When applying for cyber security jobs, you want to stand out, and one way you can do this is by creating a compelling cyber security resume.
This helps you showcase your skills, experience, and certifications in a clear and organized manner that highlights your qualifications for the position.
But what if you have no experience? How can you leverage other skills and experience to help you land that job? Fret not, we’re here to help!
In this article, we’ll briefly discuss three types of cyber security resume examples and show you how to create one if you have no experience.
We’ve also interviewed an expert on the subject, who’ll give his insights on how to properly convey your experience and skills.
Next, we’ll provide you with a cyber security resume sample that you can use to help you build your own. We’ll discuss writing a cover letter and the do’s and don’ts of using AI to help with the process.
Let’s begin.
Three Types of Cyber Security Resumes
A cyber security resume is a collection of your work experience, education, skills, and achievements. It’s a snapshot of your qualifications and lays the groundwork for potential employers to assess your suitability for a position.
There are various ways to present yourself to potential employers, and we'll examine three of them.
LinkedIn is an important place to create and maintain an online professional presence, as it allows you to create a profile that goes beyond a standard resume.
Unlike a static resume, your LinkedIn profile can be easily updated as you gain new experiences, acquire new cyber security skills, or achieve new accomplishments. It can be a great place to build your brand.
At its core, LinkedIn is a powerful networking platform on which you can create connections and develop professional relationships with other cyber security professionals.
By maintaining an up-to-date and compelling LinkedIn profile, you can effectively present yourself as a strong candidate and enhance your career prospects.
Personal Websites as a Portfolio
Another excellent way to showcase your skills is through a personal website or online portfolio.
This allows you to demonstrate any projects you have worked on to potential employers. These can include practical labs such as a virtual hacking lab or a Security Operations Center (SOC) simulation. The possibilities are endless.
A personal website showcases your understanding of cyber security concepts and skills through various forms of content creation, such as blogging, videos, tutorials, or walkthroughs.
With a well-crafted personal website, you can showcase significantly more than a LinkedIn profile or resume typically allows. You can go deeper into your projects and showcase your problem-solving abilities.
Traditional CV
While the other two forms are equally important, the traditional resume is still the one employers want to see when you apply for jobs.
A traditional resume can be considered an “elevator pitch” that aims to get the hiring manager to look at your website or LinkedIn profile and hopefully contact you.
It’s a great way to summarize your skills. Plus, each resume can be tailored to the cyber security job description, allowing you to highlight your most relevant experience and qualifications for that particular position.
This can significantly increase your chances of standing out to potential employers and landing an interview.
Creating a Cyber Security Resume With No Experience
How do you create a cyber security resume without experience? This is a question asked by many trying to break into this field. So, what should you include in your resume?
You need to leverage the skills you already possess. Focus on highlighting the skills you’ve gained from other jobs, certifications, labs, etc.
Additionally, consider including any relevant certifications and projects you have completed that demonstrate your interest and knowledge in the cyber security field.
Before we discuss the soft skills you should have and how to include non-work experience on your resume, let’s briefly discuss what sections you should include.
Sections
According to Ken Underhill, the number one best-selling author of Hack the Cybersecurity Interview, you should include the following sections and information on your resume.
1. Contact Information
Contact information should appear first. Use an email address solely dedicated to job applications. This enhances privacy, making it easier to identify and manage job-related emails, even if they inadvertently land in the spam folder.
Underhill also recommends using a virtual phone number service like Google Voice (free in the US) or similar alternatives in other countries. This further protects your privacy.
Avoid including your physical address on your resume. Hiring managers do not need this information during the initial screening process.
You can include a link to your LinkedIn profile and another to your GitHub or personal website. Underhill suggests you use a maximum of two links to avoid over-cluttering this section. This allows potential employers to easily access your professional online presence and learn more about you.
2. Summary
The cyber security resume summary section should be a maximum of three sentences corresponding to the position's responsibilities.
Avoid providing an extensive life story. The summary should be concise and focused on highlighting your relevant qualifications for the specific role you're applying for.
The summary should clearly outline who you are as a professional and why you're a strong match for the role, emphasizing the key skills and accomplishments that make you an ideal candidate.
3. Skills
Next, include a list of skills, emphasizing three to five of them. Most people include too many skills irrelevant to the job they are applying for. Ensure the skills are aimed at the specific job you’re applying to.
4. Experience
In the experience section, you should emphasize your results and practical implementations. You don’t need to include ten bullet points per job. As long as it provides value and not fluff, even one is going to be fine.
Your goal is to show your value to the company you’re applying to.
Underhill suggests that instead of saying, “I scanned for vulnerabilities using Nessus,” you can say: “ I performed a vulnerability scan using Nessus on Linux servers to identify and prioritize vulnerabilities. I then determined a mitigation strategy and finally created a report on this strategy for those vulnerabilities."
Here, you show that you understand the process of conducting a vulnerability scan, analyzing the results, and addressing any identified vulnerabilities. This adds much more value.
“You could frame it as if you were addressing a hypothetical situation in a real organization. Say you pretended you were part of a healthcare organization conducting a vulnerability scan.
Detail the steps you took, the vulnerabilities you discovered, and how you would recommend mitigating them. This approach not only showcases your technical skills but also your problem-solving abilities and how you can contribute to a potential employer's objectives.” – Ken Underhill
What about the experience from jobs that are not related to cyber security? How do you convey to an employer that you’re the right candidate?
Again, Underhill suggests you show how to provide value using experience from other jobs: “Everyone's got that transferable skill; it's just that people don't know how to flesh that out, really.”
You’ve most likely followed some process to complete a task in your previous jobs. So, use this as a bullet point.
He gave us a great example of working at Burger King. Instead of saying that you made cheeseburgers, you should say, “I followed the company procedure to create a cheeseburger for customers and ensured that the cheeseburger met our quality guidelines.”
Underhill says that putting these bullet points on your resume shows a potential employer that you understand how to follow a process and can likely follow different ones, too.
“Showing that value, showing those bullet points, showing specifically how what you can do actually applies to the real world or gives value to a company in the real world.”
The right way and the wrong way to list experience
Capitol City Hospital - Triage Nurse - 2018 - 2023
Burger King - Line Cook - 2016 - 2018
5. Education and Certifications
Education and certifications should come next, emphasizing practical applications. In this section, you can list any degrees, diplomas, and certifications you have earned.
Once again, you can show value to an employer by briefly talking about a project you may have worked on in school and relating that to the real world. Maybe you encountered a problem on one of the projects, but you came up with a solution to solve it.
Ensure that relevant certifications you've achieved in cyber security are highlighted on your resume. Industry-recognized certifications are increasingly important, with 90% of hiring managers who prefer hiring people with certifications.
Choose relevant and trusted certifications for your intended career path, such as Security+ or OSCP, which is crucial for gaining credibility.
List them out and try to relate what you learned to something tangible. For example, if you’ve listed Security+, add something about what you learned and how you’ve implemented it.
Maybe you created a website and had to install an SSL certificate. This is where your knowledge of public key infrastructure, something learned in Security+, can be directly applied and showcased.
By providing specific examples of how you have utilized your certifications or education, you can demonstrate knowledge and skills to potential employers. This can set you apart from other candidates who may simply list their degrees and certifications without showing how they’ve been put into practice.
According to Underhill, most people do not include this type of information. “That's what most people are missing on their resumes and on their LinkedIn.”
The right way and the wrong way to list education and certifications
CompTIA Security+
B.S. in Nursing
6. Professional Achievements
If you’ve written blog posts or articles or created content on YouTube, don’t list every piece individually.
Instead, summarize your contributions to cyber security knowledge under the professional achievements section.
You might say, "I contributed to [X] online publications on topics ranging from [Topic A] to [Topic B], demonstrating a commitment to advancing cyber security awareness and education.”
This strategy enables you to recognize your contributions without drawing attention away from your qualifications and skills.
To enhance the visibility of your work, ensure that your LinkedIn profile is updated with links to your publications or, if applicable, a portfolio website.
Soft Skills
Soft skills critical in cyber security roles include communication, problem-solving, and attention to detail.
These skills are essential for effectively collaborating with team members, analyzing complex security risks, and accurately documenting security breaches.
In addition to the above skills, other soft cyber security skills include creativity and innovation, adaptability, flexibility, leadership, and management. These skills are crucial in finding, responding to, and mitigating cyber attacks.
Consider highlighting these skills by incorporating relevant examples into your resume's summary or experience sections.
To learn more about soft skills in cyber security, see Soft Skills for Cyber Security (Employers Want to See).
Remember to focus relevant soft skills to the career you’re pursuing. There is no precise list, but consider some of the following for these entry-level roles.
Cyber Security Analyst
- Analytical thinking: The ability to sift through large amounts of data looking for anomalies, identifying real threats from false alarms.
- Communication: The ability to write clear reports and explain complex issues, and articulate clear recommendations for prevention or mitigation.
- Problem-solving: The ability to quickly understand and solve an issue under time constraints; thinking on your feet.
- Attention to detail: Possessing a keen eye to stop threats hidden in large amounts of data.
- Teamwork: The ability to work well with others, share information, support colleagues, and collaborate with other departments.
Junior Penetration Tester
- Curiosity and a learning mindset: The desire to investigate different possible routes to your goal, research services to see if there are vulnerabilities, and the drive to continually learn new technologies.
- Creativity: Thinking outside the box, looking for less than obvious solutions.
- Persistence and patience: The ability to deal with sometimes tedious processes, deal with dead-ends and setbacks calmly, and try multiple approaches.
- Communication and writing skills: The ability to write clear reports for both technical and non-technical audiences, detail your methodologies and steps clearly enough for others to follow, and suggest remediations in a way that’s easy to understand.
- Ethical integrity: Being trustworthy with sensitive information and adhering to ethical and legal guidelines.
Security Auditor:
- Attention to detail: Being able to meticulously review policies, procedures, and security controls. Able to look beyond the surface for vulnerability and compliance issues.
- Communication skills: Once again, the ability to clearly explain your findings, write detailed reports, and make your recommendations clear to non-technical audiences such as management and clients.
- Ethical integrity: Also relevant here, as you will be handling sensitive information and must be trusted to keep in confidential, as well as remain impartial and conduct all audits honestly and objectively.
- Analytical thinking: The ability to successfully review information and interpret results, then make actionable recommendations based on your findings.
- Adaptability: As IT is constantly changing, the skill to keep up with new technologies and threats is vital. This is the ability to learn these things and adjust your auditing techniques accordingly.
Non-Work Experience
If you have no experience in cyber security, you need to include non-work experience to highlight your skills.
You should include any labs you have or are working on. These can consist of Python or Vulnhub labs or a self-directed lab analyzing PCAP files with Wireshark. You can also include relevant skills you've learned while using these.
To learn about other labs you can include on your resume, read The 10 Best Cyber Security Labs for You.
You can also explore voluntary roles: participating in Capture the Flag (CTF) contests, bug bounty hunting, and internships are all effective ways to gain practical cyber security experience.
These should be documented as achievements in your education or experience section or a section dedicated to your projects, such as “Professional Projects,” and will show your understanding of the concepts and tools used.
For example, if you’ve completed a StationX course on Nmap, don’t simply say you did the course. Say, “I finished the Nmap course and learned to scan for open ports and services on a target machine. I also practiced interpreting Nmap output to identify potential vulnerabilities. If I were working for your company, I would apply this knowledge to regularly scan our network for vulnerabilities and ensure our systems are secure from potential cyber threats."
You can do the same for CTFs, volunteer work, or projects. For example, if you’ve set up a SOC lab at home, ensure you relay the skills learned and how you would use them to help the company.
Underhill says that this is a little more work, but it sets you apart from everyone else.
What Does an Effective Resume Look Like?
To construct an effective resume, start with your contact information. Exclude your physical location but include a professional email and possibly a LinkedIn profile link.
In crafting your summary, focus on articulating who you are as a professional, your core competencies, and how these relate to the job at hand. If the job description emphasizes specific soft skills or technical abilities, mention these in your summary if they apply to you.
For example, you might say, "Recent graduate with a strong foundation in network security principles and a keen interest in threat analysis. Demonstrated ability to apply problem-solving skills in a team-based capstone project focused on developing a secure network architecture."
In the experience section, provide specific examples of how your work has added value, moving beyond simple task descriptions to emphasize outcomes and real-world applications of your skills. For education and certifications, focus on projects or practical applications of what you've learned rather than listing courses or general achievements.
Remember, the goal of your resume is to showcase your potential as a valuable addition to the team, not just to list your past responsibilities or achievements. – Ken Underhill
Ken’s Cyber Security Resume Tips
Here are some other tips that Underhill shared with us to help you create a great resume.
- Create a master resume: Compile a comprehensive resume with every job, skill, certification, education, and project.
- Customize for each application: From your master resume, create a tailored version for the job you’re applying for by trimming down content to align closely with it.
- Length can vary: Don't restrict your resume to one page. A few pages are acceptable, especially to showcase self-learning and your experience.
- Treat your resume as a sales page: Approach your resume as an opportunity to capture interest. Think of it as selling your time and potential to employers for the chance to interview you.
- Address career gaps with a sabbatical: If your career has gaps, label these periods as sabbaticals. Use this space to explain any self-learning or skill development you took during this time.
Entry-Level Cyber Security Resume Sample
Now that we’ve discussed what you should include on your resume, let’s look at a sample resume that will give you a visual representation of the order in which the sections should be best displayed.
Remember, you’re in charge of the resume’s look and feel, and you can find many templates online or through Microsoft Word or Google Docs.
This resume example is designed for those without direct cyber security experience. It focuses on effectively presenting non-IT work, certifications, and indirect cyber security experience through self-learning.
You can find a wide selection of cyber security resume templates LaTeX format here. See how to combine these with AI in the video below.
Writing a Cyber Security Resume Cover Letter
You’ve created your resume—great. Now it’s time to pair it with a well-crafted cover letter.
Don’t overlook the importance and significance of a cover letter when applying for a job, especially if you are transitioning into cyber security from a different background.
A cover letter that demonstrates your genuine interest in the position and the organization can help you connect personally with the hiring manager. But what’s the best way to structure it, and what should it include? Let’s take a look.
Your cover letter should contain four paragraphs, each with a different focus:
- Introduce yourself and state the position you're applying for. Share why you're excited about this opportunity and the company. Did their latest project catch your eye? Mention that. It shows you've done your homework, and you're not just blasting out applications.
- Here's where you talk about yourself—but stay professional. If you're transitioning from another field, this is gold. Highlight transferable skills. Did you manage IT projects, handle data, or lead teams? Those experiences matter. Tell them how these roles have prepared you for a career in cyber security. Share a compelling story or achievement that illustrates your skills and drive.
- Here's where you talk about yourself—but stay professional. If you're transitioning from another field, this is gold. Highlight transferable skills. Did you manage IT projects, handle data, or lead teams? Those experiences matter. Tell them how these roles have prepared you for a career in cyber security. Share a compelling story or achievement that illustrates your skills and drive.
- Look at the job description. Identify key problems or goals the company faces. Now, align your skills and experiences with their needs. If they're looking for someone with strong problem-solving skills, describe when you solved a tough problem. Make it clear you're not just looking for any job—you're looking for this job.
- End with enthusiasm. Reiterate your excitement about the opportunity and the value you'd bring to the team. Invite them to contact you for an interview, and say you're looking forward to discussing how you can contribute to their success. Be confident but not pushy.
A professional closing, like "Sincerely" or "Best regards," followed by your name, adds the finishing touch.
Additional Tips:
- Customize It: No two jobs are the same, so no two cover letters should be either. Tailor each letter to the job and company.
- Keep It Concise: Aim for one page. Hiring managers are busy. Make their job easy.
- Proofread: Spelling and grammar mistakes can hurt your chances. Double-check your work. Better yet, have someone else take a look.
Your cover letter is your spotlight moment. Use it to show why you're not just a great candidate, you're the right one.
Do's and Don'ts of Using AI in Resume Building
With the advent of AI chat technologies such as ChatGPT, Google Bard, Microsoft Copilot, and others, getting help building your resume has never been easier.
There are, however, do’s and don’ts when using these, and we’ll highlight them below.
Do
Don’t
Conclusion
You should now have everything you need to create a solid cyber security resume. You’ve seen what to include and which items to highlight.
You’ve learned how to pair your resume with a cover letter and how you can use AI to help you along the way.
If you’re looking for more tips to succeed in cyber security, consider joining the StationX Accelerator program today and take your career to the next level with our large selection of courses, roadmaps, mentors, and more.