Writing a good resume

Published: 05 Apr 2017

As a pentester, most clients will judge your work by the quality of your reports. Your resume is the best way for an employer to see how much care and attention you put into writing content, so make sure you nail it!

The Form

The first step is to read carefully what people ask in the job ads, don’t miss any details! Your job as a pentester is to take attention to details, show that it’s one of your quality when you apply by not missing any details.

Some companies ask for a resume in text format. It has two advantages for a company:

  • Limit the risk of compromise
  • Filter people applying by asking for extra effort

If you apply for a company that asking for a text resume. Don’t send a PDF or worst a Word document… You are going to get disqualified, or loose point before anyone read your resume (if they read it at all).

If no format is specified, send a PDF or a text file. You don’t want to send a Word document. People will see how bad/good you are with Word, see track changes information or even the Author’s name you put a few years ago.

Ideally, you will send a resume in PDF written with Latex, that should get you some extra-point.

The content

Keep it simple, don’t put too many keywords on your resume. Avoid old security software. Don’t put that you’re an expert in X. If your resume reads “expert in X”, interviewers will ask questions that an expert should be able to answer; if they read that you’re “confident in X”, the questions will probably be easier and the expectations lower…

Don’t lie on your resume!

Just put the truth, guess what… Interviewers have rather being positively surprised. If they read in your resume that you’re confident in Java and it turns out that you have a deep understanding of the language, you will get extra points.

Don’t put a list of tools. There is nothing more off-putting than a list like:

Aircrack, Aircrack-ng, Wireshark, Burp, WebScarab, Nikto, Acunetix, Nessus.

Most interviewers won’t care about these tools. They care about what you can do:

Wireless testing and manual packet inspection
Manual and automated web testing
Vulnerability scanning

Don’t put too many languages, especially without details:

Assembly, C, C++, Objective-C, Java, Erlang, Perl, Cobol, Ruby, Python

Try to show what you know:

Proficient in C and Ruby
Exposure to Assembly, C++, Objective-C, Java, Perl, Python
Showcase your online profiles:
  • Interviewers can see that you know how to read, write code, find vulnerabilities by checking your Github profile.
  • Interviewers can see that you know how to find bugs by looking at your Hackerone/Bugcrowd profile.
Sending your resume

Don’t send it to 80 email addresses with everyone in CC. It’s the best way to make sure you will never get a job anywhere.

Write a cover letter dedicated to the company and why you want to work there. Even better, try to meet people from the company at local security meetups and send your resume to them directly. It will speed up the process and they will already know who you are.

Finally, try to get a simple and serious looking email address to send the resume. It’s likely that using superhacker69@hotmail.fr won’t cut it.

Conclusion

We hope this article will help you improve the quality of your resume. Now that you sent the perfect resume, it’s time to get ready for the interview!

Photo of Louis Nyffenegger
Written by Louis Nyffenegger
Founder and CEO @PentesterLab