Hays US Blog

As part of our ‘Ask a Recruiter’ series, we spoke to Miguel Duran, Cyber Security Business Manager for North America, to get an inside look at what characteristics help a Cyber Security candidate stand out. Have a look at his must-know advice that is sure to give you a one-up against the competition.

1. When you meet with cyber security professionals, what are some key characteristics you look for?

This really depends on the seniority of the individual, so I will break this down into two areas (Junior vs Senior)

In Entry level - more Junior professionals, I am always looking for passion about what they do, or specific areas they are interested in. This does not just mean their 9-5 job, I'm talking about what they do outside of their usual job responsibilities. Are you involved in networking groups, do you have a home lab that you build and tinker with new tools, hardware or technology. What do you follow online from training, YouTube, blogs etc. In most cases, companies are more inclined to hire candidates that show passion outside of their role with less commercial experience, as they are eager to learn and therefore easier to train and mentor.

From a Senior standpoint. I am looking for expertise in their field, not generalist or jack of all trades type individuals. As the Cyber industry matures, I see that companies are looking to hire true experts in their fields; individuals who can not only be the expert in their area of Cyber, but also can carry themselves from a communication, business facing level. Believe it or not, even with the growth in this market, selling Cyber security within an organization is still one of the largest challenges. Building relationships with other technical teams across Engineering, Infrastructure, and Development are key in today's Cyber programs.

2. What are the most in demand technical skills that cyber security professionals should have?

This really depends on their chosen area. Not one person can have all the skills a company may be looking for to fill gaps in their program. My best suggestion is evaluate yourself, what skills do you have currently, what do you want to do, where do you want to build expertise. In terms of highly demanded skills in the market currently, I would suggest looking at DLP, Incident Response, Security Automation, Secure Coding, Cloud Security, Container Security and DevSecOps as being some of the most demanded skills in the market today.

3. What are some key cyber security certifications that will help give professionals an advantage?

This also depends on your particular skill arena within Cyber but the most consistent certifications I see requested or in plus skills are;

• Security+
• OSCP
• OSWE
• GPEN
• GWAPT
• CISSP
• CISA
• CISM
• GSEC

In an article written by Forbes, they say;

• 96% of IT leaders believe team members with cybersecurity certifications add value to their organizations.
• Just over half of all IT leaders, 55%, say cybersecurity certifications earned by team members help close organizational skills gaps.
• 46% of IT leaders say having team members with cybersecurity certifications also boosts productivity.
• Meeting client requirements in sales and support engagements are improving by having team members with cybersecurity certifications according to 40% of IT leaders surveyed.

4. How should professionals prepare for a cyber security interview?

They should prepare just like they would for any Cyber engagement; with care, preparation and determination. Understand your weak points and do not try and answer a question you do not know (You cannot know everything), but explain how you would find the information and put it into practice. Be prepared for a technical round table style interview. Some companies do rapid fire questions (more situational approach questions) so be prepared for both options. Talk to your peers and see if they can help with a mock-style interview. Finally, always be presentable regardless of being in-person or via video call. First impressions are only once remember.

5. What are some tips to help showcase experience and projects on a cyber security resume?

I always say to follow the who, what and why method. Your resume should not be a list of 100 bullet points, but more of a summary of key responsibilities with some challenges and success stories thrown in. In most cases, employers want to understand what you do, challenges you have had and how you have overcome them. Being able to tell more of a story behind your role and experience is better than just short bullet points that explain "Implemented XYZ tool". Think about expanding on that, and read your resume as if you’re the employer. Think if you were the employer, would you want to hire the person described in the resume. Outside of this, if you contribute to opensource frameworks, have 0Days in your name, a GitHub profile or specific home lab project, be sure to Include them on your resume in a summary.

Looking for an opportunity within Cyber Security?

Connect with Miguel Duran, Business Manager, North America.