Interview Like a Legend: No Slides, Just Vibes

Without further ado, uh I ran uh the hiring village at Besides Charm and the room where this guy was speaking was it was a elbow-to- elbow people and people out the door trying to get in the door and I begged him and begged him. I was like, "Oh, I know you're a little teeny tiny bit busy this week, but also maybe you should do this talk." So, you will not be disappointed. Welcome, John Stoner. >> Thank you. I was coerced into the CFP. No, I'm happy to be here. Uh, I am busy though. Uh, I'm John Stoner. I work at Google. There's two of us. One of us has a mohawk. One of us used to work at

Splunk. That's the other one. Um, so if you're trying to find us on LinkedIn, he doesn't have a mohawk. I'm the other one. Um, welcome. And I am lying. I do have a few slides, but like most of them are memes. I swear. like there's like no bullet points at all other than the like who am I like why am I here this morning and why am I paying attention to this person um so US Army veteran technical intelligence for 10 years I got out in 2010 and I've done a lot of different things in cyber security since then uh the biggest area of expertise is cyber threat intel I have been a department of

defense contractor in quite a few companies I tend I tend to change jobs like every three years so I am also a frequent like interviewe um uh I am at a fang company now I'm not representing the company I'm at though um uh and there I am a cyber security consultant and uh academy instructor um so as both a government civilian and as a contractor I have interviewed at least 150ish people and done about 45 different hiring actions um so I do come from from a place of like being the hiring manager in addition to just also personally changing jobs quite a lot. Um, you'll see me around the rest of this week as well. If you're over at

Defcon, I'm at Goon. Uh, I'm mostly on Massedon and LinkedIn is probably the best place to find me and also go Liverpool. All right, so at Career Villages and I've been helping out CareerVillages a lot. I think it's really important to give back to the community. Everybody, it's always resume, resume, resume, resume. In the nonprofit I help run at Vette, we have a resume channel and people are like, "Help me with my resume. Help me with my resume. I need a job." Your resume is important, but as a hiring manager, I normally know within three minutes if you're getting an offer. And most people aren't prepared. They spend all of their time and effort on

the resume and they haven't prepared the interview at all. And I can tell as the interview person, right? I can tell whether they're prepared or not. It starts off, hey, thanks for coming to the interview. Why don't you tell me a little about about yourself? And if that's a 12inut meandering saga of their life, that's probably a no for me, dog. Um, I have mostly hired threat intel people, right? So most of the roles I've hired for are threat intel specific. And there is very specific things that I need that person to be able to do including giving a presentation, writing concisely, conveying information. And if you can't do that about tell me a little

bit about yourself, that doesn't inspire confidence that I could put you in front of someone else to tell them about an advanced persistent threat actor. Now, not every role in cyber is going to do that. But communication is super important in all your roles. Generally, as you get senior in your role as well, you're probably going to do more talking to various people as well. So, the resume can only get you in your room. So, it is important. I will be here. I'm going to stick around for a while to also help review resumes, but you also need to prepare when you get the interview. So, like maybe make it like 7030 split in effort, right? not 100%

effort into the resume because I want you to present the best image of you when you get into the interview, right? So, and if you when I say like I want you to prepare for the interview, I want you to literally like bring up Zoom or Google Meet or whatever and like look into it if it's going to be virtual and practice or go to a hiring village and say, "Hey, actually, I would love to do a mock interview with someone." If you have a hiring manager here who could do that, maybe they look at your resume first and like can do a couple of questions. The more you prepare for the interview, you will also be a little less nervous.

We're all nervous at the interview, right? Every single person is nervous at the at the interview. I will also tell you like a lot of times the person making the hiring decision is nervous at the interview as well, right? So, everybody's nervous in that interaction. But the more you've prepared, you will hopefully be able to get a little less nervous or at least maybe it will show a little bit less because you do need to project some confidence in the interview. I can't stress that enough. You do need to project some confidence in the interview. We understand you're nervous. I interviewed someone once who I think she said, "I'm sorry I'm so nervous." Seven or eight times in the

interview. That person did not get an offer. Right? I like I have to see that you have some confidence in the skills that you're bringing to the table for me to want to bring you onto the team. Right? So, you're allowed to be nervous. Maybe you can tell me you're nervous once, but like I need you to also like have practiced enough and prepared for this that you can present the best foot forward because that's what the hiring managers are looking for. The hiring managers are looking for somebody that I think you probably have the skills to do the job and I want to work with you. That's what they're looking for. Do you have the skills to do this job and are

you going to be a good fit on my team? It's those two things, right? So, they want somebody who's throughout the interview where it's a technical interview or multi-stage like, you know, interview could be a panel interview. Have they answered enough technical questions that I think they can do the job? and do I feel like I would want to lead this person on this team? That's that's uh that's what you need to prepare for and understand. I am the biggest proponent of preparing your stories. Your first story is that elevator pitch. Hey Jen, thanks for coming in today. Why don't you tell me a little bit about yourself? That should be a threeinutish very tailored version of your story for

this role. Right? So the other thing is like your resume is a compilation of information about you that is a sales pitch and your interview is a compilation of information that is a sales pitch for that role at that company. You cannot lie. That is not what I mean. Right? But if I'm selling a car, I'm going to tell you all the great things about the car. I might not tell you the one or two bad things, right? If you ask me like, "Was I ever wreck?" Yeah, there was a minor fender better, but I got it fixed. But I probably don't lead with that, right? It's been a super reliable car. Never had any major

mechanical issues. You are selling yourself on the resume and you're selling yourself in the interview. And and a lot of people have trouble with this, which is why I want you to practice. I hear all the time, I'm bad about talking about myself, right? That's a common refrain, right? it's uncomfortable for me to talk about myself or it's uncomfortable for me to try to present myself in a good light. Well, that's why I want you to practice. So, not only do you practice that that initial sales pitch about why you're super excited to be here today and I'm really passionate about cloud security engineering. I could be really passionate about a lot of things for a lot of roles I'm talking

about, right? I really appreciate the opportunity to be here today. I'm super excited about the role at this company and about this type of a job. and then two to three four minutes max. And I would time yourself because if you don't know you're giving an eight minute spiel, I don't want an eight minute spiel about your whole life story about when you graduated high school. But whatever your story is, whatever your compelling story is, I want you to practice it. I don't want you to memorize your stories either. I don't want you to verbatim memorize the story because if you forget a word, then you'll be stuck. But if you practice the story enough, you'll know what it is the

highlights are I want to hit. Right. Hey, thanks for letting me come in today. I'm super excited about this engineering role that you've offered me. As you can tell, I did 10 years in the army and technical intelligence and what I got out. I pivoted into cyber security. I've always been the computer guy in the family since when I was building a computer when I was like 10 years old. So, I've like always had that passion for computers. So, it kind of naturally transitioned when I got out of the army to kind of go into cyber security. And you can see on the resume that my first job was at a technical instructor to get my foot in the door.

That's prepared. I've given the answer multiple times and I've prepared the answer. And I can also tailor it a little bit. Maybe if it's in the DoD or the intelligence community, I emphasize those parts of my past more than if it's a private company. Maybe I real briefly, maybe I don't really cover that. Maybe it's just real brief. You know, I did 10 years in the army, then I got out and focused in cyber security. I can tailor the intro because it is a sales pitch. I'm super passionate about technical instructing, right? I'm super passionate about putting food on the table. Hiring managers want someone that's energetic and excited about the job as well. So,

can you do the job technically? Do they do they want to work with you? And are you actually showing energy about the interview process? So, like on a scale of zero energy to 10 energy, somewhere around a seven. You want to hit somewhere around a seven energy level. I don't want to worry if you've had cocaine, but I also don't want to worry that you don't want to be here and like someone has a gun to your head. Like somewhere in that five to seven range of energy level is what you want. And that could come and go a little bit depending on the question. But as a candidate, you need to seem enthusiastic about this

process in the role. And I know that's really hard if this is the 50th interview you've done because this job market sucks. But you have to you have to understand if you're not bringing that energy, it will really show on the other side of the screen or in the room. So the other so there's two types of stories you can kind of practice depending on the types of role you're getting ready for. There's going to be technical stories, right? So, the technical things related to that to the technical aspects of the job, right? So, tell me about a time you had an interesting consulting engagement and the client was pretty unhappy with the report you delivered. Okay? Right? So,

if I'm if I'm interviewing or focused on that type of role, I can probably think about any number of times that happened and how we dealt with that. Right? But there's also like all the non-technical questions you're going to get on the interview. Tell me about your greatest strength. Tell me about your greatest weakness. You know what the key to the greatest weakness question is? You also have the mitigation for it. Right? So that's how you answer the question successfully. I don't care what the weakness is. Right? So one of my go-tos is I don't have the world's greatest memory. So like I write everything down. And if it's a if it's a Zoom interview or something, I have my

notebook. I'm old. I write stuff down. And I can literally like show them the notebook where I write everything down. So I take really really good notes about every meeting I'm in or every interaction I have with a client. Right? So that's my weakness and I just told them that I've mitigated it. Right? I've worked with another person on interview prep where we decided through consultation that the answer was going to be I'm just interested in everything. Sometimes it's hard for me to focus. And so we kind of came up with a way he mitigates that in a work setting. Right? So this is what I mean about preparing the story. So, and you can

like you can kind of use AI here a little bit. You can be like, "Hey, here's the job. Here's the link to the job. What do you think are the 10 or 12 technical questions I'm likely to get? What are the like top eight non-technical questions you think are going to happen in here?" And like, it does a pretty good job. Chat GPT, I've used Chat GPT for that specifically to try to help some people who wanted to do interview prep, right? Because I mean, there's so many different specializations. I couldn't tell you like what are the top eight technical jobs reverse engineer is going to face. But like AI can help you with that a

little bit especially if the if you have the job link or the job description. So practicing your stories is going to like you're going to come across like a rock star if you practice most of the stories you're going to answer and you will feel more confident because you already know what you want to say. I already know what I'm gonna say when I get to the greatest of strength question or when like I've had a disagreement with my boss and how did I resolve that, right? Or I had to like if you're a manager, you had to deliver some bad news to your team, right? You can anticipate likely questions for the role you're applying to and have your stories

prepared that you want to cover and you are going to have to like go over your greatest hits. Like you are gonna have to like maybe in consultation with friends or family like if you have trouble talking about yourself like what are the things I want to highlight in a positive way as I'm preparing my stories of stories of my success right we all have stories of success everybody in here has them but you also don't want to be struggling to think about it in that moment in the interview right and again everything is sales Everything is sales. Your interview, the resume, your interactions here while you're networking professionally, everything is sales/social engineering. Everything is those two

things, right? So also you need to like like if you approach the interview from the mindset of I am trying to present the best version of myself in this situation, right? In this panel interview, right? or in the Zoom interview or the first call with the recruiter, right? That's part that's part of the interview process. Like you need to like be like you need to have energy when the recruiter calls you to talk about this, right? They may be trying to figure out which of these 10 candidates are going to get an interview and they got to whittle it down to four because that hiring manager is busy. So, you also need to be enthusiastic. You probably

need to have your why. Why are you interested in this role is a super common question. Why are you interested in this role? I enjoy paying my bills is not the answer. That's not the answer, right? So, like what is the answer? Like I've been really I've been really passionate about trying to join a small startup firm to gain a lot of different types of experience than I've had in the past. I'm really excited to join a really long company that has better stability than small startups. I could be excited about a lot of things, right? But I also want you to be truthful. But again, if you're out of work, the economy is bad. Practice how

you're going to approach these things right there. The hiring manager right now and the companies, this is a hiring market. They can be very picky. There is a lot of talent that is available on the market unfortunately. So you want to present your best set of you. I probably need more caffeine. Thank you. You want to present yourself in the best light. >> The request was for me to have a monster, but I I I was informed by our lawyer that I don't actually have to do that. So, you can have it instead. >> Lawyers. I'm really excited about this position where I don't have to interact with lawyers. Everything is sales. A lot of people like I heard this once

and I was like that's weird. I do cyber security, right? Like I'm not in sales. We're all in sales all the time. Me meeting random people here running into it. The community is really small, right? How you interact with somebody, how you treated somebody, how you treated a volunteer, how you how you talked to the to the inner to the uh recruiter the first time you ever talked to them, that gets passed along or or you don't get passed along. So the other thing here is you're presenting the best version of yourself. you're preparing how you want to present yourself and it's through practice. And so like if you don't want to practice the interview, public speaking in and of

itself is another good way to just get more comfortable with speaking. So like I was talking to somebody earlier about Toastmasters, right? Toast masters is a good opportunity to at least overcome because an interview is public speaking basically, right? An interview is public speaking, right? And I know that there's a lot of anxiety with that. But also remember, you're selling the best version of yourself. They don't know your terrible secrets, right? And I don't need to talk about terrible secrets, right? I'm presenting the best version of myself of why I'm a qualified candidate for this role in the best possible light. Understanding the technical aspects is critical for that job. I know some people who've pretty much

done this generally the same job in cyber security for years. Right. Right. But I also know people who pivot specializations because there's like 125 different things you can do. We're making up all the time. And what is an AI prompt engineer anyway? Um so like there's a ton of AI roles out there. Well, if you're trying to get into that space, you're probably going to have to figure out how I answer some questions. I'm like, "What courses have I studied to get familiar with LLM's or whatever else they're going to probably ask you about this position?" Right? You're allowed to prepare for the interview, right? And you can be honest in the interview. I'm really interested

in getting into the AI security side because I see it's a growing field. As you can tell, in the past, I've had a role as a blank blank blank. In order to prepare for this role, I have done X, Y, and Z. Right? And that's either a compelling case for the hiring manager or it's not. There aren't 5,000 AI experts on the planet, but Google specifically has like 400 open roles for them, and a lot of companies do, but people are pivoting into that field. So, you just have to figure out what your compelling story is of why you're also qualified to pivot into this brand new field. And when that bubble burst, whatever the next thing

is. Right now, I'm a blockchain crypto expert. that really never panned out for anybody. Um, I mean, I guess for the threat actors, it's been fine. Um, the other big thing in terms of preparing is when you get to the end of your interview, ask two good questions. Two good questions. What's the pay range? No, that's not not the right time to ask that question, right? That question's asked of the recruiter ahead of time, right? And you should already know whether the range is going to be worth your time and maybe their time, right? A lot of times people will be like, "What's the culture here?" Right? And the hiring managers be like, "Great. Our culture is amazing." And

that's not that's actually not the world's best question. It's better than no question, right? So some good questions could be, right? Especially with some of the job descriptions I've seen, what are my primary duties going to be on a day-to-day or a week-to-eek basis for this role? And you could even say, when I look at the job, I see the job title, the job description is really kind of vague. Could you talk to me more about what my primary responsibilities are going to be in this role? And if they don't give you a good answer, you're you're still allowed to take the job, but at least you know it probably isn't well defined. How do you go about performance

evaluation and promotions at your organization? That's a good one. You know why I like that? Because it shows the interviewer like you have ambition, career ambition, right? And like they might be like it's just based on vibes, right? Not the world's best answer, but at least you know that going into it, right? You should should be something like, well, we have quarterly quarterly performance goals and then we meet with our one-on-one and we have this big workflow somewhere. That's the standard. That's the standard of how like most companies that are doing it that have some thought process thought out for performance evaluations and um promotions, right? So, that's a pretty good question to ask. What questions you ask is obviously

up to you, but like two or three good questions can really set you apart in an interview. This is sometimes the deciding factor. If there's no difference, if both candidates good, both candidates interviewed well, they're both qualified, they both are going to accept a pay range for the role that I want to hire them into, maybe it comes down to who seemed like they were more interested because they asked questions. As the majority of candidates don't ask any interview questions at all. So, this is again another place for you to differentiate yourself from the other candidates you're up against. You're interviewing them, too. Now, your situation is unique. You you may you may need a job. So, you may take

the job you get offered. That's fine. That's fine in this market. Hopefully, the market turns around in like 18 months if like you take a job and it's not the world's greatest job. But, like this is your ability to interview them too. Is the person making the hiring decision your boss? That's a pretty good question, right? Do are like you can ask them like, "Hey Tom, I was just curious um are you the decision maker and will I be reporting to you or will I be reporting to someone else?" Because sometimes the person you're reporting to isn't the person that gets to hire you, which is a little weird, but some companies are like that and you

might want to know that going into that role, right? You might want to know that you haven't actually talked to your boss yet, right? And it may be multiple panels. And maybe you're not sure who you report to, right? Because all the tech companies are like 73 rounds. Thanks. It's very efficient. Um, so like which one of these people I talk to is the decision maker and like who do I actually report to in this organization, right? That would be those that could be a really good question as well.

It's not real good out there from the candidate perspective right now. You're competing you're competing against every other person that's trying to get a role right now. It is really common right now. The role is open for 24 hours. They have hundreds of applicants and like 30 to 50 applicants that are like qualified for the role. It just happened to a buddy of mine. They roll open 24 hours, 300 candidates, 30 fully qualified. So from that, they're going to use some system to try to figure out which six people they're going to actually interview from the 30 qualified people. So, if you can get to that threshold where you're getting the call backs and you're

getting into the interviews, then you want to make sure you're practicing and acing the interview because this is tough. The companies have the pick of people right now because there's so much talent on the market and also depending on your situation, you may just have to take a job. It may not be your dream job. It may not be a job that you are truly passionate about, right? That is the reality of the market today as well. So, and I think you can explain that like in 18 months maybe things start to improve for the job market in cyber security and in tech and maybe you're able to pivot again, right? And in 18 months recruiters going to be

like, "Oh, I saw you've only been in this role for like 16 months or 18 months. Could you tell me more about it?" Well, it just wasn't a great fit and the market's starting to turn around. So, I wanted to see whether there might be uh a place where like I feel like I can contribute better to the overall company's values and missions. Right? But practice that story too, right? Practice that story of why you're now applying for another job as well, right? Well, the job market was [ __ ] and I was unemployed for three months, so I took this job, but my boss is an [ __ ] so I'm really trying to get out

of here. That could be the truth. That's not what I would say, right? But if you practice it, it'll be a lot more natural when you have those interactions with recruiters, when you start to get that phone call back, right?

I can't emphasize enough how important it is to prepare for the interview. I can tell who's either interviewed a lot or who has prepared. I can normally tell within the first 30 seconds of how nervous that candidate is and how much trouble they have answering the the first question whether they've prepared or not. And for me, it's a big differentiator as a hiring manager. So, the resume is important. The resume is important, right? The resume gets you the call back from the recruiter, right? And we're do they're doing a lot of résumé reviewing in here today. I do that. I'm going to stick around for a while and do ré reviews as well. Please don't pay for a resume review.

Please don't pay for a resume review. There are so many career vill >> Yeah. Sorry if you're charging people for that on the internet, but like maybe go stream some Twitch. Um, please don't pay for an interview. The only time I've ever heard that it's even remotely is like maybe at like an executive level or like you're trying to break into like the board of directors, but like if that's not you, don't pay don't pay for ré review. There's a lot of free resources for ré help. um at career villages like this and at all your local besides wherever you're from, they almost all have career villages. Um questions, come up to the microphone if you've got

questions. Any any questions? I got one. Um, what would do you have any advice if they throw you like a curveball question in the interview that you weren't prepared for? Like how do you handle that? >> Do you do you have a specific example or no? >> Um, well, they'll ask well I' I've been asked like, "Give me your last five bosses and how would they have rated your performance?" And then they asked like follow-ups like, "Well, what you said isn't good enough. What what weaknesses or strengths?" And I was like, it was such a long question that I wasn't like prepared. I don't know if like there's something you can do if they hit you

with something. >> Yeah. I mean, so it depends. It depends on your position. I've had some curveball questions before. Um, I was employed, so I was approaching that from a position of strength. It's like I was interviewing for a senior threat intel position. And they started asking me port questions. I was like, did not I did not know this was a network plus exam. Like I I have a cheat sheet on my monitor and we have the internet like HTTP 80 HTTPS 443 SFTP I don't [ __ ] know. 23ish somewhere. Like I was like I literally asked them do you ask your senior threat intel people port questions? Yeah, >> they stopped asking because that's [ __ ] stupid.

Now, not everybody can do that. If I was unemployed, I probably would have approached it a little differently. But I wasn't and that was stupid and that was a company that I probably won't work for again. Um, so it depends how much strength you want with that sort of a thing. Like if they ask you about like all of that, you'd be like, you know, my last boss rated me pretty good. And you could be like, I don't I don't understand this line of questioning. I mean, you again, if you're out of work, you might not be able to do that. But like, if you have a job and like you don't desperately need the job, you

could turn this back a little bit and take some of the power back a little bit because like what does that have to do with your ability to what what exactly does this have to do with my ability to do the job here? Right? And like then they won't be able to answer that. So then hopefully they move on to the next question. Yes, sir. >> Stoner, thank you for taking the time to do this. I appreciate that. So, I've recently got dozed. And what do I do to compete? What keywords do I need to put? Like, do you have like a dictionary keywords to fight off the AI bots that go through your resumes?

>> What? So, it depends. I'm sorry to hear that. Um, >> tailoring your resume can be pretty helpful. Tailoring the resume can be helpful, >> right? So like I've seen when I was a government hiring manager because the way the government works everybody in tech is a is a 2210. Everyone IT support threat intel analyst cloud CIS admin everyone's a 2210. I'm pretty sure people didn't read the job ad because we would get the resume for these roles and the word threat or intelligence did not exist anywhere on the resume. Right? They're just blindly applying, right? That is happening now in the civilian market as well. I have created one resume which has all of my

information because I need a job. The hiring manager is not hiring you because we're giving out jobs. This is the give out job line. This is the I am hiring for a cloud security engineer who understands AWS and GCP. And if that's not on your resume, you're not making it through the cut. either the automated ATS system or the recruiter if if they look at the resume, right? I bring 15 years of experience in multidisciplinary fields within cyber security looking for a job as a AWS in GCP security engineer. Well, [ __ ] man. That's what we're hiring for. How convenient. That's tailoring the resume. And also the skill tree blocks don't list every skill in cyber security

in there, even if you have 50 different skills you bring to the table, because it looks like a one-sizefits-all resume. Tailor it for the job. The smaller the company generally, the more hats you'll wear. you will probably do a lot more things the smaller the company is because there's one person doing it all, right? Or two. But when you get to like a bigger company, they are generally hiring this one person to do this one thing on this one team, right? And that's what they're hiring for. They're not hiring a jack of all trades. So, if you have a version of your resume that is a more jack-of-tall trades resume, that could be effective at smaller

companies, especially like startups. And I use like startup like loosely like whatever stage they're at because they're probably handling all sorts of different things all the time whether they're a tech company or not. Whereas like if you apply to Lockheed Martin they want like I need one FTE cloud security engineer with 12.5 years of experience who can three days a week go to this location and if you don't meet that requirement you're not getting the interview. You can also put on your resume like I am open to full-time remote work full-time on-site work or hybrid work andor shift work. put that right on the top of the resume as part of your professional summary, right?

Because that could be the difference whether you get selected or not. What other questions? >> I got a quick kind of caveat to your presentation. You know, I really like what you're talking about and you can tell me I'm full of crap afterwards, but as something that I do hire a lot of people and one of the things that I personally look for is portfolio, especially people that are trying to pivot into the industry or they're they have zero experience. One of the things I personally hold a lot of value in is the resources that they have. whether it's a home lab. Um >> we Yeah, you're not coming through the audio at all. >> Not how about now. All right, sounds a

lot better. >> So, you know, what resources they use at, you know, that they have available to them, whether it's hack the box, building up SDRs, and writing up blogs or doing YouTube videos and demonstrate their portfolio and doc, you know, having professional level documentation of what they're working on at home, even if they have no work experience, they've been able to demonstrate that, hey, >> yeah, >> I can I can either I'm taking this task serious. I have responsibility and I have a lot of passion for um this community and what I'm trying to apply for. So that's one of the things I personally hold value a lot because we all know the people that apply are a lot

of them are introverts. They don't have good interview skills. They you know I'm nervous to even just ask this question. We're not great public speakers and so that's one of the reasons for personally for me I hold the portfolio of what they're doing on their off time and how they're pro um personally developing themselves within the career. >> Yeah. No, that's great. So, some jobs are going to probably have more ability to have some sort of an online portfolio than others. Um, and I don't care whether you're really new in the industry or experience. Like, yeah, if you like have stuff on GitHub or you, you know, attending conferences or participating in CTS or I like to have a

section like separate from education, which is like cyber security community involvement, right? If that's something I want to weave into my resume, right? because it doesn't fit anywhere else. And that can be a differentiator for entry more junior people as well, right? Cuz like we've got a bunch of people graduating with four year degrees in cyber security that like can't explain to me how DNS works, right? So like I'm going to need to hire one of them into the role. But the more things that are on there that are trying to show me passion, show me interest is helpful to differentiate all of the junior people that are all hiring to try to get their

foot in the door. Right? I am definitely going to hire somebody that was like, I attend my local Bides conference or I did the CTF or or whatever it might be. So, that's a great point. I think it probably holds to some extent less weight later in your career depending on the role. But yeah, I mean like I have my public speaking engagements on there, right? Is in Thread Intel. We gotta go. We gotta go brief people. Core part of the job. Hopefully that helps. Yeah, great point. Hello. >> Hi. Is this audible? Oh, yeah. Excellent. Okay. So, um my question is it's sort of a two-parter, I suppose. Um so, back in the day day whenever we were

all still printing out our paper resume and there was no LinkedIn, right? uh traditional um interviewing tactics, traditional hiring stuff says you do a follow-up, you're going to follow up afterwards. So my question at the two parts would be a is that still like in particularly in today's market with like you said earlier, you know, you might have 30 qualified candidates in your pool, right? And so that's you with 30 other or 29 other people, you know, that are just on the same level with you, maybe better, you know, depending on your where you're at. Um, so like in that in the kind of environment we're in, is the follow-up still effective? And in that in the second part being in

the scenario that you discussed earlier where the person who's interviewing you is not the person who will be your boss. In that scenario, if the follow-up is effective, would you follow up with the interviewer or would you look up the organizational email of the person who will be your boss and say, "Hey, I interviewed for your company today. I just wanted to say, I found out that you would be my supervisor and I was wondering, you know, or and I just wanted to say like it's going to be I really look forward to working with you." And then, you know, fluff their ego a little. So the first part of your question, yes, interviews are still

important because you know who else you should be networking with? Technical recruiters like Kirstston. You should know which recruiters are good because just like in every other job field, they're not all good. So which ones are good? So, not only should you like at some point have a network of like professionals you can call upon, but like if I have a friend that gets like laid off or like I still need another job, I know which recruiters that I would like personally just direct contact and be like, "Hey, my my buddy just got laid off. They need a job. Do you know anybody? You know, anybody can talk to." And part and that's why like

the follow-up to the recruiter I think is also really important because you're trying to build that network even if you're not going to hear back like you're doing you're putting your best foot forward because you don't know their situation. Maybe they're slammed with and you know maybe they're not going to be able to get back to you until like 3 weeks but maybe they'll remember your name that like I remember this person tried to follow up with me but like we were just in crazy hire mode. I could never follow up. I wouldn't reach out if you figure out who your boss is though. I wouldn't do that part. Uh, one, I just think for like

legal like hiring reasons, they probably can't respond to you in most companies. They probably aren't allowed to contact you outside because like once you're in the hiring chain, there's very specific rules most companies have to follow. So, there's no like bias and things in the hiring process. So, I would say if you're f the follow-up is to the recruiter. Um, and and like if if you didn't hire with your boss, I wouldn't necessarily reach out to them unless you know them, which is different. And then like you hit them up on Signal. Please use Signal. >> Hey John, thanks for the talk. Yeah. >> Hey. Um, I was I've worked on both sides of the fence. Um, and I was wondering I

was interested to get your perspective. Can you talk a little bit more about how you might change your interview styles or like how you prep for an interview whether you're going for like open commercial companies versus like a clear defense contractor or something like that? >> Yeah. So, I've worked on both sides. I've worked with within the secure community and I'm doing less I'm continuing to do less and less and hopefully less and less work um with that side as my career progresses now. Um so, some of it is like which stories do I want to tell? So, like I work with a lot of veterans as well, right? So, like if you're like a brand new veteran,

maybe like tell me tell me about a time you overcame a challenge. Have you ever heard of Afghanistan, right? But it's going to depend, right? Like that that that story might work super well like Loheed Martin or Boeing, right? So maybe I kind of want to lean into that, right? Like oh, this this cyber security position is supporting the F-35 fighter. There's probably a whole bunch of veterans in this program, right? So I could kind of like lean into that. Whereas like if if it's like Bank of America, probably not the story I'm gonna pick for the time I overcame a difficult position, right? So So that's like how I start to kind of differentiate that a

little bit. And I tailor my prep for the job, including like what vertical it's going to be in, right? So like this is a big thing I have to talk to veterans about. And sometimes like a branch like somebody who's just getting out, they mostly have stories about being in the army or you know whatever branch they were in. So we try to work on that a little bit or like maybe dial down the war aspect of the story and concentrate on like some other aspect of the story. Like maybe don't mention this occurred in Iraq, right? Like you can just talk about the story without saying like well in Iraq just be like well all the

servers went down and like you just you don't have to like Right. So like little tweaks like that can really matter, right? Like and also the one person who like would not take sniper training school off of their resume like yes I understand it is a difficult school to graduate from when you apply at the children's hospital. What question do you think that they have? So again, tailor the resume. If he's applying for a cyber security position in like Quantico with the Marine Corps, then yeah, leave that [ __ ] on the resume because they're going to be like, "How many confirmed kills do you have?" I doubt the Children's Hospital hiring manager is going to ask that question.

So tailor the resume and tailor the interview tactic to match what we're talking about. Obviously, that's a pretty extreme example, but like you get the idea. Yes. Uh do you think that the look and the design and the feel of a resume is still important these days given applicant tracking systems extract that information and genericize it for >> No. So if you are attending an event where you are still handing a resume, you can have one that looks nice. If you're not handing out a physical copy of your resume, it needs to have I would say no columns, columns, no tables. Like if you have to have columns, fine. Don't do the whole like one column on the

piece of paper because then you're just wasting space. But like right, yeah, this is getting parsed by the ATS. So like it needs to pretty much be a DOCX. Sorry, Office Libre people. Um it pretty much needs to be a DOCX or a text file so that it can be parsed or a PDF. Um and that is a big thing like you don't want weird formatting. Um the the look of the resume can still matter though. Like again a lot of thread intel positions. These are different fonts. These are different size of fonts. Like I am literally going to require you to publish threat intelligence and your resume has two different fonts and like different font sizes and that's a no for

me. Like you're not making the cut. And again that attention to detail is really important too. I've seen I have looked at people's resumes who didn't have their contact information on it which how are they contacting you right so also how people look at your resume like I would have like one non-technical person look at it and usually it's like my mom I was like mom don't worry about like what I'm saying but like did I spell stuff wrong and she'll be like what about this word I'll be like no that's how we spell it but like and then have like someone in the organization like in the industry like look at the resume too, right? And if you're making

multiple versions, like quality control, the multiple versions um as well. Hopefully that helps. Yes. >> Hi. How would you suggest like adding to your resume like extracurricular activities that you're like proud of or accomplishments >> like like what >> like let's say like if you do like a cycling trip across the country would that be something good to include as like um something that like shows that you have grit or like so at the end of the day you have to make the decision on this. >> Yeah. I'm not a big proponent of including hobbies unless you have a story that's good in case you get asked about it, right? So like it sounds like

you have a good story for that though, right? Like well this is a really like difficult thing I do and it takes a lot of endurance or like whatever. Like if you can like tie that in then it makes sense to be on there. The other problem with including your hobbies is that it can be something that somebody just Well, man, this guy sure spends a lot of time out of the office. You know what I'm saying? You don't want to autodisqualify yourself, right? So, anything like that could be interpreted as like political, religious, helping the homeless. I mean, unless that's like related to the job or the industry in some way, I am not a big fan

of including this on your resume. Okay? >> Because I think it just distracts. >> Now, I did interview someone once because they played in the CFL. We did not hire them. They were not good. They did not do a good interview. But he so like that one time I hired I interviewed one person because he played in the CFL. That's the only time I can think of that I ever made any decision around hiring related to someone's like hobbies or extracurriculars that weren't related to cyber security. >> Okay. >> Yeah. Yeah. What are your thoughts on gaps on your resume? Work gaps. Is that still relevant in this day and age? and also previous career experience prior to

cyber security. >> Well, both within and prior. >> Okay, >> I'll give you details. Right now, I took about a seven-month break trying to get back to work. Uh relocated. There were a number of reasons for it, but prior to that, I've been on the journey to get into cyber security over about the past four or five years. Before that, sales and marketing background, and I don't put that on my current resumes. So, we're looking at about a four or five year trajectory on my current resume. Does that make sense? >> Yeah. I mean, I I probably need to give you a more individual answer, but so I'm going to take it as a two-part question

is one, if there's gaps on the resume, let me deal with that first. Is you just need to sort of like if that comes up in the interview process, what like what's the story around this? Right? Because like the recruiter or the hiring manager be like, "Oh, I see you have a gap between these two different jobs. What was going on?" I mean, the answer was like, oh, well, unfortunately, I was laid off or, you know, the company downsized and then that was that was the soonest I could get back into the job market, right? I would just be prepared with whatever the answer is, right? Um, and I would do that for like any gap on

the resume. Also, your resume is not like your entire bibliography, okay? So, like most people care about like what's happened in the last seven years. If it's more than seven years ago, like it probably is irrelevant for the most part anyway. So, this is especially a problem like in the government sector. Like, please don't send me a 12-page resume. Um, I don't care. I don't care what you did 12 years ago. It's not relevant to the like five the last five years especially, right? So, your resume really should be focusing on the last like five to seven years of experience. That's where most of your bullet points should be coming from and that's what most of the resume

should be focused on. I would just say own any potential gaps for whatever reason whether it was child care related, elderly parents, laid off, tried to start a small business, it didn't work out, whatever it is, just be prepared to answer the question, right? Um, the other one is like career changer is different. There can be different strategies for career changers. I will sometimes have someone make an entirely new one-page resume as if they were brand new to the field, as if they had not worked previously. I've worked with three people who were mechanics um coming from various services but I mean like throw throwback to Jack Daniel who was a mechanic right so like right and

then we have the stories around like problem solving root cause analysis but like we're not listing any of their previous jobs like I I have a professional summary what they're doing to get into cyber and that's what the whole onepage resume is focused on and sometimes it's hard for people who are like more mid-career changing because they're like but all that stuff I did. I was like, "Oh, that stuff you did is not related to cyber security." Right? Now, if it's like management and you have management experience, right? This is an individual thing, right? Well, maybe we do include some stuff on there if it's like a program management type of a role and now you're going to become like a

technical program manager. But like I work with a lot of people who are like, "Yeah, but I work part-time at Starbucks." And I was like, "We're not putting that on the resume." Like I'm just not Don't put it on the resume. It's not relevant. same like in a lot of cases like if you're in college and working part-time jobs, you don't have to necessarily list them. I don't think they're adding any value, right? Like again, this is up to you. Do you have a compelling story around that? Maybe, but like I'm not a big fan of listing things that aren't related to the job I'm applying for. And we can cut out old stuff or we could just list like, you

know, job year, job year, job year at the bottom of the resume. That's how I do it from my old experience is just job title place year. Job title place year. So at least I'm proving that like I'm old. Go ahead. Yeah. Quick question. As far as the sites that are have that are hosting the jobs, the LinkedIn, the Indeeds, the you know the Googles, I mean where do you where are you finding out that a lot of you know because some of these jobs will go 75 jobs you know on one one area you're looking at. I mean, am I going to go through all 75 trying to find it? Or by time I spend

hours sometimes looking at the different job opportunities and you know where the where do you see the companies are trying to really post and then those are in the front against those down in the you know on the page 15 on the on the search engines you know where are you seeing you know cuz do we go that far down or do we worry about the beginning ones or they keep coming out new. Uh, I'm a big fan of the way LinkedIn is working right now and many many many recruiters use LinkedIn as one of the primary places they find people. So, LinkedIn is good. And then I'm a big fan of going to the if it is a big company,

go to the company's site where they have, you know, Meta, Facebook, Loheed Martin, Boeing, whatever to their job page, their job page. That's the latest info because Indeed is just pulling that from an API or whatever, right? And then some stuff on there is wrong or old, right? Or like it's closed already. So you go through the whole job application, it was like actually this closed two hours ago. So like I'm a big proponent of going to the company itself and going to their career page, right? So I think indeed like it used to be good and it doesn't seem like it's as good anymore. I don't know what happened. Maybe they integrated AI. Um

but like LinkedIn and being active on LinkedIn. So this is another thing. I think there was already a talk about this somewhere here this week. So like your LinkedIn activity helps you show up higher in search results, right? So if you're like, I log into LinkedIn once a week and I'm actively searching for a job. That's not enough LinkedInness, which is a word. Um, you have to like be active on the platform. Repost stuff. I found this article to be very informative. Like what like just reposting things is making you active on the platform. to like when the recruiter pulls you, you're going to be higher up that list of candidates that they're looking for in their search results.

Hopefully that helps. >> You mentioned not in including your entire work history and your resume, which which I I think makes sense, but then how do you handle it when you go to that company's job site and the application has all the forms for list all the jobs you've ever had and when you've ever had them and what you did? like do you just not include those as a part of that application to match the resume or do you fill them out in the application and leave them off the resume? Like how do you handle those situations? >> Um it really it it depends. Unfortunately, this is one of those it depends questions. So yes, me

personally, I have reduced what I have on my resume. I'm listing them by, you know, job title, company, date, so they're still on my resume and then I would list them. But there's a job I had for like eight weeks and it ain't listed on my resume. The only reason it has to come up is when to do the background check. So I do add it into my thing. Well, that was some [ __ ] I went through. So I don't list that on my resume. I don't talk about it at all. Right? Because it was in fact rotating night shift work at Dissa and I was told it was not that. So then I left. So I

don't include that on my resume. But like when I have to fill this out for the because part of this might be like the background check as well because they can verify employment. But it kind of depends like at what like maybe you only go back 15 years. I mean the background checks not going back 25 years most of the time. So I I think it depends on like how many years of experience you might have but like you might be able to cut it off after like 15 years because it may not really add any value even in their like internal application and workday that you're filling out. >> All right. Thank you. Yeah,

I'll keep taking questions until they kick me off stage or like in 10 minutes. Okay, another two-parter, but I'll try and keep it brief because the two parts are separate. Okay, so first question I guess would be um cover letter whenever people when you're applying somewhere and they want a cover letter, right? um in today's hiring world where uh machines are parsing your uh hiring process, right? Um do I need to be including the cover letter in the same file with my resume as a separate file or does the body of the email count? >> Right? Let me let me take this. Only do a cover letter if it's necessary because even a lot of times when it's necessary,

it's not holding a lot of weight. So, I'm not a big fan of optional cover letters. Part of that is because my preferred resumeé format is contact information, professional summary, and that professional summary is pretty much what I would put into a cover letter. So, if it does require a cover letter, I'm pretty much just copying the professional summary and maybe adding like another line or two on the cover letter. That would be my that would be my first answer for the first part of the question. As far as whether it's the same file or not, I would ask, >> do I put it together? >> What's that? if it's required, do we put it together or separate is my is the

meat of it. >> I mean, if you're working with a recruiter at that point, I would ask the recruiter. >> Okay. >> Um, by default, I would probably submit like cover letter, date, resume, date. >> Like, if I if I wasn't sure, I would probably keep them separate. >> I don't know that that matters a ton, though. >> Okay. And uh for the second question, you know how there's that uh adage that because you were talking about keeping your resume brief. Um there's that adage that a lot of employers if they see résumés over a certain over one page because I know you were you were kind of talking up the pros and cons of the

onepage resume, right? And like when it's appropriate when it isn't like as a subtext, right? So, uh, is that thing still true where there are the predominance of employers are like, "Oh, I'm literally not going to read past the first page because there's so much pool." Or is that problem taken over and obiated by this machine parsing? >> It's complicated. So, you want to tell a compelling story in whatever length of resume you have, which is two pages or less, right? Two pages or less. I have a version that's three pages because I'm bad at following my own advice and sometimes in the government circles but like not four pages and not more than that. This is where people struggle

of being like, "Yeah, but it's everything I've ever done." Great. I don't care. Like I am like when I get a resume as a hiring manager, I am literally spending 30 seconds looking at it to determine whether or not that person gets an interview. 30 seconds. It's like yes or no. And then that one guy was in the CFL, we didn't hire him, right? That's it, right? And that's also why like the formatting is so like I Kirsten and I I stole her formatting. Like we're on the same page. contact information, professional summary, education, everything that's important has to be on page one because page two is not getting looked at. Generally, I have been in

plenty of interviews as the candidate where it is very clear to me the person interviewing me has never looked at my resume yet. And I will say things like, "As you can see on page two, when I was at the DoD cyber crime center," and you will see them turn the page because it's the first time they're looking at it, which is also why you want your stories to match the resume and like it's on on paper on page two when I did the thing. Hopefully that helps. One page, junior career changer. One page. I don't care how amazing you are. If you've just graduated college, you need to have a onepage resume. And if you've worked for 55 years in this

industry, you need to have a two-page resume, maybe three. But everything that's important is on page one. You mentioned the uh the LinkedIn. A lot of us have pulled back off LinkedIn, a lot of the social media and all that type of things just from cyber and security. And um what are you seeing now? If you're in the job market now, should we go back and really get heavy on LinkedIn and be more involved in putting everything we have on that or should we try to limit that? How do we protect what we're trying to do, especially with all the issues that are dealing with this, you know, with um not, you know, just from the hacking

side of the fence as far as, you know, you know, we we like our company, we got to keep the name of our company undisclosed. You know, they don't want us putting the company name on there. They got part of our social media policy. That's someone who needs a reality check. Um, you have to be active on LinkedIn, on professional social media, you have to be. It's 2025. You have to be active on this platform. That doesn't mean like posting pictures of your kids and like where your kids go to school, like you can still have some OPSAC, like if you're OBSAC concerned, but like if you send me a LinkedIn request and you're you're the name of your company is

undisclosed, that's a no connect for me. Same with like if you don't have a picture like I'm not connecting with people who don't have a picture on their LinkedIn either, right? I mean, so like I connect with most people, but like there's still like a little tiny bit of due diligence for me and I want to be connected with tons of people. Um I I especially hear this from the side of the house like from my veterans or people who worked behind the fence like there are people on LinkedIn who are like headline cyber threat intel analyst TSSCI clearance and you're like bro like the North Koreans are on the page. So like I'm not so like I'm not a big fan

of that but you still can be active without saying everything. Like if your company won't let you put the name of the company on there, I mean you got to abide by that I suppose. I think that's really bizarre. Um but like you should still be sharing articles and connecting with people and like it it if I have worked with people who are like I am not on LinkedIn and I was like you will not get a job. If you are not on LinkedIn I find it impossible to believe that you will be offered an actual job. So that's how important it is. Yes. >> Uh, would you ever still include expired certifications on your resume?

>> Is it a good one? >> Uh, either two twofold. Okay. Old compas, I can see those sliding and not listing those. But if it's like unique like a PCIP or something that's like unique, but you just you're not in that field. If you used to be like PMP, CISSP, GX, something maybe, but not like 17 expired. So, one or two if it's relevant, if they're asking for it, right? If they're like this position requires a CISSP, PMP, GIAK, EC council, C, blah blah blah blah because they don't know what they're doing. And like one of them you had that was expired. Yeah. Um, but I wouldn't list all of your expired certifications. Just like

if you're in a boot camp and you're trying to get some certifications, I'm not a big fan of listing any certifications you don't have. Even if you're like, you know, expected date for a certification. That's a lot different than like listing the college degree program you're enrolled in. Like if you're in a college degree program, you could be like, you know, I'm in, you know, bachelor cyber security blah blah blah expected, you know, March 2026. That's pretty normal for college degrees, but it's your resume. So, like if you if you're like, "No, no, I'm really I'm studying the CISSP. I'm going to take the exam in in September." Like, you could put it on there. But I have

definitely caught someone listing the certificate they didn't have, and that did not end well. So, don't do that. All right. I think this is my last question, then we're going to move to resume uh stuff. >> Okay. This should be a fun one for you. Okay. >> Biggest pet peeve as an interviewer. Biggest pet peeve as an interviewee? Man, this is a hard question. We like an easy last question. >> Dang. >> Okay. Um, I mean, I I find it very frustrating as a candidate when the when the person interview me has not looked at the resume before the interview starts or does not seem to be paying attention, right? Like, what the heck, man?

Is it It's almost always a man that does that. Um, just Not to stereotype, but like we've I spent all this time getting here and like you haven't even looked at my resume and like I'm not even sure you're listening to my answers. So like um as the hiring manager, I mean mostly I want I want people to be successful. So like when it's just the onepage non-tailored I'm not even sure if they want this job and that can carry over to the interview too. Like I understand people need a job. Like yes, clearly like everyone needs a job, but like I can't hire you if it's not clear that you're like you're not going to bolt after like

seven months when something better comes along because we're putting a ton of effort into this. Like I know junior people are not going to stay at this place for 15 years. Like but like can I can I get you to stay for two years? Like do you have any interest in the position at all? So maybe I'm not back filling all of my junior people constantly. That is a fear I have as the hiring manager, especially at the junior side. Because what's going to happen is you're like, I have zero experience right now. I've now been hired by a company and in 18 months I'll have 18 months of experience and then I'm back on the job market and you're getting

offered $35,000 more dollars or like 5,000$10,000 more dollars a year and you're like that's more money. See you. Well, at least maybe if I can have like a good work environment and make sure that you're valued, I can keep you for like two or three years before you decide to go and take that bump. But that's the reality. So like a seven on the energy scale and at least I think that you're really interested in this job at this position. >> I actually have an audience question. >> Audience question. >> Okay. So selfishly, well, all right. So I messed up with my supplies and I was late and whatever. So, my husband had to run all the way back. This was the talk

he wanted to see. Okay. And I know it was recorded, but can you rewind and repeat when someone came over and said something along the lines of um you're in the interview because this is you just covered like all the higher ground content like we don't need to come to our panel at four or a Rosemary view because this guy just championed it all. But actually, no, you should. Um, but I love the part where uh I think you had a specific experience where you were being interviewed and they were, you know, you're it's a senior position. You're like a a senior threat something something, right? And they're asking you stupid lowlevel Oh, I shouldn't have

said stupid. They're asking you a bunch of low-level stuff where you're like, "Uh, duh. I have it on my screen or whatever." Can you repeat that whole answer? >> Yeah, >> please. >> Okay. So, so this pertains to like when the interviewer is bad at their job. Um, which is not that infrequent. So I would so my story that I related earlier was like as a senior threat intel analyst they started asking me like the port questions like it's a network plus exam and like remember my weakness is I'm not good at memorizing stuff. same interview by the way where it's like that's why I write stuff down right so it's like yeah 443 secure HTTP right 80 HTTP 20 SFTP 20

something threeish I don't I don't know right I'm not looking at pcap every day and I basically was like I'm sorry I didn't prepare to memorize ports do you ask all the candidates for the senior thread intel role port questions and then we moved on to the next question cuz I stupid, man. That this is stupid. Now, I also knew the person I was interviewing. So, I was like double frustrated because I was like because I used to respect this person and now I'm like you're the program manager. Um, but this can another person had a question around this of like they wanted like tell us about the last five performance evaluations you had. And

it's like I mean my last boss and I got along pretty good. Before that it was Steve. No problems. Does this How does this pertain to this position? How does this allow you to judge whether I'm a good fit here? Now, you can only ask that if you're prepared to walk away, but that might be a sign. It it this is not red card. Like, sometimes you get some like yellow cards. Sorry, I'm a big soccer nerd. Sometimes you get some yellow cards and you need to take the job anyway because you need to take the job. But sometimes like there's like a straight up like red card tackle and you're like, "Oh no, I pulled out of an

internal interview once cuz the team was so [ __ ] up." I was like, "Are you kidding me right now? Cancel the interview two minutes before it starts. Change the interviewer three minutes before it starts." Bro, you know what? Good luck. Good luck. I'm I'm out. Two red cards. Like that's a threeame suspension. See you later. I think that's it though. We're going to move on to getting you some free resume help. Don't pay for resume help. Thank you so much.