How to include hobbies and events like home tinkering, family dinners and changing your locks in your cybersecurity resume
Being regional spelling bee champion three years running isn’t exactly the best bullet point on a resume. But when people are first starting out or changing careers, it can be difficult to have the kind of relevant experience on your resume that you'd feel comfortable with. One of the easiest ways to get around this is to show other related things that you've done- participation in various competitions, education you've taken or even hobbies.
Hobbies are one thing that a lot of people tend to forget about despite the time, energy and expense we put into them. It's been said that the only real difference between a career and a hobby is that a career makes money while a hobby costs money (at least that’s what the IRS thinks).
So how can we apply these to a resume? Let's take a look at some possibilities.
What should you learn next?
Home labs
One of the things that we often forget is that we have resources in our own homes that we use on a daily basis. This may only be a handful of systems, but with minimal additional investment this setup can be turned into a method to practice with firewalls, virtualization, remote access and penetration testing.
pfSense is an excellent open source firewall, which can be run either on dedicated hardware or on an old PC. With the proper configuration, this can allow you to not only protect your network from external attacks, but also allow secure remote access. VMWare's ESXi free product allows you to get started with converting physical machines into virtual machines and learning how to manage VM's in a safe manner. Once you have everything in place, you can head over to a friend's place and point a Nessus Vulnerability Scanner Trial at your network to see what it finds. In addition to the raw information it discovers, Nessus also creates executive summary reports, a vital element when trying to showcase what you find in an organization setting.
Capture the flag (CTF) competitions
Capture the flag (CTF) competitions are events where you play as either security personnel, red team members or sometimes both and attempt to attack the other team's systems while defending your own.
Many events take place at security conferences, but there are a number of free versions that are available online that can be played through on your own schedule. These can be extremely effective tools since they provide hands-on experience without the risks of actual systems being compromised.
Physical security
Physical security is vital to protecting assets. As a rule, if someone can gain physical access to a device, they own it.
At home, we usually have locks and deadbolts on doors, gates, sheds and garages. But what does it take to bypass those locks? What would it take to make them properly secure? Is that even possible? Resources such as the LockPickingLawyer on Youtube can be fantastic to see what isn't worth your time and what can be modified to be significantly more difficult to bypass. This not only will help increase your home's security, but also provide access to a particular set of skills that can be a tremendous asset to any organization trying to lock down their locations.
Disaster recovery
It happens every family dinner without fail: someone will have accidentally deleted all of their photos from the past year and begs you to help bring them back.
This one can be a bit trickier to do without additional investments, but is still certainly possible. The easiest way of course is to already have had them set up scheduled automatic backups to something like an external drive. Windows has actually made massive strides over the years in making this very simple, as have various hardware vendors. The more difficult way (and the more expensive one) is dedicated hard drive recovery software. As long as they haven't written too much new data onto the hard drive, there is still a chance that the sectors still have the deleted data on them. Disaster recovery is a factor that all organizations have to consider. Hope for the best, prepare for the worst. If you have experience in disaster recovery, even if it is minimal like this, it is a great start and an excellent addition to your resume.
Diagnosing and troubleshooting
The other thing that happens with every family dinner is somebody dropping their laptop into the sink, or it won't power up or somebody went onto a questionable website and now the whole thing is filled to the brim with viruses and adware.
Cleaning up and repairing systems in a non-destructive manner is a vital skill when you're working in any sort of desktop environment. Sure you can always format a computer and MOST of the time that will be enough, but that takes an enormous amount of time to get the user back to a usable state and that's before they have to rebuild all of their data.
Being able to give an estimate of what is wrong with hardware at a glance, or having the tools at hand to clean up viruses and malware is a huge time saver for any organization and is a critical skill to put on your resume.
Public speaking
The executive board has just finished reviewing the proposal your department has brought together regarding security recommendations and has asked you to give a quick summary and answer questions. What do you do?
If you're in a situation where you regularly provide information to a number of people in a public setting, whether it be in a Discord server, on a livestream or in-person, being able to get used to that sort of situation is a critical skill that takes large amounts of time. If an organization can choose between the person that can explain the situation and how you're going to fix it versus the person that can't? Easy choice.
Bug bounties
Have you ever been using a piece of software when all of a sudden you come across an action that makes you go "Huh? That's funny."
Every level of software vendor depends on bug reports from users to show what issues they run into when using their products. Sometimes it's just little things like “This quest glitches out if you're standing on a horse,” but it can quickly ramp up to “If you click these 34 options in sequence, you gain root access to the host server.” Being able to create a report with essential information on what the issue is, what it does and how to reproduce it is essential for organizations and vendors. Plus it’s an excellent incentive when the vendor is giving out cash rewards for these kinds of reports.
FREE role-guided training plans
Highlight your hobbies on a cybersecurity resume
Just because you're starting out doesn't mean you don't already have some of the skills necessary to be successful in the cybersecurity industry. With the right spin on things, and using resources you may already have access to, you can help move your resume from the pile to the short list. Once you have access to those resources though, what can you do with them? We recommend that you visit InfoSecInstitute.com for additional articles, study materials and full courses on how to make the best of your time and resources.
Further Reading:
In this Series
- How to include hobbies and events like home tinkering, family dinners and changing your locks in your cybersecurity resume
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity