Where’s Waldo? Why Recruiters Can’t Find You (and What To Do About It)

Without further ado, this is I've been really looking forward to this. Um, the one and only Ricky Burke is going to take it to a whole new level. And this is an interactive talk. So, I'm judging you. You have to sing. You don't. And I I I want you to interact and I want you to talk to him and and get his wisdom. And I'll be running the mic. So take it away. >> Thank you. This is not working, Ryan. Or it is. >> Can you hear at the back? All right, cool. Uh, so no pressure. Thank you. Um, so who who knows what this is? Might be a dumb question for some people, but

others maybe not so aware. So we know what this is. And who has a profile on this platform? All right, so most people, just out of interest, if you don't mind, hands up. Who doesn't? Okay, couple. So, it's an interesting thing. Um, all right. So, you have profiles. Have you ever actually looked at the reason why this platform exists? If you look, who would? Um, so this is if you look at the LinkedIn mission statement and then their vision, this is basically what it says. It's really dark. Is there anything we can do for the lighting at all? I guess not. Okay, that that's working properly. So, do I have to hold this? All right. So,

just have interest. Is there anything we can do for the screen at all? It's quite dark. >> It's okay. If not, >> I'll just see if it's my screen. No. Okay. So, create economic opportunity for every member of the global workforce. What does that actually mean? So, LinkedIn is a jobs board. It's a jobs platform. Um, it's how the company originated. It masquerades as a business social media platform. The reality is it's all about jobs. But the thing is, if you can't get a job off this platform, quite frankly, what's the point? Um, and that's what it's about. So if you feel like this, where's Waldo? In other parts of the world, we call this where's Wally. Um,

just out of interest. So those people on LinkedIn, who finds it helpful in terms of getting a job? Raise your hand. Okay, cool. And I just want to flip this because we said it's interactive. Who finds it not so helpful for getting a job? 50/50. Oh, are we okay with this or is it a bit too scary? All right. So, welcome to Jesus, that's dark. Do you know what? May maybe we can have the lights on. I'm sorry to be a diva. >> Oh, do you mind just It's only about 45 minutes long. Is that okay?

It's Let's stick the lights on. It's okay.

>> Okay, just blind me. Um, all right. So, why are we doing this talk? My name is Ricky Burke. I am not from around here. I'm from the UK originally, living in Australia for the last 11 years nearly. I run a cyber security recruitment company. That was better with the lights off, wasn't it? >> Can we turn them? No, I'm joking. I'm joking. I'm joking. No, no, it's fine. We'll make it work. >> Um, >> do any of us? >> Um, there's there's a talk in that. Um, >> are you saying >> I I think you're doing okay with what you what you are doing. >> Oh.

get this man a job. >> Okay, so I I run a cyber security recruitment firm. Um, we help companies hire people. I've been doing this for a bloody long time. I'm very lucky to be involved in the security community in doing lots of stuff like this here in the US. Here today, I'm running a career development program at Black Hat later this week. Um, and do a whole bunch of stuff in Australia as well. So I like to think I know what I'm doing in terms of giving advice u to people and then if you want to follow me on LinkedIn please feel free to do so. I do actively share advice not just jobs.

So now we're going to get interactive not just with the lights but with the audience. So out of interest how do recruiters work? Shout out if you like. We don't need to be formal here. Okay. Recruiters get a job and try and match it to a person. Okay. Yes. Like it's really simple, but then it's very hard. So, for context, you have different types of recruiters out there. I'm an agency recruiter. So, I get paid by my customers to help them hire people. We have amazing people like Kirsten who work internally for companies in tal acquisition and HR where they help their companies hire for themselves. Two different types of roles trying to f fulfill the same purpose and then

there's different approaches to recruiting. So, you have, as you might be aware, job advertisements, which is where you fill in this lovely link, you get sent through a black hole, and then you never hear from someone again. Um, or you get recruiters that approach you. Now, the thing is, and going back to where Waldo and what this is about, is what's the point being on LinkedIn if you can't be found? For me, yes, there's the there's the benefit of you can network with people, but ultimately you want to be found for different reasons. Yes, there's the job of to today, tomorrow, but what about the future in terms of future opportunities, in terms of networking, meeting people here? The

easier you are to be found, the better it is for your career. And the sort of rule that I go by is the more people who know what you are, the more things will come to you, the more opportunities. And those opportunities can look so different. So, how do recruiters find people? Um, I've jumped the gun here, but essentially there's a little hint at the beginning. LinkedIn. Um, every recruiter uses LinkedIn. And have a guess. How many hours a day? We're going to put Kirst on the spot. How many hours a day do you put on LinkedIn? Let's guess first of all, anyone? There's massive prizes they're giving away as well. >> 12 hours a day.

>> Maybe not. Um, four hours, five. By the way, there's no prizes. I was joking. Um, um, how many hours a day would you spend on LinkedIn? >> It's non-stop. It's every second of the day. I'm just literally non-stop. >> Now, from a HR perspective, I can't say 12 hours because of legal rights and stuff. Um, but the reality is, yeah, as as recruiters, we live on LinkedIn. It's [ __ ] sad to be honest with you. Um I've it's got so bad for me personally. I've ignored every other social media and I live on LinkedIn. Um I I don't want to do social outside of LinkedIn now just because ultimately I spend a lot of hours on there. And to be really

truthful, if it wasn't for LinkedIn, my business and myself would not be in the position we are today without LinkedIn, which is really weird to say out loud. But in terms of the business that we do, the customers that we have, the people that approach us, again, it's those those numbers of the more people that know who you are, the more things will come to you. But we want to help you get found. So, I want to be interactive. I'm going to jump up here. I don't want to stand up here cuz I feel like it divides me and yourselves, but I need my laptop. So, I want to play a game, right? If are people comfortable me

asking who's looking for a job or who's open to a job at least? Okay, that's a no. Only joking. Um, okay. So, if we're going to say you're open to a job or looking for a job, what type of job do you want? Shout out some names. >> GRC. >> GRC. Why would why would you do that? I'm joking. I actually once spoke to a pentester who said um I'd rather put a shotgun in my mouth than working GRC. However, let's be honest and although I do have a preference to the more technical roles, I feel like GRC is the bedrock of cyber security because without the policies, without the frameworks that drives all the technical

work that those vendors and all the other people do in terms of the tools and the people using the tools, I don't think we'd have as much security. So, fair play. Um, all right. So, you said GRC. I'll be honest with you, GRC is a little bit of a weird one to look for. I'm going to go for another technical role here. What's a shout out? >> Pentesting and >> junior security engineer. >> Okay, that's a really broad term. >> Um, let's go pentester because you were louder and then we might get on to security engineer next. Pentester. Okay, so we're going to do a live demo and hope it works. Hopefully my internet hasn't

crapped out. So, I needed to make sure my tabs were closed. Um, all right. So, we're going to go on to LinkedIn Recruiter. Has anyone seen or used LinkedIn Recruiter before that's not in HR? Okay. So, I can take you down this dark web of the murky world of where recruiters live. >> All right. So, sir, if you don't mind me asking, where which location for a pentesting role? from >> Okay, I'm I'm going to jump ahead and just spoiler alert, >> Southern California. >> Southern California. Okay. Is that where you actually live or you just randomly naming a state? >> That doesn't help me with my exercise here. So, >> all right. Only because I want to

reverse engineer the situation. See if we can find you. Is that okay? All right. Sweet. Okay. So um we can all see this clearly. So, thank you for dimming this the the lights because now we can actually see it properly. So, all right. Location. You said Southern California. I don't think we can search Southern California. We're just >> Oh, okay. And which street did you say again? >> I'm joking. Don't answer. Um, all right. Losing. >> All right. Oh, no. I not county. Hang on. Let's just go. So, this is where the where's Waldo thing comes into it. Essentially, we're looking for the person. All right. So, now we're basically playing the game of the horrible shoes you're going to be

in. We're going to be in a we're going to be a recruiter for the next 5 10 minutes. Why would you want to do that? Um, okay. So, just a simple 11 million people to try and get through. Um, now what? So, what what search terms do you think we should use if we're looking for a pentester in the Los Angeles area? >> Pentester. Okay. So, which job title should we go for? Pentester. >> So, job titles. Let's go formal and go put penetration tester. Red team. >> Red team. Okay. >> So, red team. CH have really m muddied that that word for me. Ethical hacker. They've ruined it. No offense. Um. >> Okay. So, red team, not t team.

This is hard. Give me a break. Okay. red team. So, by the way, I'm doing in the recruitment language, we call this boolean searching. Other terminology or variations is I don't know, X-ray searches or um whatever, but basically recruiters say boolean, right? So, we got red team or uh someone said OCP and ethical. Oh, man, that word. Okay, ethical hacking. Are we happy with that? >> Start. >> It's a start. Okay. >> I was just testing. >> I'm glad someone's paying attention. You'll get the prize. All right. OC. It's all right. The cap caps doesn't matter. All right. So, 127 people. So, now we get to uh not just look at people. We're going to do some um

constructive feedback as well. I apologize if anyone is in the room that I give constructive feedback to. So, we're going to just as a question out of interest, how long do you think a recruiter would look through a person's profile? >> 15 seconds. >> Less than 30 seconds. Yeah, I'd say 15 30 seconds, which sounds pretty [ __ ] Here's the way that I would work. And maybe people have other opinions. Um, so you look at this list of what was it? 127 people. Before that was 200 odd. Essentially, I want to skim through these profiles just to then shortlist people that I want to spend more time with. So essentially I might shortlist 5

10 20 50 people put them over there and then I'll go back and then try and contact these people. I'll reach out via direct messages, emails. I if I have their contact details I'll call them or email them. Um but essentially I'm just looking to you know if you imagine like a canban board is like just move through the sort of flow of shortlisting and moving forward. So, we're going to jump on this guy's actual LinkedIn profile. We're going to do some I say constructive feedback at the same time.

Now, what do we think initially about this profile

details? >> Yeah, there's that. Um, we don't need to go more experiences. He's got licenses and certifications. It's got a few projects, key skills, 45. There's a lot there.

Would we rate this as a good profile or let's say, you know, good, bad, average? What would we say? >> Okay. You had a question. >> I care about the ones I care about. >> Sorry. What was your question? >> The question was um about filling in the skills. So, do we do we care? I said I care about the ones I care about. So, do I care about in this context uh WordPress? Couldn't give a [ __ ] Do I care about shell scripting and web application security and penetration testing? Yes, I do. So, it's about what's relevant. But let's just jump back to Ryan's profile. I think it's a pretty decent profile. Look, we all have

room for improvement. Um, you know, there's some funky stuff you could do with a banner here just for aesthetics or visual purposes. He's got a nice friendly picture. Um, he makes it very obvious OCP does have C. In some places that might count against him, which is interesting. Um, so I can't speak for here or certain places, but in Australia, I know a lot of pentesting managers that if they saw CH, they would basically disregard that person. Um, because not because it's [ __ ] no comment, but more because the person lacks the understanding of what the rest of the industry or community thinks of a certification like that. So having context awareness, I think, is really

helpful. Um, but he's got some searchs. So, you can see this guy actually does it. He does mention ethical hacking. He does have offensive counter measures in there. Um, yeah, there's some other stuff in there, too. So, essentially, there's a lot of information there that he is someone very easily I would go, yes, I want to speak to this person. So, I would then shortlist him and he'll go into my list of people to contact. Um, there was a mention of there was a lack of stuff here. Areas improvement. Yes, he could do that. He could put some stuff in there about what he does like is he still a pentester or is he doing

some other stuff? We spoke about the vagueness of security engineer. Security engineer title could mean so many different things. Is it appse? Is it cloud sec? Is it dev sec ops? Is it whatever? There's like 10 15 different things it could be as a security engineer. Um interesting had a stint application security engineer. Again, was it like proper absec or was it more code review working with devs or whatever it may be? Um, but again, I like the profile. He got found. That's a good thing. There's a reason why he was number one on that s that on that list. Next person.

Okay so we've got some stuff there. There we've got a brief intro, relatively active with some comments. Um, job penetration tester there, so it's quite obvious what he does. And then we'll check out the skills. Not much in terms of certification. Okay, 38 skills first when you got um pen testing and red teaming early on there. What do we think of this one? Good bad average. >> Average to good. I'm curious those that said average. What do you think could be better? >> Theerts. You like, you care about the >> Okay, good responses. Yeah, it does depend on theert. Um, I couldn't care less personally about certifications. I couldn't care less about degrees, university, and stuff like that.

Ultimately, companies are hiring people because of their experience, their ability to solve specific problems. If you can't solve that problem, then quite frankly, you're not very useful. Um, question, >> what do you think about the about section?

This is what I do. >> Okay. Did we hear the question? It was what was the thoughts on the about section? What do you think about the about section >> in general? I think it's important to humanize yourself to some extent but also show the section where you like I'm a real dude that enjoys doing

>> cool. Yeah, I I think the about section is important because it gives you an opportunity to add some context. Ultimately, companies are hiring humans, not robots. And if you can describe Got some live messaging there going on. I'm not going to open it because I don't know what it's going to say. Um, but I I think the about section is really helpful. Um, look, there are some people out there who they're known in the industry. They're a known quantity. If you're not that, then you need every competitive advantage you can grab. So, you think about your your resume. This is your LinkedIn is your online resume. So, when you have that bit at the top

that you should have if you don't have it already, the summary part or the intro profile bit, this is your chance to tell the viewer who you are, what you're about, and basically what you bring to the table. So you concentrated on experience. >> What happens when you don't have over in the >> It's a good question. >> Can you hear me? Okay. So you mentioned experience. What happens? What are what would you suggest for someone coming into the industry who has no experience? Maybe a recent uh university grad. >> Okay. Who who's in that position? Um, new to the industry, no experience. >> Okay. >> Um, you're screwed. >> Um, but there's things you can do. The

fact that you're here is amazing. Now, I'm curious. Um, if you don't mind, raise your hand if you are on you've got a LinkedIn profile and obviously you're here today, so you can do that. Okay, keep your hand up if you have posted on LinkedIn that you are at Bites today. Look around you. >> Security people. >> Yes, but you for those people that need a job, you need as much help as you can get. Um, and the picture doesn't have to be out there because if you take a photo, you'll get told off. Um, but it can literally be a photo of the B-side logo. It could be of a presenter that doesn't mind social media. Hi. Um, it

could be anything just to basically demonstrate you're at a place like this. So, this isn't part of the talk, but this is also just to give you general advice. When you go to something like this, this separates you from those people that are not here. So when you need something like a job, you need everything going for you. So your opportunity is you're here. The fact that you're here, you've spent money time to be here is amazing. So for those people that are trying to get in, fantastic. It's an amazing opportunity to actually meet people, although it's quite scary when you don't know anyone. Um, and I do mean that. Like it's I I was talking to D about it the other day.

Like I I I find it intimidating, go into a place, I don't know anyone and it's like it's a little bit easy if I'm honest with you. I can go to an event in Australia and I will just people just come and talk to me because they see stuff on social media so people feel comfortable. But if I have to rock up to an event like this, no one knows me and I don't know them. How the hell do you start engagement? And that's where just small things like a post or here or there connecting with people or an actual engagement strategy of trying to build relationships is really helpful if you can be brave enough just general

advice is like it's already gone lunchtime but you've got this afternoon you've got a couple more days if you're still here is try and set some small goals. So in the morning or let's say this afternoon try and speak to two people and just start with open questions. Don't rock up to a table full of 10 dudes and just go, "Hey," like no one's going to do that. But if you if you standing like you spot someone on their own, they're on their own. If you spot someone in a queue for drinks or coffee or whatever it may be, just ask or the person behind or in front of you open questions. How's the day? What

brings you here? Just see where it flows. You never know where it takes you. I I literally know people that have met their partner at places like this and a shitload of people have got their jobs through these sort of events. And if you have local community stuff as well, like you think of it as sort of small wins. The more things you go to, the more times you meet people. The more you meet them, the more they get to know you. The more they get to know you, they're like, "Oh, that person's cool. Like I know what they're up to. I think we they they could be a good fit for our team." And I can promise you, you'll

have more chance of getting a job that way than applying for a job with online where you're one of 500 or a thousand people applying for the job. If you can get someone to give you a warm intro to their boss, like that's halfway there. Obviously, you need to do well in the interview, but the fact is if you keep showing up, and that's the thing, like if you're trying to break into this space, it's hard. Really, really hard. But when you are here and other people are not like if you imagine you're at university and your you know whatever you want to call them colleagues and you know whatever your peers if they're not here and you

are you win keep doing that stuff when you post on LinkedIn you're at this event that event share some ideas it's all just building for a much bigger goal so Brennan I think not a bad profile um we spoke about the about section. I think it's really important because again it gives context to the human. If you're transitioning from one industry to another, talk about it. Explain what you're doing. If you see my profile, I'll jump onto in a bit. You'll see that I'm talking about all the events and the stuff that I do because quite frankly, it adds credibility. So, if I mention I'm at Bides or I mention at Black Hat, someone who knows

those things be like that's cool. Like that's my sort of person as opposed to they have no idea. So, you've missed an opportunity if you've not done those things in the past. In the future, do a post today, whether it's X, Twitter, whatever, when whatever you want to call it these days, or other social media platforms. Again, it just adds to your credibility. Um, but the interesting thing is, just an observation, by the way, and and I'm just seeing Brennan here. Brennan comments, comments, comments. But where's his posts? There's no posts. And if you like I've done this research because I've run um training programs on this for like uh for people and it's really interesting observation because

when you go looking at other people's profiles you realize hardly anybody posts. So it's not that hard to actually stand out and give yourself a voice because most people quite frankly are a bit nervous. >> I can't do you mind so I can't hear. So, I was going to say with um regards to the posting as well, like I in the past I I did that several, you know, I would do that a decent amount for >> I'm sorry, it's really quiet. >> Sorry. Can you hear Can you hear me now? I mean, I can I just don't want it to be too loud. Um so, in the in the past, I've like posted a decent amount. It's

just you get this sense when you look at the feeds that it turns almost into what Facebook's become in terms of like you know so should you be kind of selective with your posting so it's not spamming almost like what's the best from your guys' point of view as recruiters how how do you sweet sweet spot so it's not annoying to you I guess I I don't really think it matters if I'm honest with you uh look whe whether we like it or not LinkedIn have flipped the script in terms of it is social media but the engine behind it is a jobs platform. So, look, if you post stuff, people don't like it, so be it.

If you post stuff, people like it, then good for you. Um, so I I didn't look what there's a fine line of, you know, posting too much. If you're posting 10 times a day, you're just going to annoy people. Um, but the reality is you're not going to post that because who the hell can think of 10 posts a day on LinkedIn. So, if it's more like one, two, five times a week, awesome. Um, and also LinkedIn, weirdly enough, doesn't like you posting too much opposed to something like Tik Tok where you're pretty much, it doesn't matter how much you post, every every post is sort of individual in terms of its engagement. LinkedIn, and I've been penalized for

this, if you post more than once in 24 hours, at least I can tell by my history. I don't know about the future, the the next post did not go so well. So again, you got to sort of spread out the post as well. Um, >> was there a question? >> Yeah. Uh, so I wanted to go back to the, uh, first profile um, where you had mentioned you would pass over a profile that listed a certification that they may not be aware that the rest of the industry doesn't value as much. Um, unfortunately like the US government values those SERs that the rest of the industry doesn't. And so for folks that are like getting out of the military and

uh they don't care if they're getting, you know, a job in the government or in the civilian sector, uh what advice would you give them to kind of find that balance to be seen on both sides? I I think I heard the question. Sorry, it's a bit quiet and I've got the air con. It's quite loud. Um so you certifications and the general consensus, but sometimes you need these things to get jobs. Ultimately, you you do what you need to do to get a job. So depending on what the employer or type of employer you want to work for is looking for quite frankly it doesn't matter what other people are looking for. So if you want to work in

government, government needs certain criteria then you meet the criteria. If you want a different type of job then you need to understand what that employer or that recruiter is basically looking for. So it is case by case if that makes sense. Does that help at all? Go on. Let's let's go deeper if you like for clarity. >> Uh no, I have a lot of uh friends in the military still and when they get out they they ask for advice and um they don't really, you know, care if they get a job on the government side or if they get a job in the civilian sector, but they have all those searchs that the civilian sector doesn't really value. So

>> get the best chance of being seen by both sides. And it that sort of goes to the thing of same as like entry- level people and and I heard this earlier from someone and I don't mean any offense by this or anything that I say. Um but the person was speaking to somebody else and I heard them say, "I'm just looking to get my foot in the door." No one cares. Like it's wrong to say that, but ultimately that's not their problem. Basically, you get employed to solve problems. And if someone sees you as someone who can solve the problems, they will employ you. If you can't solve problems, they won't employ you. So

again, it comes down to what is the criteria of what they're looking for to identify that you're someone who can solve problems. So there might be again, if you've got pretend 10 certifications or training and it's spread across five different areas of security, my thought is well what the hell is this person like? What what are their interests? Because in in reality, most companies a lot are not hiring someone who's a oneperson security team. They're they're hiring them to come in and do application security, penetration testing, GRC, security architecture. These are specific skill sets that have then obviously certifications and training and experience associated with that area. So my advice is think about the job that you want and work backwards

from there. Hope that helps. Awesome. All right. So, again, I think a pretty good profile with this person. Again, they came up second in my search. Now, let's see if we can find our friend sitting in the one, two, three, fourth, fifth row over there. Um, out of interest, do you think we're going to find you? >> Oh, that was po. >> This whole exercise is redundant. >> Um, why why would we not find you? because I've been retired for about eight years. >> You I said people looking for a job. >> I'm sorry. >> Okay. Can Can we just go back 15 minutes? >> I'm joking. It's fine. The idea being it's about being found. If you haven't

got the right information, you won't get found. So, there's a a lot of people on LinkedIn, like LinkedIn likes to tell you there's over a billion people on LinkedIn these days. It's going to get harder and harder to stand out in some ways, easier and easier in other ways. Most people in this space are not posting anything. So, there's an easy way to to sort of stand out quite frankly. Um, but this is the thing. If I if I'm looking for a pentester, there's a whole bunch of stuff that I would add to these keywords. You know, different terminology, different things depending on what my specific needs were. I would go a bit deeper. You know, if I'm

looking for someone who's maybe a bit more appseac focused and maybe who's looking to do some code reviews or code scanning and stuff like that, I would put words in like that. But the thing is, the results are only as good as the information we put on our profiles. So, if the information is not there in the first place, we're not getting found. All right. I think the demo went okay. Didn't get the results I was hoping for. How are we doing for time? >> We're running out. >> I mean, frankly, after this is just resumes and career coaching. So, if people are still interested in doing this, I'm happy to let you keep going.

>> Okay. >> Unless I get in trouble. >> We could just roll with Q&A as well. >> Yep. >> Um, >> one second. >> I'm sorry my friend is Q&A is not finished yet or started yet. I'm only joking. Go on. >> Thanks. So, quick question. Does LinkedIn Premium make a difference to you for hiring if you're looking for to hire someone? >> I'm really Is >> Can you Does LinkedIn Premium make a difference if you hire someone? Absolutely no difference. >> Massive. Oh, uh, sorry. Okay. Does it make a difference in terms of me me seeing you? >> Um, but I think it makes a lot of sense to have LinkedIn Premium even if it's just

for your searching time frame for the next job. Um, you get it free for a month, I believe, and then maybe have it for another month or two if you need it. Ultimately, what it does is LinkedIn is not just about having an online CV, but then you have the ability to be proactive. You can actually do stuff in terms of helping you um be more active on the platform, build relationships, and so you can sort of build a targeted audience of the type of people you want to network with, learn from, and also try and maybe get jobs with as well. Um, so I would definitely use LinkedIn Premium for a period of time. By the way, I don't work

for LinkedIn. I'm not a I'm not being paid for this this this presentation. I wish I was. Um, >> by the way, I lied. There's a 3:00 talk. >> 3:00 talk. >> So, I completely lied. >> That's okay. We can go to like 255 maybe. >> Yeah. >> All right. So, what do we think makes a good profile? >> Experience. experience sorry >> detail yes >> that can be easily optimized for SEO >> can we can we just that's this is basically the talk in one sentence >> keywords that can be easily searched by recruiters i.e SEO for your LinkedIn profile. >> You've basically stolen my last slide. Yes. >> Well done. >> Um, my advice is ask yourself three

questions. Is do you want to be found on LinkedIn? Some people don't. Some people like to go under the radar and they don't want they don't want a new job, need a new job, and that's okay. But if you do, what do you want to be known for? So, do you want to be known for pentesting, GRC? Do you want to be known for something else? Ultimately, the information you put on there is what you'll get associated by. And this is the other thing with LinkedIn as well is what you put out there, you get branded by. So, an example of that is I I share a lot of stuff on the platform to help

people basically get jobs in the industry, land themselves a new position. Um, but I'm not that person in terms of I'm not the one who's helping graduates or transitioners get their first job in the industry. I just see a massive quite frankly problem and people need help, advice and support. So, if I can give them guidance to help themselves, I want to do that. What's interesting, I'll speak to some people and they think I'm the guy who does that. Um, in terms of I will help you land a job. I can't. I don't get those jobs. pay companies pay me good money to hire the ones they can't hire. Um, so yeah, what you put

out there, you'll get branded by as well. So bear that in mind. So again, that's a good thing. If you keep putting out, again, you want to be a GRC person, you keep putting out stuff around frameworks, policies, communicating with stakeholders, you'll get known for that. Um, so think about it. Oops. Question on the back of this, just a raise of hands. Who's going to make some changes to the LinkedIn profile? How good's that? Okay, you're you're being pointed at by the way. You're being told to make changes. I'm curious. What changes does he need to make? >> No, he started posting in the middle of your talk. >> That's not my profile. >> Um, you started posting.

>> Congrats. People can be quite apprehensive with that. So, if you can get over it, good on you. Um, >> I'd say connect with me, but I can't. I've got I've tapped out at LinkedIn's limit, which is 30,000 connections. Um, but feel free to follow me and I will keep giving this and tips and advice where I can. Um, and not just for entry- level people, but for people that want to get into leadership roles, people that are in leadership roles. Like the really interesting thing is I'd say the two hardest jobs in the industry is getting your first one and then also getting leadership roles. There are so many leaders struggling to get a new

position. And the reason is it's like a pyramid. The the the higher up you go, the less there are at that at that period at that uh spot in the pyramid. And the competition is fierce. This is where quite frankly having a LinkedIn profile, having a quote unquote brand, as cheesy as it sounds, people knowing who you are, what you stand for is so so impactful for your career. Um, so if you make those changes, again, be specific. Don't be that person. I'm just want to get my foot in the door. Think about it from the other perspective. The job that I want, what do they want to see? What problems are they expecting me to solve?

And that goes for your resume as well. So many résumés are [ __ ] I I'm sorry, but they're they they're useless. I see thousands and thousands and thousands of CVs a year. And the thing is everybody or a lot of people especially experienced people some of the worst because what happens is people have their resume that's been open for many many years and then they want a new job or need new job so they update their resume so they simply bulk on to their existing CV and now we have a five seven 10page resume which no one's going to read. How, Kirsten? How many How long would you spend? Do you mind me asking?

How long do you spend on a resume? >> Five seconds. >> Okay. Five seconds. >> How long you have to compel me to continue to read? >> That's it. And that's it. You've There was a stat a few years back, I think, on Indeed. It was 7 seconds. I've used that slide before, but 5 seconds. That's a That's a new record. Um, but but ultimately, you will spend a lot more time on the ones that you think make sense. The reality is time is precious. We saw that first search and it was in, you know, the would have been the millions, then the thousands, then we we narrow it down to the hundreds. If we

don't have time to spend 2 minutes, 5 minutes on each profile to look at every little detail and think, oh, did they mean this or did they mean that? No, you need to be very specific about your intentions. And those people that are essentially thinking like that will find it a lot easier to land what they want. I think that's that's me in terms of official Q uh presentation. Yes, let's do some questions. >> How do you >> 10 minutes I think. >> How do you balance keeping it short with um adding all those keywords for your SEO? >> How do you balance keeping it short with uh all those keywords for your SEO? >> I wouldn't worry about keeping it short.

Oh, but I mean you said but not five or seven. >> Oh, you mean do you mean your resume? >> Yeah. >> Okay. So, that's another thing as well. So, question for the audience. My Q&A to you now. What are the most important skills in cyber security? >> Learning. >> Networking. >> Networking. Which one? >> Oh, no. >> Okay. networking network, >> critical thinking, storytelling. >> Sorry, nailed it. That's one of the again, this is my bias. So, like I'm not what I say is not definitive, but in my opinion, there's two things. Communication is one of them. The other the other is the ability to influence. Now if you if you think about a job

whether it's the pentester GRC something else you are working in a business you are working with other humans. Now even as a hacker where your job is basically to hack [ __ ] you still have to produce a report for someone else to read and then the idea is you find some vort and then they make some fixes. If you can't communicate in a report to the development team in terms of what changes need to be made why it's important then what happens? You could be the best hacker in the world but if you can't influence the changes from in terms of remediation then you failed. You could be an average pentester amazing communicator and you influence

more change. So that's the the pentester which is one of the more technical roles in the industry that obviously there's you know the other end of the spectrum there's there's other roles that are closer to the business but the reality is every role is connected to the business and you've got to influence someone else to make some sort of changes. So if you can demonstrate the ability to communicate and that's where in terms of resume without even think or knowing it or realizing it the ability to communicate succinctly precisely in your resume is another selling point. It shows that hey this person actually gets it. They can they can be concise with their communication skills and get their point

across in a small window. So, it's a challenge, but I know um says >> Gandandygram. >> Oh, [ __ ] Yeah. >> Oh, >> you forgot that speaker request, did you? >> I was joking. >> I know. >> Jesus. Okay, thank you. >> Doesn't have the brown ones, right? >> Just blue. You are a non-specific as to what shade or variety of blue. So, you got a bunch of different ones, but they're all blue. >> Oh my god. >> Okay. >> I know what for what's uh for dinner tonight. Um amazing. Wow. Okay, cool. I'm I've been thrown there. Um so, okay, now I'm struggling to communicate on the topic of communication. Um, but ultimately if you

can if you can be concise with your communication in a document, which is basically your marketing material, that's all a resume is. It's is you marketing yourself to a new job. Um, essentially you're trying to influence the recruiter, the HR person, the hiring manager for them to want to meet you for an interview. That's the job of the resume. And I know so many CESOs that have one and two-page resumes and if they've got 15 20 plus years experience and they can do that then someone with two or four years experience I think manage that as well. Um another question I'll go to you um I'll grab the mic. Sorry. Thank you. >> Yeah. Does the open to work uh or open

to work for recruiters thing on LinkedIn do anything or does it actually hurt you? >> Um okay. So does the open to work banner help or hinder you? Um that's a really interesting one and I don't have a definitive answer cuz it depends on the individual. Some people have some bias to that and other people not. Um, look, I think you need everything going for you. Um, you can do things on LinkedIn like you're open to work anyway, like and then recruiters that have LinkedIn recruiter can see that. But look, if you need a job, you need a job. The most important thing is you can demonstrate what value you bring to an organization. So, personally, I don't

care like people's circumstances are not always in their control. So, if you've been laid off, you've been laid off. Like, it doesn't mean you're a bad employee. It just means bad timing with with an organization. Um, so I would use it, but the thing is, as always, we're dealing with humans, and humans will always have different opinions. Um, but look, use what you've got in my opinion. Um, the most the more important thing is those key words and then how you communicate on your profile is my general advice. Um I'll cut down the end. >> Um so just one of the thing kind of to follow up on on um so you have the resume and being succinct. Absolutely.

With the with the LinkedIn profile I've heard it both ways like you want to be as verbose as pretty verbose. Should you try to take a similar tact especially I'm coming from some experience related to uh the industry but some outside as well. How do you make it so that we're not wasting your time? Because again, you have 15 seconds or so maybe. Should you go succinct in there kind of like a resume, just not as extreme? Or what do you suggest? >> Oh, did you want to answer? Um, you get to the point, but then you I think if you can elaborate with an example or two, that's helpful. Ultimately, it's about outcomes, and

that's the same thing for your resume. like this is not a resume session but I can't help but talking about it because I always see areas of improvement. So if you if you think about it um like a lot of people's LinkedIn or their resumes that they will basically look like a job description in terms of they just copy and paste a bunch of stuff that their job entails rather than talking about the underlying thing of the problems they've solved. If you can again comes down to communication rather than like let's say like the pentest for example like I there some of the worst CVs that I get because it literally just say web applications

uh infrastructure I'm like yeah no [ __ ] like that's what you're hacking but what did you actually do what was the impact of your findings and when people can say they did this and the outcome was this and it links back to the business then you honestly you go from here to up here. So again, communication >> I did X that achieved Y for Z percentage or money or whatever that actually did the number that's like oh >> yes if you can put metrics and stuff like that on your resume or LinkedIn again you're elevating yourself to a very small percentage of people globally that actually think like that. So again, elevate your thinking so other people

can see that. Two minutes, one more question. >> Can you speak to the importance of tailoring your resume, your cover letter to each posting? And >> hang on a second. Sorry. >> Can you speak to the importance of tailoring your resume and or cover letter for each posting? and also if it is detrimental in any way to use AI to assist with that process and expediting it. >> Really good question. So I've got about what 60 seconds. Um okay so I think in my opinion and look I say this as someone who's not in your shoes so it's hard. Um I've not had to apply for a job in a long time. I run my own

business but I I try and think about it the way I would approach it. So, you have a standard resume and then you tailor it slightly depending on the job you're applying for. There'll be a different opinion. I'd love to hear your opinion about cover letters. Okay, cover letters, small ones. So, a cover letter and some people say, "Oh, that's outdated. That's too traditional." Whatever. The thing is competitive advantage. If they read it, great. If they don't, so be it. If you can explain, if someone sent you CV, cover letter, explained why they would like to work for your business and the role they've applied for and how they're relevant for it. What would you say or

what would your thought feedback be? >> Just want to clarify what I meant by five seconds. It is the it is the amount of time that I'm going to spend giving you a chance to compel me to continue. You can do that in one sentence. It's not a cover letter. You're not putting it in an envelope, right? But you're saying, "Hey, I noticed this and I would like to do that, right?" And that's almost a direct quote from the advice that he's giving on his site uh on a, you know, on a regular basis, right? So, it's not a covered letter, but it is a statement that compels us to keep going, if that makes sense.

>> It was sort of you're giving yourself a warm intro. But if if p if someone and again I only speak myself but if someone or think about it yourself if you're an employer you're a hiring manager and someone basically says I want to work for your team or your business and these are the reasons why and the job I'm applying for I've solved these problems before and here's some examples. I think that's more compelling than trying to guess. Um, but ultimately you don't need like a new CV every single time because if you're applying for a hundred jobs over a period of time, then you don't have the time for that. But I think there's a

lot of people that go, "Oh, but I've I've applied for hundreds of jobs and not getting anywhere." Okay, but what jobs did you apply for? They applied for a variety of roles. It's not specific enough. Like, if they know they want to be a pentester and they're applying for pentesting jobs, fine. But if they're applying for like I there's a guy that I coached and he won't make these bloody changes even though I've said it so many times on his profile LinkedIn it's it talks about GRC and it talks about security operations like a sock analyst they're not the same yet he he won't make the changes like which one do you want to be because you're not going to

work be work in a job where in the morning you're a sock analyst in the afternoon you're doing um PCIDSS assessments like so you need be specific. Um, if that makes sense. I think that was the last question. Um, thank you everyone.