October 4, 2019 By Jasmine Henry 5 min read

Is a cybersecurity degree worth it? The answer is yes, but it also depends on who’s asking. Higher education could be a profitable pathway, especially if you’re already a student. However, school isn’t the only way to get your foot in the door. You can land a job in cybersecurity with a curious mindset and a solid cybersecurity resume.

A tiny percentage of today’s security professionals have an academic background in cyber. Just 64,405 college students earned a bachelor’s degree in computer and information sciences in 2016, according to the National Center for Education Statistics. Even if all these new grads got a job in cybersecurity, it wouldn’t come close to solving the talent pipeline problem. In fact, it would only solve for 3 percent of the industry’s 2 million unfilled jobs.

Nearly half of today’s chief information security officers (CISOs) majored in something unrelated, such as economics or business. Today’s security leaders have earned their seats by demonstrating leadership, curiosity and adaptability. You don’t need a degree in information science to write a winning cybersecurity resume.

10 Cybersecurity Resume Do’s and Don’ts

What’s the difference between a nontraditionally qualified candidate who scores a cybersecurity interview and someone who gets passed over? It comes down to the cybersecurity resume. Specifically, it falls on the nontraditional candidate to demonstrate they can succeed even if they lack some qualifications. If you’ve already mastered the basics of professional resume writing, dig into these intermediate insights to score a security job.

1. Include Unrelated Work Experience

Work experience outside of security and IT fields belongs on your resume, especially if you’re early in your career. According to a recent survey from Yoh, some of the most sought-after characteristics for security hires include:

  • Attention to detail;
  • Persistence;
  • Working well under pressure; and
  • Passion.

Candidates with a proven ability to avoid crumbling under pressure and persist have the personality to succeed in high-stress security roles, such as a security operations center (SOC) analyst. Military experience can also be a massive advantage. Even positions in restaurants or retail could communicate that you’re a candidate with grit, a strong work ethic and interpersonal skills. Many cyber jobs are service-oriented, so don’t scrap any customer service roles you’ve held in the past 10–15 years.

2. Don’t Wait for Workplace Experience

Being underqualified can be a huge advantage, especially if you’re willing to take charge. You can build an impressive resume free of cost.

“Start researching, start tinkering and start learning. Build yourself a home network and home lab,” recommended one security pro on Reddit. “Pick up a general-purpose language like Python … Learn to automate.”

Take advantage of opportunities like the 20-hour Introduction to Cybersecurity Tools & Cyber Attacks class offered by IBM on Coursera. Upload your coding projects to a Github account and include a link on your resume. Experience can be further built through networking and volunteer work. Initiative is attractive to cyber recruiters. Candidates must be armed with “curiosity … and a strong passion for learning and research,” wrote Robert Ackerman, founder of Allegis Capital, for TechCrunch.

3. Emphasize Soft Skills

Employers are struggling to find candidates who have both hard and soft skills, according to a recent survey from the Northern Virginia Technology Council. In fact, the crisis of soft skills is the second biggest industry pain point.

“In many cases, technology is actually easier to teach than soft skills,” said James Christopher, executive vice president for operations and engineering at 1901 Group.

Ideally, show these strengths in your experiences. For example, managing a global project team shows powerful communication and teamwork.

4. Don’t Skip the Basics

Don’t underestimate the importance of any tech skill or experience you bring to the table, especially if it proves a foundational knowledge of computers, hardware, data management or networking. Entry-level IT jobs, such as help desk operator or junior system administrator, are a solid launchpad to more senior cyber roles, especially if you can demonstrate an interest in cybersecurity and soft skills.

5. Show That You’re Coachable

Showing that you’re coachable and ready to learn is crucial, especially if you’ll need to learn key skills and responsibilities on the job. Use work experience to demonstrate times when you’ve acquired new skills with short notice or taken the initiative to pursue education on your own. Use your resume to tell a story about how you’ve grown and excelled in the face of change in the workplace or volunteer commitments.

6. Don’t Sell Yourself Short

Don’t assume that you’re underqualified for a job. Be conscious of the confidence gap. Women apply for 20 percent fewer jobs than men and are 16 percent less likely to apply for a job after viewing it on LinkedIn. Minority candidates are also impacted by a similar confidence gap and tendency to self-select fewer job postings. The confidence gap is dangerous when building diverse security teams and could harm your potential in the immediate term.

“It would be ideal if I could find a 70 percent match to job postings based on candidate resumes,” said security executive Suzan Nascimento. She often settles for well-rounded candidates with a lot of potential but only 50 percent of the required skills and experience.

7. Consider Your Career Path

Maybe you’re not cut out to be an engineer or pen tester. That certainly doesn’t exclude you from a cybersecurity career. Get familiar with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework to see where your strengths fit in the bigger picture.

A passion for investigation could mean you’d thrive in a digital forensics role, while strong interpersonal skills could prepare you for sales or security awareness training. The talent pipeline needs candidates with diverse strengths to fill a variety of roles as cybersecurity expands.

8. Be Authentic

Pumped-up job titles or exaggerated achievements could hurt your quest to land a cybersecurity job. Be authentic, because it shows you’re honest with yourself and others, which is an important characteristic in coachable employees. Just as importantly, an authentic resume is a sign of personal ethics, which is a critical trait in a field where employees are tasked with protecting sensitive data.

9. Don’t Forget Problem-Solving

A problem-solving mindset is desirable to cybersecurity recruiters.

“We call it a hacker mindset,” Nina Wang, CEO of cybersecurity training firm OffSec, told TechTarget. “You have to actually do it, and struggle through it, and get stuck.”

Individuals with a hacker mindset are, according to Wang, “the people that can do anything in security. It doesn’t matter if they have the tools or not, because they know what to look for.” Problem-solving can be demonstrated in prior job or volunteer experiences, or efforts to level-up your skills in your home lab.

10. Do the 6-Second Test

Recruiters decide to greenlight or redlight a candidate’s resume in just six seconds. As such, your cybersecurity resume needs to be visibly great. Keep it basic, simple and format with traditional bold headers.

“Unless you’re applying for a job such as a designer or an artist, your focus should be on making your resume clean and legible,” said former HR executive Laszlo Bock.

Proofread your resume carefully and avoid catching notice for the wrong reasons, such as an outdated AOL or Hotmail email address.

Landing Your Dream Job in Cybersecurity

There is no perfect candidate, so don’t worry about making your cybersecurity resume fit how you perceive the perfect threat researcher or engineer. Use your resume to show your authentic self and the steps you’ve taken to develop cybersecurity skills inside or outside traditional classrooms and workplaces.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today