what-is-it
LockPickingLawyer https://www.youtube.com/lockpickinglawyer
How to back up your computer automatically with Windows 10’s Built-In Tools https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473
Discord-  Chat for Communities and Friends https://discord.com/
Posted: July 22, 2021
Articles Author
Kurt Ellzey
View Profile

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled "Security 3.0" which is currently available on Amazon and other retailers.

Leave a Reply

Your email address will not be published. Required fields are marked *