How to write an Application Security Resume

Introduction

This post aims to help people to write appropriate resume for Application Security related roles like Security Consultant/Analyst, Security Engineer, Product Security Engineer, Security Researcher, DevSecOps Engineer etc. I am not an experienced guy nor an expert when it comes to writing resume, but I do have some experience in taking and getting interviewed for quite some time. So I can tell you a thing or two when it comes to writing a resume for application security.

Structure of a Good Resume

The purpose of a resume is to make your interviewer understand about your professional forte in the shortest time. We don’t live in an ideal world and most interviewers like me, skim through your resume 5-10 minutes before an interview. A nice resume should explain your expertise, skills and achievements in under 1-2 minutes of reading it. Please don’t make a resume with more than 3 pages. It makes it difficult for the interviewer to go through everything, chances are that he will skip a lot things that you want to highlight. Your resume should have the following sections.

  • Personal Details
  • Summary
  • Work Experience
  • Skills
  • Education
  • Certifications
  • Awards & Achievements
  • Others

Before going into each sections, here are few things that you should consider. The most important part of a resume, atleast for me are Summary, Work Experience and Others. Make sure that these sections are appropriately highlighted to the interviewer. Except for the summary, it is better to use points that explains the meat of the idea than writing long paragraphs. The trick is to keep it short, highlighted and clear. Avoid using abbreviations that are not generic. Now let’s talk about each section.

Personal Details

This section should only contain your Name, Email, Mobile Number, and Website/Blog. It is also nice to add your current work location and a professional photo in this section Please don’t add anything more than that. That’s enough, anything more is not informative and waste of space and time.

Summary

This is one of the most important part of the resume where most of the people just copy paste sentences from samples available online. Please show some sincerity towards your career and the interview. Trust me if I see a resume with plagiarized objective or summary, I have already judged you by some extend. Here is a common sample objective or summary that is a big turn down.

Looking forward to an exciting and challenging career with the organization that provides good working environment and excellent opportunity for mutual growth and my technical knowledge.

Here is a short one, but atleast have some crucial bits like job role, area of expertise and years of experience compared to the above one.

Security Engineer with +2 years of experience is Web, Mobile Security and Automation. Looking for a challenging opportunity as a Security Engineer at your company to leverage my technical and professional expertise.

If you are an experienced professional and not a fresher then it is better to use a good summary of expertise instead of objective. This is the juicy part were the interviewer has to get a first impression on you. Feel free to boast (in a reasonable manner) about your professional experience in not more than 2-3 short paragraphs. Here are few things things that you should concentrate on while writing the summary.

  1. Expertise – Ex: 5+ years of experience of web security and code review.
  2. Skills – Ex: Mention your key skills like Security Automation, Manual Code Review, Greybox Pentest etc.
  3. Area of interests – Ex: Secure Coding, Reverse Engineering, Writing scripts to detect vulnerabilities etc.
  4. Open Source and other Contributions – Ex: Contributed to so and so open source projects, wrote and maintain so and so tools, scripts, documentation or cheatsheets.
  5. Professional Achievements and Awards – Ex: Founder of X product, Author of X book or tool, core member of the local security community, the talks, training, podcast or webcasts that you have delivered, the CVEs, research, hall of fames, awards and other achievements in your name etc.

These days resumes are mostly PDF and have rich text support. So add links to your Github, StackOverflow, HackerOne, Slideshare, and other Security related profiles that will vouch for your skills and expertise. Your work is the best show off that you can add to the resume.

Work Experience

This section should contain the job designation, company name, years of experience and a description that should clearly explain your roles and responsibilities in the company. You can either use short sentences or precise points. You should include details like the technology that you have worked with, the outcomes, tools used, your contributions, the team work you did, appreciation and awards that you have received etc. In short add every relevant thing you did during the job.

If you are a fresher, I expect you to have some knowledge in Security. Instead of mentioning company names you can describe about your hobby security projects that you have worked with, scripts or tools that you have developed, open source contributions, your security blog, bug bounties, the extra curricular courses that you have did, the things that you have learned and tried out after reading a blog or paper etc. Be creative, include everything related to security that you think will add an impression about you to the interviewer.

Skills

Add the skills that you have, simple as that! Again keep it short and clear. For example: Secure Code Review, Software Development, Android Security, Malware Analysis, Reverse Engineering, Tools Expert etc. Avoid using graphical charts and diagrams. It’s just a waste of time and space in the resume and after all you are not applying for the role of Graphics or UI designer.

Education

If you are not a fresher, it’s better to add just the last two or three relevant professional degrees or courses that you have done with course name, college/university name, duration in years and grades if you want to disclose that. Avoid adding information about your schooling like Secondary and Higher secondary education. It’s again a waste of space and provide that information only if requested.

It’s always nice to add information about the extra aptitude, science or art exams that you have passed and also add the details of courses that you have learned online from edX, Coursera, Udemy etc. This gives an impression to the interviewer that you have an aspiration towards learning new things.

Certifications

Add details of respectable certifications like the ones from Offensive Security (OSCP, OSCE. OSWP, OSWE etc.), SANS (GCIH, GCIA, GWAPT etc.) and other industry accepted certifications like CISSP, CCNA Security, CEH etc. (Personally I am not a fan of certifications, but it’s good to have them for lots of reasons). Security is an industry with lots of magicians and charlatans. Do your research before joining a course and please avoid adding certifications like AFCEH, attended two day ethical hacking workshops etc. If you are a fresher, you can mention about all the certifications that you have done related to computers, networks, security and also add information about workshops.

Awards & Achievements

Don’t feel ashamed or awkward, just boast about all the relevant achievements and awards during your job or education. Include anything that adds credit to you for the extra curricular activities.

Others

This section can contain other relevant work that you have done with respect to application security. Mention about the security tools, scripts and cheat-sheets that you have written or contributed to, the blogs or wiki that you maintain to teach security or share your knowledge with the community, the books and security researches that you have published, the security meets that you are a core member of etc. Depending on the content, feel free to title this section as Research Published, Books Authored, Developed Tools, Security Projects, Other Activities etc.

Final Words

Please use modern and readable fonts like Open Sans, Calibri, Helvetica etc. while making your resume. Make sure you are consistent with layouts, font size and paragraph justifications. Alternatively you may use websites like CV Maker, VisualCV etc. to make professional looking CVs for free. Check your grammar with free online tools like Ginger Grammar checker, GrammerCheck etc. Like I said, I am not an expert but these are few things that I have learned over couple of years in making a good resume. Here is my resume for you reference: https://ajinabraham.com/static/Ajin_Abraham_Resume.pdf

Feel free to comment, correct or add your suggestions.

About the Author
This post is written by Ajin Abraham, one of the course creator at OpSecX and this article was first published previously through his Linkedin page. The views expressed in this blog do not necessarily reflect the views of the OpSecX.

No comments yet.

Leave a Reply