Getting Found

When looking for a new role it goes without saying that you should always aim to have as many skills that you've covered (and that you feel could be relevant) on your CV as are possible, but there's more to it than that.

A good example centres around those working in the SOC space. I work with CVs that talk about working with SIEM tools, listing all of the things they're doing with said tools but not actually delving into what SIEM tool(s) they're using. Having the specific tools on your CV makes a huge difference no matter what part of the Cyber Security field you're operating in, as businesses can be more inclined to consider someone who wouldn't require coaching on something new and even whose knowledge could benefit them from the outset.

Also, put the specific tools in the jobs themselves! I know it might not sound important, but just listing all of your tools in a "technologies" section on your CV doesn't tend to give any idea of what you've actually achieved with each technology, or how long you've worked with it. If you're talking about "using the SIEM to", why not say "using Splunk to" or "using LogRhythm to" instead, really accentuating your strengths with a particular SIEM tool.

As above, this can be extremely important and have potentiality. Say for example you were to mention having performed "configuration and automation of Splunk environment", then that could leave you head and shoulders above the rest when applying or being looked at by a recruiter if they've been more general on paper saying "configuration and automation of SIEM environment".

Another key point is not to make assumptions. This may sound obvious, but I see a lot of CVs where technologies and tools are left off simply because they see this as being such a common occurrence that it wouldn't seem like something you'd need to put on your CV. If you are not sure, leave it in! You have to appreciate that, whilst your profile may eventually make it's way to those at a similar technical level, initially you'll likely be looked at by those in areas such as HR who could be filtering applications based solely on keywords initially.

Whilst as a recruiter I'll cover a lot of ground with you when we chat, getting a clearer understanding of what you've done where and using what tools, it will make it much easier to then back up any claims I make when speaking with clients (or claims you make when speaking with me) if the content is there on your CV and easy to find.

It'll also make it easier to find you if we're looking for a specific technology, which is important if roles are fast moving and aren't advertised! Whilst searches aren't based on just keywords, they certainly can help us out when a client is demanding a very select set of requirements as essentials, so it really will up your chances of being considered before others out there.

If a recruiter is doing their job well, there may even be scope to look at your skills/tools used and to know what could be easily cross trained in order to expand the search and to put you in front of a role for which you otherwise might be ruled out. If for instance you're managing McAfee Network Security Platform (IPS), picking up Cisco Firepower or Firepower Threat Defense should be fairly painless provided the client doesn't require experience specific to that product (such as fault finding in this case).

Addressing the exceptions, there will be situations in which you can't divulge the tools you're using, sometimes due to company policies or perhaps due to security concerns, but there are usually ways around this.

The suggestions in these cases would be to disregard the first pieces of advice in this article of course, instead perhaps talking about a tool you're utilising in your own home lab (in your personal interests), or qualifications you've gained on a specific tool in the past, unrelated to the actual role you're performing in a professional capacity. This means that you're still able to get some basic competency out there and still helps you to be discovered for the right role, then going into more detail once you're talking with a recruiter or a client without compromising anything sensitive.

To give another example, if you're unable to name a product due to company policy or security classification, to avoid someone being able to utilise your CV or LinkedIn profile to reverse engineer the network topology of your employer, you could simply move the product name to "technologies used" in the CV so as to not be time or role specific (of course less effective the fewer employers you've had).

Attention to Detail 

As a final point, small though it sounds, correct spelling is an absolute must! If you follow all of the rest of the advice above and then spell McAfee "Macafee", not only will you not turn up on keyword searches for those triaging CVs but you'll also potentially lose credibility if you've supposedly got significant knowledge/exposure around the product.