Hacking the Hiring Process: Insider Tips for your InfoSec Job Search

hello good afternoon thank you for joining us for another Villages talk we have Zach strong from code red Partners representing uh career Village uh going to talk to us about hacking the hiring process so yes thank you very much let's give them a quick Round of Applause [Applause] hacking the hiring process it's a pretty aspirational title um but hopefully you guys can get some value out of what I've got to say I'm going to walk you through some tips tricks and just organizational things that I've seen as a career security recruiter walking through you know applying to jobs uh kind of that ideation process as well determining what you're looking for all the way up

to uh you know the first interview um so yeah let's uh let's dive into it um obviously the market uh you know is is tougher now than it was last year and when uh the market is a little bit more competitive uh you definitely have to take a strategic approach um to you know your job search you can't necessarily just um be spam applying you must be very targeted um and directed uh with your your applications and efforts when you're you're looking for a role um I like to think of it almost like a pie or a cake where um if one ingredient or one aspect of um you know the the process of you know

this job search or making a cake in this example um isn't necessarily up to par um then that can affect the the end result um pretty deeply so you really need to you know look at all aspects uh everything that goes into your networking your application process your resume your LinkedIn um and uh you know really you know go through each with kind of a fine tune comb and make sure that uh it's representing you to the best you you know you're abilities um so here is kind of my high level view of you know getting to an application or getting to an interview what questions do I need to ask myself what do I need

to answer um you know first what do you enjoy doing what do you you know like about your goal what do you want to do more of um how do you present yourself that can be your resume your LinkedIn your GitHub um anything that's out there online for people to find um you know people are going to look at it I know a lot of recruiters here that have dug through besides archives or black hat archives they've dug through githubs and um you know found some pretty interesting ways to source so uh I'm telling you right now if it's out there we're probably going to find it so you have to you know have some control over

you know your footprint online and then lastly who do you know that can help a lot of security right now is a very tight-knit Circle um the you know broader industry is small but it's growing rapidly getting that first step into security or even as you're making a move in leadership uh oftentimes you're going to know somebody um that is going to be that key kind of factor in getting a role referrals are huge in the industry um so really you know tapping into your network is is huge as well so diving into that a little bit deeper um first really understanding where are you at in your career what is the next step forward and what's my end goal

um some questions to ask yourself uh similar to reverse engineering work backwards um know what your end goal is if you want to be a CSO one day how do you get there um even if you're you know just getting into security you know have an end goal in mind and be directional on you know what you're looking for and what you want oftentimes I think we can get very broad especially you know as you're really trying to break into the industry um where you may not necessarily know explicitly what you want to do you just know you want to work in security um you know talk to people in the industry talk to peers talk to leaders

um get an idea of you know what you actually enjoy you know do you want to be Hands-On coding Great learn more about that represent that on your resume you know contribute actively on GitHub if you want to work more on the compliance or the business side of security as well you know Network and learn from leaders who have done it as well or peers and really you know understand what impact do I want to have uh what areas do I need to grow in what do I want to learn um and how do I progress towards my end goal um always think about that that pathway that road map throughout the the process of applying and interviewing

number two control your footprint I kind of touched on a little bit earlier um but if it's online I guarantee we're probably gonna we're gonna see it hiring manager is going to see it um so is it helping you or hindering you that's the biggest question it really breaks down to two things like I touched on your online presence but also your resume as well that's typically kind of the first touch point that people will see if you're applying um you know through a standard application process that resume is really kind of the Gateway into who you are in your career Um this can include cover letters as well uh I would say coverage letters are

kind of a thing of the past nowadays um so yeah your resume and your online presence sir are huge um in kind of this part of the process um here you really want to get your your LinkedIn updated look around at the industry look at peers who have been successful understand what makes their LinkedIn presence or their engagement online work a lot of times that's commenting on posts you know engaging with communities joining Discord groups or slack groups slack channels attending virtual events get your name associated with you know the the area of security you want to focus in whether that's detection engineering appsec infrasek you name it make sure that if I go on my on your

LinkedIn I can see posts I can see activity all focused and geared towards a domain that you want to progress towards join the conversation like I said and then be proactive in networking as well peers mentors are great just reaching out to leaders as well when you reach out to leaders and be cognizant of their time going in with empathy and expect to you know learn and follow up consistently and honestly reach out to Talent professionals whether it's you know people like us at code red or town professionals at the company that you're applying to our job is quite literally to help you get get a role in um you know sometimes it can you're trying to almost kind of fit a

square peg into a round hole if you're you know not necessarily um you know direct or directed in what you're looking for and so when you work with a talent professional we have access from RN as agency recruiters to multiple different roles different hiring managers we can make introductions even internally if you're working through an internal Talent partner they have access to different teams different uh hiring managers there so typically they they can help in some way so definitely don't forget to reach out to your your talent your resume is like I mentioned quite literally the the first thing that people typically see through the application process it's not going to be the thing that gets you a job but it

very well could you know reject you on so you really want to make sure that you're being strategic and what you put on your resume and that it's only giving you strengths adding two you know your skill set benefiting you and not hindering in any way some tips that I've seen throughout my time as a recruiter keep it short typically you know depending on the recruiter an average resume review can last anywhere between you know a couple seconds to minutes um I probably have yet to see anybody actually review a resume for 10 minutes that's pretty long um but yeah at Max you know two pages or so keep it short and sweet um and very

directional on you know what you want to focus on titles in summary um underneath your name my suggestion is to put the title that you're aspiring aspiring to achieve whether you know that's a security engineer security analyst breaking into the industry or a director of infosec who's looking to you know get that first CSO um gig as well put that under there that's what people see when I look on on a resume or a recruiter will look we subconsciously associate that with um your name and and you know who you are so having that title under the underneath even if it's not necessarily what you're doing now but it's kind of that next progression in your career

highlight that and let it be known also experience matters not only from what you've done um what you haven't done but also how you word it the order in which you order on your resume these are all you know things that can make an impact um whether you you realize it or not to dive a little deeper on the experience part in general this is kind of a lot to to look at but I think there's really three main buckets when looking uh at you know bullet points on our resume can highlight you know leadership skills whether that's mentorship um you know scope of projects that you've worked on different business impacts um that's one bucket that can kind of

highlight your leadership abilities your technical abilities your coding and languages that you are comfortable working with different projects or products that you've developed those are all great examples to bring in on technical impacts of the work you've done and behavioral as well is is important to include um just to show that you know you're a problem solver you have communication skills and soft skills work on it uh if you know if there's any area that you may feel that is lacking or that you're strong in one and not as much another generally if you have you know these three broad skill sets it's going to uh you know pretty appealing from a resume reviewer or a hiring manager's

perspective additionally start your bullet points off with a verb when we're talking about how to craft your experience explicitly you know developed created built LED architected designed that's what recruiters want to see that's what hiring managers want to see they want to see the actionable things that you incorporated or worked on at the company keep your bullet points on each roll I would say between three to five you don't want to have a long list because by the time you get Midway through the bullets though you've already lost the reader's attention and they're kind of moving on to your your next step in your career so keep it short and sweet order matters as well in the the way

that the experience is worded you know the first thing you see is the first thing that um you know you want to associate with your role and also what your desired role is moving forward so if you're a security engineer and you're applying for an application security role and it's very heavily working throughout the sdlc and that's highlighted in the in the job description look at what the bullets they have there lists and their requirements are and order that similarly in your experience um use numbers to quantify impact show a tangible result whether that's you know improving processes speeding up time you know cost saving budgeting if you have numbers to highlight those quantifiable results it you know gives a lot more

tangibility and um you know direction to a recruiter or hiring manager who's reading your resume and the whole goal of their their resume really is to get an interview um it's not necessarily to put your whole life story out there um it's you know to highlight your strengths what you've done whether it's patents certifications The Works that you uh have things that you've developed products you've worked on you want everything on your resume to be a plus a positive thing that's going to help you get a job oftentimes I've seen a lot of resumes that you know they can be three four five pages they're really long and you lose the the attention of the the reader

so keep it short keep it sweet and you know keep it targeted to what you want finally networking is is huge when applying for a role when trying to find a new job be directed and targeted in what you're looking for like I mentioned earlier to speak to Talent professionals that's who I would reach out to first first personally they oftentimes can help you you know work through the application process know who to talk to within the company and usually have a direct line to the hiring managers second reach out to peers ask for referrals that's huge in the industry a lot of companies have referral programs in place to help them you know fill

roles everybody wants to have the best team around and the fact that you know you know people uh your network is is very valuable even even just reaching out to somebody that you may have never actually worked with or know personally but having a conversation a quick coffee chat maybe a quick phone call and then asking for a referral at the end of it can uh definitely make a big impact finally reach out to leaders like I mentioned when reaching out to leaders you want to make sure that you're reaching out with empathy your understanding of you know their schedule if you get the time to chat with them go in be attentive follow up and just go in

expecting to uh to learn um obviously this is more applicable to uh you know maybe people earlier on in their career in the mid stages um you know it can be more peers once you uh progress to a certain point lastly touching on networking tips that I've seen um first of all you get 100 LinkedIn connects per week I would suggest using all of those I typically tend to max out my connections but I also spend almost on my day on LinkedIn so there's that um but use interact build your network um you know grow your your connections make personal connections with people ask for coffee chats um interact on LinkedIn consistently um you know comment on posts that you've

seen by leaders like things that have popped up from company Pages interact and respond to you know different questions or posts that you've seen and I would suggest posting at least you know two times a week ideally in the domain or subject area that you're you're looking to focus in whether that's you know any pillar with insecurity associate your name with you know your brand um associate your name with the area of security that you're you're looking to uh to grow and expand in and be a thought leader building a brand kind of works its way into that um you know a lot of what is going to be valuable for you are not necessarily

going to be you know your your resume um and you know things that your resume can only take you so far it's what I'm trying to say your network is going to be that key that takes it to the next level when you ask for referrals um and you have a brand that you've built over time that's going to be the most valuable thing um really I think throughout this whole presentation um and then coffee chats as well it's an easy way to have a you know informal conversation learn more about you know whether it's a company that you're trying to apply for or a specific role that somebody's doing maybe you're just curious and want to have a conversation

with another security peer and ask questions as well um you know Network and build that relationship with uh you know with the broader security industry now hopefully that will get you to interview um we can talk interviewing tips and kind of where to go from there but really you know making sure that your resume is up to date your LinkedIn is up to date um it's packed full of things that are helping you not hindering you and making sure that you're tapping into your network are really I think the three key things to really take your infosec job search to the next level so I'll kind of open it up to questions now um but I appreciate you taking some time

to listen to what I've got to say and hopefully somebody uh you know took some value out of it foreign [Applause] where do you stand on like an objective on a resume do you care do you read it does it impact you at all uh I I as a recruiter I do read it um I I like the summary um at the top uh if you some people will have multiple different stages and you know an objective a summary and kind of um a lot at the top my suggestions would be you know keep it to a couple sentences but be very targeted uh on you know this is who I am this is what I've done and this is what

I'm looking for but yeah I would definitely keep it on there

hey uh thank you for the amazing talk uh one question I had is how do you deal with just you know applying to like hundreds of jobs and not hearing bad product rejections how do you you know continue to push forward through it or like just believe in yourself that you know you're gonna get there at some point so any tips for that or like yeah yeah um I mean it can be discouraging if you're applying to hundreds of jobs and you're not hearing back not getting to the you know any interviews um it's really easy to to give up um at that point and it's it's very disheartening um I would say that that Network piece

is probably going to be the biggest thing it's just continue to have those conversations with leaders and with peers uh reach out to you know recruiters as well and talent individuals um yeah me personally I'm always open to have a chat to discuss how I can help whether that's you know working through Linkedin uh working through your resume um but I would say you know really tapping into your network kind of building that that awareness into the industry is probably going to be you know where you're going to find success

um I spoke to a recorder about um when you're applying to send in a resume and as well they also said they preferred like a bio just to like talk about a little bit more about who you were like what are your what is your stand on bios and like just like a more like a longer waves like saying like like how like what kind of person you are it's almost like a cover letter essentially um that's a great question uh I have a different perspective than probably most on on that front just because I think the most important thing is you know the the person's experience and you know who they are you know and a lot of

that you don't get from a cover letter you get it from actually having a conversation you know learning somebody and so I typically went as a recruiter I don't look at cover letters that much uh you know if the experience fits you you know you can demonstrate to me that you know you you have a skill set in this industry um my perspective is is and that's worth a conversation but I totally get it where you know it may be required you have to um uh get get something you know in terms of a bio together um and that suggestion I would say you know look at uh peers again kind of going back to network

um you know a look at LinkedIn kind of see um you know what people how people word different things um look at leaders how they kind of talk about themselves on LinkedIn but also ask uh you know your friends hey can you look this over for me ask a you know somebody you know there's a few levels above you as well um what are your thoughts you know what uh read can you read this through give me some suggestions um and again I know probably any of my team here would be welcome to help out on that front as well so it's really just you know find a sounding board of people that you trust

um and who ideally work in the industry and kind of tap into that awesome yeah

all right any more questions cool all right let's give a big round of applause thank you thank you guys [Applause]