Beyond Certifications: What are the Qualifications that Really Stand Out on a Resume?

Hint: There's Nothing Like Hands-On Experience The CISSP has become almost ubiquitous among information security professionals. The same can be said for many industry- and technology-specific certifications.

And while certifications are not perfect, they are a decent way for security professionals to learn how to perform complex job functions and display basic expertise in required skill sets, as well as enhance their standing as generalists. At the same time, certifications offer a potential employer a standard by which to assess whether a job candidate has the security expertise he/she is going to need to know for a specific job.

"Certifications in this arena have become a prerequisite for an information security job," says Tracy Lenzner, CEO, Lenzner Group, an executive security search and consulting services firm based in New York. "We are seeing more and more employers make certification a standard and a criterion for hire".

So, what is it - beyond certifications -- that really jumps out from a resume and impresses a prospective employer?

We asked several hiring managers for their insights on what they seek in prospective hires.

Nothing Like Experience
Certifications show a certain amount of base skills the candidate will possess in terms of the theoretical understanding and knowledge. But there's nothing like hands-on experience in the job, says Nathan Johns, Executive with Crowe Horwath LLC, and former Chief of Information Technology at the FDIC. "If two equal candidates in terms of work experience are vying for a job, then the candidate holding certifications will probably have the upper hand," Johns says. "However, a certified person with little experience will not fare so well against an uncertified person with a lot of experience".

Jennifer Bayuk, former CISO at Bear Stearns & Co., looks for security professionals who are able to distinguish themselves via their resume by communicating the type of problems they can solve and by providing a clear picture of how they best fit the job position by giving examples of work accomplished in the field. "There is no substitute for hands on experience".

For Debbie Wheeler, Chief Information Security Officer (CISO) Fifth Third Bank, certifications make a difference when evaluating a multitude of candidates and are used as an initial prioritization of candidates. "Certifications can initially draw a hiring manager's attention to a specific candidate, but hiring decisions ultimately come down to the hands on experience and overall qualifications of the individual."

Among the factors weighed beyond certifications:

Academic Background and Technical Ability - Bayuk seeks evidence of technical ability and depth of technology understanding, as demonstrated by an advanced degree in computer science or information assurance; relevant published papers and related project work; and work experience that maps directly to the job function.
Business Understanding of Security -- Talking the language of business -- and a business understanding of security with good communication skills and ability to stand up and present at executive meetings -- is another area that candidates should build upon, adds Nathan. "Investing in a management and business course often helps to gain an edge over other security candidates."
Internal Branding -- "Today, getting a basic security certification is not enough to differentiate and get a job; security professionals need to differentiate themselves through outstanding performance and internal branding," says Lee Kushner, President, L.J. Kushner and Associates, LLC, an executive search firm dedicated exclusively to the Information Security industry and its professionals.

And then there are the soft skills. Security professionals need to know how they project themselves to their colleagues and management team. What is the impression of them and their work that others around carry and talk about?

Kushner further adds that security professionals will need to give importance to moving beyond baseline requirements by:

Thinking about the industry affiliations and groups they want to be associated with;
What are the leading edge conferences they want to be attending and participating in;
What kind of skill set they want to be focusing on, leading a path to specialization
What kind of education and training they want to be investing in to enhance their overall qualification.

Tips for Moving Beyond Certifications

Hiring managers offer these tips to security professionals who want to enhance their resumes after they attain their necessary certifications:

Earn a reputable university degree by one of the National Security Agency (NSA) approved and accredited academic institutions in information assurance. Also, candidates should look for programs that combine technical training with business strategy and management courses.
Think from a Business Perspective - Besides knowing how to operate and excel in security tools and solve problems from an engineering background, candidates need to focus on how these solutions affect the organization from risk and compliance perspective and also direct efforts in making security a business driver.
Set up a Home Laboratory and get Hands-on Experience - Security professionals should invest in a serious lab environment and implement what they find interesting during their studies especially with readily available freeware versions of technologies/software used. This gives IT professionals the opportunity to acquire knowledge of the underlying theories and provides them with an outlet to implement security practices in real world situations.
Internship in IT Security - Candidates who are still in school should consider taking up relevant projects and internship in information security. This will help to provide an opportunity to get hands-on real-world security experience and also help in networking within the security market for future job prospects.
Join local security groups and associations like ISSA, ISC2, ASIS, InfraGard
including Blackhat, RSA, MISTI
Subscribe to targeted newsletters and forums including Sans Institute, ISACA and others

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.