Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
So I’m planning for the future career move, right now I’m mostly overseeing a pentesting group with a little bit of participation during the tests. I’ve coded many projects over my time in many languages, but I really enjoyed doing reverse engineering of malware and various other things as they popped up years ago. I can’t imagine there’s a lot of that available, though. I have a GREM, GPEN, GCIH, and GASF from SANS (I wanted to get more but the company stopped paying for distance travel the last few years). I’m currently 100% remote in the US mid-Southwest and really enjoy it. I’ve got 13 years of a large variety of professional experience in the cybersecurity and general IT world, with a little bit of a dip into OT with some ICS classes. I’m also trained in digital forensics imaging and handling, as I’ve spent some time working for a law enforcement branch (that was a wild ride)
My main question that I have these days is… what would I call myself, professionally? What types of jobs should I be looking to do. I can do management and leadership but I like getting my hands dirty and solving problems.
Thank you.
Deflector7462@infosec.pub 1 year ago
What do you guys think about a projects section on a resume instead of a skills section for someone early in their career? The idea would be instead of just listing Python & Nessus you could list something like “Used Python to start a scan against a target system with Nessus API”.
_zi@infosec.pub 1 year ago
That is generally what I’d recommend, and have liked seeing in a resume.
My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I’ve never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.
I will say though that I wasn’t the person reviewing resumes deciding who got an interview, I’ve just been an interviewer after someone made it through the screening.
shellsharks@infosec.pub 1 year ago
I think you would want to have both. Have a summarized section where you list skills you have still but if there’s something notable you know how to do, such as programmatically control Nessus using Python (as you have suggested), I think it’s worth making the connection in a separate section.
ComradeKhoumrag@infosec.pub 1 year ago
I am by no means a hiring manager. However software engineering is project based work , so I would be biased towards this as a good thing