this post was submitted on 31 Jul 2023
9 points (90.9% liked)

cybersecurity

3030 readers
2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago (1 children)

So I'm planning for the future career move, right now I'm mostly overseeing a pentesting group with a little bit of participation during the tests. I've coded many projects over my time in many languages, but I really enjoyed doing reverse engineering of malware and various other things as they popped up years ago. I can't imagine there's a lot of that available, though. I have a GREM, GPEN, GCIH, and GASF from SANS (I wanted to get more but the company stopped paying for distance travel the last few years). I'm currently 100% remote in the US mid-Southwest and really enjoy it. I've got 13 years of a large variety of professional experience in the cybersecurity and general IT world, with a little bit of a dip into OT with some ICS classes. I'm also trained in digital forensics imaging and handling, as I've spent some time working for a law enforcement branch (that was a wild ride)

My main question that I have these days is.. what would I call myself, professionally? What types of jobs should I be looking to do. I can do management and leadership but I like getting my hands dirty and solving problems.

Thank you.

[–] [email protected] 2 points 1 year ago (1 children)

With that background you can call yourself what you want. Really just depends where you want to go. At most companies you'll end up either a "something" engineer or on management track depending on which path you wanna go. At 13 years experience though you are somewhere in the realm of Staff/Lead - Principal engineer I would imagine.

[–] [email protected] 2 points 1 year ago

Thank you! I guess the realization that I've hit the Lead experience area is still coming to me. Impostor syndrome is real.

[–] [email protected] 3 points 1 year ago (3 children)

What do you guys think about a projects section on a resume instead of a skills section for someone early in their career? The idea would be instead of just listing Python & Nessus you could list something like "Used Python to start a scan against a target system with Nessus API".

[–] [email protected] 2 points 1 year ago

I am by no means a hiring manager. However software engineering is project based work , so I would be biased towards this as a good thing

[–] [email protected] 2 points 1 year ago

I think you would want to have both. Have a summarized section where you list skills you have still but if there's something notable you know how to do, such as programmatically control Nessus using Python (as you have suggested), I think it's worth making the connection in a separate section.

[–] [email protected] 2 points 1 year ago

That is generally what I'd recommend, and have liked seeing in a resume.

My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I've never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.

I will say though that I wasn't the person reviewing resumes deciding who got an interview, I've just been an interviewer after someone made it through the screening.