Skip to main content

CTO View of Hiring Cyber Security Specialists

CV hints and tips when looking for a job in cyber security.

At JUMPSEC we’ve been hiring. A few months ago, I trawled through about 90 CVs in a short space of time. These were all applications for technical cyber security related roles. I made some notes, or rather comments, that sprung to mind as I went through them and have grouped them into a few topics below. This obviously has a JUMPSEC bias but I’m sure it will be helpful if you’re after a role at any forward thinking cyber security company.

About You

Personal profiles in first person are better. I much prefer a personal profile to be written in first person “I am”, it feels more personal and feels like I’m getting to know you better than third person (I’ve seen a lot that say, “Alice is…”, it feels impersonal and like someone is applying for the job on your behalf).

Remember you are (probably) applying for a technical role, so do ensure you come across as technical. Certainly, here at JUMPSEC the CVs go to the team that will be making the hiring decisions so appeal to them.

What are your personal projects and passions? If your only experience and achievements are what you did as mandatory coursework at school/college/university then I’m not going to be super impressed with the CV. I don’t care if your passions are completely unrelated to cyber security.

I enjoy reading about the other hobbies and interests you have, I really do. Keep ’em short though. If you make it to interview stage, we can chat about these at the outset, they feel like nice ice breakers whilst we get to know each other.

There seem to be an awful lot of people who completely lack any form of personal projects or interests. Get them on your CV, show me that you have an inquisitive mind, again, these don’t need to be cyber security related.

At this point those who are doing well are those who have interesting personal projects that they have worked on. They are the people I want to talk to; they are the people that seem exciting.

Formatting and Content

Do include a covering letter of some sort. I would say that this is even more important if you are applying via some careers type website. You cannot control what is presented to the reviewer (me) and so your covering letter is your chance to shape things the way you want them to go in a way that your CV might not be able to. Equally if there are multiple different roles you may not want it to be guessed which role you are applying for.

It is also probably best to include the covering letter as part of your CV (i.e., as one document), particularly if you do not know how things are presented to the reviewer. On this platform that I am reviewing CVs on I have two documents (CV+covering letter) to view/download, so it is easy to miss one of those. But also, when/if things get passed to the team it is easy for just the CV to be passed and they miss all the good stuff in your covering letter.

Upload your CV in PDF format not .docx, it makes for easier reading on most platforms and means that the layout will be consistent so i will not miss important information if I open it in google docs/libre office… This is particularly important if applying through an online platform – these platforms often render PDFs but force the download of .docx files which just breaks the reviewer’s flow.

I do not need/want to see a photo of you on your CV.

Do not worry about the use of colour in your CV. Well laid out text with titles and good use of bold does the trick.

Please do not write essays, I won’t read it, if you’ve got stuff to say then give me headings and I’ll dive into the bullet points below for the things that are important to me. It is much harder to pick what I want out from long realms of text.

I do not actually care too much about your grammar and spelling, don’t fret that too much. Other places might, so be it, however we recognise that English may not be a first language and you are not applying for a role as an English teacher. That said things should be legible, and please do not include any philosophical stuff.

Hmmm. links in your CV to papers you have written seems a good idea, but this platform (and probably others) “protects” me from those links preventing me clicking and copying… they are pretty long… am I going to bother typing them in… OK I’ll look at the most interesting sounding one.

It is a bit unfortunate when the SSL certificate for the URL you give me is invalid! (not the candidates fault I should note but perhaps you could host the data somewhere else).

Skills and Experience

There seem to be a lot of people with ISO27001 experience, I do not mind, but if that is your leading thing when applying to be a hacker in our red team then you won’t get much consideration.

I do not need to know what your duties as an admin assistant were unless, of course, they are relevant to this role, use the space for something else.

If your cv is just a list of technologies you have encountered in your job, it’s not really appealing to me. Unless of course you were the catalyst for those technologies.

Equally if you describe yourself as curious but there is nothing else that points to curious then I am inclined not to believe it.

I do want to see evidence of proactivity and inquisitiveness, not just that you can do the job well. I want you to completely own the job, I want to know about the time you threw away the rule book and did your own thing. Like most cyber security companies, we are not interested in standing still so are looking for people who will add something new to our company not just do what we already do competently.

This is suspicious, a company filing micro accounts seems to have employed an awful lot of students from a particular university. It is very interesting what a huge stack of CVs can turn up! Fake work experience is not going to help your application.

I am willing to assume that you can use Microsoft Office, you do n’t need to include it. I will not see it as a negative if you do include it, but I’ll definitely see it as a positive if your experience is writing or detecting malicious macros within it, or that you’ve done something cool with TNEF in outlook.

Moving jobs every few months does not come across particularly well… If you do it then maybe explain why (and if they were short term contracts highlight that for me so that I do not assume otherwise).

Probably most importantly: If being competent at using security tools is the thing, you are hedging on getting you the job then I have some bad news for you… Look at your CV, is it a list of tools? Or is it a list of fundamentals? Does the place you are applying want you to click next, next, ok in a tool? Or do they want you to understand the principles you are working to. At JUMPSEC it is definitely the latter, our company is the sum of its people and everyone is invited and encouraged to define and shape our future. We find this exciting which is why we look for people with that spark, that inquisitiveness, that desire to break things down to understand how they work so that they can be better.