Resume Tips from a Hiring Manager

I just finished sorting the first round of applicants for some job openings in my business unit. These are tough roles to hire for as they require a very specific set of skills. That said, there were a number of common mistakes in the submitted resumes. After reading almost 30 resumes for two roles, some patterns emerged that any applicant should consider when writing their own CV.

  • Use less words – The long description of your qualifications, skills, and experience doesn’t make you look more seasoned, it makes you look less. It also makes it difficult to find your real talents.
  • Focus on results – What you were responsible for is usually irrelevant. Talk about what changed about the business due to your efforts. Be specific: don’t say “contributed significantly to the bottom line”, say grew billings 30% over 18 months.
  • Avoid weird fonts – Unless you are a trained designer, straying from the basics here will almost always give someone a negative impression.
  • Avoid weird layout – When looking at a lot of resumes, hiring managers start to train their eye to look for things in a specific place. Deciding to be different just starts the things off on the wrong foot as he or she now needs to hunt to find information. This is not a time to get creative.
  • Use “bold” sparingly – Company names or position titles may make sense to allow for quicker navigation. Please though, don’t pick out words that you think a hiring manager may find interesting. That’s a sure sign you are using too many words to begin with.
  • Don’t crowd the page – You have a lot of power in deciding how someone discovers you by carefully laying out your resume as a PDF. When following the guidelines above, make sure you lay out the information so that it is nicely spaced.
  • Make sure you are qualified – This is just about kindness to your fellow man. Finding a job can be difficult but this is not a process where you can sacrifice quality for quantity. In the rare case where you find the perfect role that seems like a stretch in terms of your experience, write a cover letter that acknowledges the gap and details why you are applying anyway.

TL:DR – Keep it short, format it normally, and focus on the results you’ve achieved in prior jobs that qualify you for your next job.

RSA Session Todos

So I’m here at RSA 2012 and I was able to snag a delegate pass and actually attend some sessions this year. It looks to be a pretty great year content-wise and there were scores of sessions I couldn’t attend but wished I could. Most of them are in the APT, cloud, mobility or risk space. Here’s the list that I’m going to slowly work through via recordings after the fact (apologies for all caps):

GRC-106 RISK MANAGEMENT
HT1-106 ADVANCED PERSISTENT THREATS
HOT-106 JOINING FORCES; PUBLIC-PRIVATE
PNG-106 GOOD SECURITY ON A GIVERNMENT BUDGET?
SECT-106 GIVE ME MY CLOUD BACK: PANEL DISCUSSION OF DATA PRIVACY CONCERNS
SP01-106: OPTIMIZING SECURITY FOR SITUATIONAL AWARENESS
STAR-106: FIREWALLS: SECURITY, ACCESS, THE CLOUD — PAST, PRESENT AND FUTURE
TECH-106: REVOCATION CHECKING FOR DIGITAL CERTIFICATES
DAS-107: THE FIRST 24
GRC-107: TAKING INFORMATION SECURITY RISK MANAGEMENT BEYOND SMOKE & MIRRORS
EXP-107: NEW THREATS TO THE INTERNET
TECH-107: STOP THE MALESTROM: USING ENDPOINT SENSOR DATA IN A SIEM TO ISOLATE THREATS
STAR-108: COMBATING ADVANCED PERSISTENT THREATS (APTS)
HT1-201: CYBER WAR: YOU’RE DOING IT WRONG!
HT2-201: THAT DOESN’T ACTUALLY WORK
EXP-201: CYBER BATTLEFIELD: THE FUTURE OF CONFLICT
PNG-201: SECURE THE SMART GRID
GRC-202: ADVERSARY ROI
PNG-202: NSA’S SECURE MOBILITY STRATEGY
STAR-202: CAN WE RECONSTRUCT HOW IDENTITY IS MANAGED ON THE INTERNET?
TECH-202: DEPLOYING IPV6 SECURELY
TECH-203: BUILDING A SECURITY OPERATIONS CENTER (SOC)
HT2-204: LIVE FORENSICS OF A MALWARE INFECTION
EXP-204: THE ROLE OF SECURITY IN COMPANY 2.0
P2P-201C: EVALUATING GARTNER
HT1-301: CODE RED TO ZBOT
SP01-301: MANAGING ADVANCED SECURITY PROBLEMS USING BIG DATA ANALYTICS
EXP-302: HACKING EXPOSED: EMBEDDED — THE DARK WORLD OF TINY SYSTEMS AND BIG HACKS
HT1-303: MODERN CYBER GANGS: WELL-ORGANIZED, WELL-PROTECTED, AND A SMART ADVERSARY
MBS-303: SECURING THE MOBILE DEVICE
PNG-303: CYBER INCIDENTS CENTERS
SECT-303: MAKING WORLD CLASS CLOUD SECURITY THE RULE
TECH-303: SECURITY DATA DELUGE — ZIONS BANK’S HADOOP BASED SECURITY DATA WAREHOUSE
GRC-304: COLLECTIVE DEFENSE: HOW THE DEFENDERS CAN PLAY TO WIN
EXP-304: GRILLING CLOUDICORNS
AST2-401: GETTING YOUR SESSION PROPOSAL ACCEPTED
LAW-401: FRAUD AND DATA EXFILTRATION
TECH-401: SCADA AND ICS SECURITY IN A POST-STUXNET WORLD
HT1-402: THE THREE MYTHS OF CYBERWAR
MBS-402: IOS SECURITY INTERNALS
EXP-402: ZERO DAY: A NON-FICTION VIEW
HT1-403: ESTIMATING THE LIKELIHOOD OF CYBER ATTACKS WHEN THERE’S “INSUFFICIENT DATA”

Identity-based Networking

Jon Oltsik on identity-based networking. As usual, he gets it right. No cringing from the long-time Cisco folks on the DEN reference later in the article. DEN was the right idea, just introduced way too early to survive.

Network access control (NAC) has certainly had a boisterous lifetime.

Cisco Systems first coined this term in 2005 when introducing an initiative to ensure that only “healthy” endpoints could access the network. In the intervening years, the NAC concept gained popularity, drove tremendous VC investment, and most recently came crashing down in a micro boom-to-bust cycle.

So what’s the future for NAC? Out of the ashes, NAC is slowly changing and moving in the right direction toward identity-based networking.

Technorati Tags: ,

Survey: Wired 802.1X Plans?

Apologies for the long delay since the last post, things have been very busy at my company. One of the reasons is we’re seeing huge interest in 802.1X among large enterprises. Interestingly enough, much of that interest includes wired 802.1X, not just wireless. We’re having conversations with somewhat conservative companies about 50-100K node wired 802.1X rollouts. This made me curious if we’ve reached some sort of an inflection point around 802.1X adoption. If you have a moment, can you please take the time to reply to this post with your own organization’s wired 802.1X plans? I won’t make this formal, feel free to write as much or as little as you’d like. The things I’m curious about are:

When do you plan to roll-out wired 802.1X?

How many endpoints will that include?

What is the main reason for wired 802.1X deployment?

What has held you back from deploying thus far?

Technorati Tags: