Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I’ve worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I’m also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

  • shellsharks@infosec.pubOPM
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Mostly non-tech experience. This is subjective and will vary hiring team to hiring team but in this field I have always glossed over any non-tech things on a resume. There’s so much opportunity for people to learn and get involved with IT/security that there’s no excuse to not just focus on those competencies on the resume. Just my opinion.

    • iamak@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Okay. So my experience as a software developer while not the main thing being judged will still be relevant?

          • shellsharks@infosec.pubOPM
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Kinda depends what you want to get into. If you’ve let to land your first security job maybe something like Sec+ to help get your foot in the door. If you know what discipline you want to get into (appsec, endpoint-sec, etc…) this could help further filter down what cert/training might be best to shoot for. Do you know what you think you want to do?

            • iamak@infosec.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              I was thinking Network Security. But I’m not sure about it. Sec+ will help me decide that?

              • shellsharks@infosec.pubOPM
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Depends what you mean by “Network Security”. A lot of companies have adopted cloud-first environments so traditional netsec is more so cloud infra. In this case there are cloud-specific certs from Azure, AWS, GCP you can take that would be great. If you’re considering traditional network security it may be different. (Though a lot is very much shared).