Hacking Your InfoSec Job Hunt

February 18, 2016

If you missed it, I posted a podcast episode on my job hunt as part of my podcast, Building a Life and Career in Security Podcast. TL;DR? I left my job in December, 2015 and spent 2 months interviewing at 15 or so companies trying to decide on my next great adventure.

The results of my experiences are 3 things that I think are crucial to any job hunt.

Your Network

I don’t know that it was a conscious decision, but the first thing I did was e-mail people within my network that I was looking for something new. The result was about 10 opportunities for me to interview/discuss.

I was actively looking for a job so it’s not that unusual to e-mail your network. What if you’re just frustrated and work and thinking about leaving? I think that’s where we tend not to use our network. Personally, I have received very few “hey, I’m thinking about leaving” e-mails.

And yet I get a ton of “hey, are you thinking about leaving?” e-mails from within my network.

There are two takeaways that I think everyone should consider:

  1. Your network is probably your greatest likelihood for success in finding your next job. One of the biggest criticisms of my post on why the CISSP is the only certification you need is that my analysis was done by presuming you were blindly applying for jobs. If you use your network to find a job, the reliance on keywords in your resume is much lower.
  2. You can’t use your network if you don’t nurture your network. You can’t connect with someone on Linkedin, then go silent for a year, and suddenly ask them if they know of any job openings. (FYI, I’ll still respond, but I think I’m unique.) Keep in touch with your network, especially those that have the greatest likelihood for helping you find your next great opportunity.


This is going to sound like a sales pitch. It isn’t. I hate writing a check to LinkedIn, but it’s worth the money.

Up until I was looking for a job, I used Indeed.com for job searches. Indeed is an aggregator of job listings from around the internet. I setup alerts for specific types of openings. Not because I was looking for a job, but because I use openings as a way to keep updated on what other companies are doing. (If you’re in consulting, I encourage you to do it too.)

In December, I signed up for LinkedIn’s job searching upgrade. Their listings of jobs is of such a higher quality than Indeed. At least for the jobs I was looking for, they landed on Linkedin often before they were posted on their website.

As an upgraded member, LinkedIn offers you a “one-click” apply button that makes it really easy to apply for jobs. Guess what? Almost every recruiter e-mailed me back to say they didn’t get my resume or additional information that they needed. So… first, it doesn’t really work as described. But… It was an interesting way to social engineer the exact recruiter that is recruiting for the job you’re applying to.

Finally, I wrote a post a while back on optimizing your LinkedIn profile. I encourage you to read that as well.

Resume Analysis

This is the complete opposite of networking. You’re blindly applying to a job opening on the internet. You know no one but you think it’s the perfect job for you. How do you make sure the recruiter looks at your resume?

Resume Analysis. It’s the ultimate job hack. Most big corporations use tools to score your resume. The recruiter looks at the top scores and the bottom scores automatically get the bong e-mail.

Check out Resunate. You submit your resume and the job description and it automatically gives you a score and how to improve your resume.

I don’t like this approach at all. It’s gaming the system and I’m not about gaming the system. That said, sometimes you need a leg up on the competition. As long as you’re not adding or changing anything that misrepresents you, it may be the difference between getting the first call from the recruiter or crickets.


Whatever you do, be genuine. You can modify your resume, talk to everyone in your network and pay for the ultimate LinkedIn account. No matter, when you actually talk to recruiters, interview with a company and take your next job, be yourself. You want a company to hire you for who you are, not who you tried to be to get the job.