Do's and don'ts for writing a standout cybersecurity resume

A winning cybersecurity resume takes a "show, don't tell" approach and highlights your skill set, education/training, and relevant professional experience quickly and effectively.
Written by Matthew Sweeney, Contributing Writer
Cybersecurity concept -- hand points at a lock symbol.
thodonal88 -- Shutterstock

Looking to apply to cybersecurity jobs? Competition is fierce, so you'll need an edge. Cybersecurity is a rapidly-growing field — the U.S. Bureau of Labor Statistics reports that information security analysts can anticipate 33% employment growth from 2020-30.

The good news is that you can increase your competitiveness with an effective cybersecurity resume. But don't just take our word for it. We also spoke to Zoë Morris and John Boyle, two experts in recruiting and staffing, to bring you even more helpful advice.

Read on to learn how to craft a succinct, quantitative, and thorough cybersecurity resume that will help you stand out among thousands of applicants. 

Important: Tailor your resume to each cybersecurity job

One big part of preparing your job application is tailoring your resume to each role to which you apply.

Highlight recurring keywords and important skills and responsibilities mentioned in the job listing. Then, touch on them in your resume. Including the keywords can help your resume rank better when it goes through the applicant tracking system.

For instance, if a listing mentions penetration testing skills, mention your experience performing those tests in your skills section.

Remember that many tech companies receive thousands of applications weekly. Landing a job interview depends on including scan-able information a hiring manager will immediately see. Make it easy for them to see, within seconds, that you have the needed skills.

ZDNet: What are the top things you look for when reading through a candidate's resume for a cybersecurity role?

John Boyle, a white man wearing a suit, poses for a professional headshot.

John Boyle

John Boyle: As a recruiter, I generally look for a level of customization between the candidate's resume and the position that they're applying to. Resumes that "speak" to the position will stand apart from more generic "once size fits all" resumes. Due to the sheer volume of resumes that we see daily, the ones that are matched according to the requirements of the job opportunity will be prioritized. 

This can be as easy as moving the ideal job-related bullets in a position summary to the top of the stack for faster recognition,or adding new bullets that accurately & specifically address the needs outlined in the job description. The goal is to have the reader quickly understand that this specific candidate is tailor-made for the role.

Also, I prefer when relevant certifications and clearances are near the top of the resume, such as TS/SCI, CISSP, Public Trust, Private Trust, etc. They should be current. If the candidate's education is security-related, that should be listed near the top as well.

ZDNet: When reading through a candidate's resume for a cybersecurity role, what can make you instantly want to set up an interview with them?

Zoe Morris, a woman with long, straight dark hair wearing a professional blouse, smiles in a headshot

Zoë Morris: With tech being even more competitive than ever, and cybersecurity in particular evolving so rapidly and boasting so many opportunities, naming any specific programming or scripting languages you're familiar with, or data analytic programs you've worked with can impress an employer — particularly if you have experience working with something they haven't or are hoping to bring in.

Similarly, certifications can often be the decision-maker for whether many employers offer a candidate an interview or not. They show commitment and a willingness to learn, as well as an industry-standard level of knowledge, so they're certainly worth doing and documenting on your resume. 

How to format your cybersecurity resume

Format your resume according to industry expectations. Though you can certainly use a little color, don't get flashy with unusual colors, graphics, and fonts. 

Keep the overall aesthetic clean and professional. To increase readability, ensure spacing is consistent between lines and sections. Leave plenty of white space — big blocks of text are hard to read.

Limit your resume to one page. If you have many years of experience, max out at two pages.

Present your employment/experience history in reverse-chronological order. This keeps the focus on where you have arrived rather than on everything leading to that point. Stick with a simple, intuitive layout, such as a one- or two-column format.

You'll need to include the following components on any cybersecurity resume:

  • Header
  • Summary/objective
  • Employment experience
  • Skills
  • Projects
  • Education


The header is where you put your name, professional email, and home phone number for employers. Optional information includes your:

  • Home address
  • LinkedIn profile link
  • GitHub profile link
  • Online coding portfolio/personal website link

Hyperlinking relevant websites can help you by quickly directing employers to material showcasing your skills and professional connections. 

Resume summary/objective

A resume summary or objective provides an overview of your professional qualifications. A summary typically focuses on how your experiences align with the job description, while an objective lays out your career goals and expectations. 

This section should not exceed three sentences or two bullet points/paragraphs.

You can maximize this section's effectiveness by discussing skills and experiences mentioned in the job listing or relevant to the industry you'll be working in.

If you don't have prior cybersecurity experience:

If you're applying to an entry-level job and lack cybersecurity work experience, never fear. You can fill out this section by talking about past education and personal traits that you think qualify you for the job in two to three sentences. 

Some positive traits that you can mention include:

  • Curiosity
  • Conscientiousness
  • Empathy
  • Professionalism

Employment experience

You can make a bigger impact on the employment history section of your resume by using a "show, don't tell" philosophy. 

Briefly summarize your professional accomplishments and contributions to different workplaces.

When possible, use the STAR method to talk about how you dealt with different workplace problems and situations. (For a detailed explanation of the method, in which you summarize the situation, your task, the action you took, and the result, see our article on how to answer behavioral interview questions.)

Speak about the quantitative results of your actions, such as higher quarterly earnings. Use specific numbers whenever possible. 

Remember also to use action verbs when writing this section. 

Highlight accomplishments that align with hard and soft skills mentioned in the job listing. If the job involves cybersecurity engineering, talk about using programming in past jobs. If the job emphasizes solo work, talk about job experiences where you mostly worked independently.

Lastly, this section should include experiences relevant to the job in question. Focus primarily on roles that are related to cybersecurity, software engineering, and information technology.

Professional skills

The skills section should be curated for its relevance to the job you're applying for. For instance, if the job position heavily emphasizes IT skills, mention network architecture expertise as one of your hard skills.

Use a bulleted list of one- to two-word skills, rather than phrases. Minimize mentions of people ("soft") skills — a bulleted list doesn't give enough context to convince a manager that your self-assessments are accurate. Discuss people skills in your cover letter instead.

cybersecurity skills to list on your resume. Possible hard skills include coding, computer networking and cloud computing, system administration knowledge, security auditing and compliance, identity and access management, operating systems knowledge, network architecture knowledge, handling and responding to security incidents, firewall/IDS/IPS skills, and data protection. People skills include humility, leadership, critical thinking, verbal and written communication, working with a team, and problem-solving.
Tori Rubloff/ZDNet

ZDNet: What are the most common mistakes you see on people's resumes that cost them moving to the interview stage, and what can they do differently?

Zoë Morris: A lot of candidates tend to completely neglect how important soft skills are. But with the tech sector facing a huge skills gap at the moment, employers want to know that a candidate has both the technical knowledge and the soft skills needed for the modern workplace, so include these in your resume. 

Additionally, naming clients or accidentally disclosing private information when talking about past experiences and challenges is a huge mistake I see all too often. Candidates need to anonymize any case studies to protect this data or risk immediately being rejected from great opportunities — and in some cases, even face legal action if this is reported.


The education section of your resume should mention every school, degree, and certificate under your belt.

Once you've graduated college and have a couple of years of professional experience under your belt, you don't need to mention your GPA. The same goes for academic accomplishments of note such as club memberships, honor roll, etc. Those are really only relevant for recent graduates.

Make sure to mention cybersecurity training you've had, such as coding bootcamps and continuing education.

Other relevant sections you can include


Consider including a section detailing tech certifications you've earned. These can impress employers who want to see your skills in specific areas of expertise, such as penetration testing or information security.

Awards and accomplishments

Bring up awards and accomplishments if they relate to the job you're applying for. Show employers that you have gone above and beyond requirements in the positions you've held. Make sure to explain what each award recognizes people for, rather than simply naming them — especially if they're company-specific.


Volunteer experiences can be relevant to your cybersecurity resume if you're applying to a nonprofit tech job. Nonprofits will appreciate your willingness to leverage your skills without profit in mind.

Security clearances

Your cybersecurity resume can benefit from mentioning any security clearances you hold, especially if you are applying for a government job that might require typical candidates to obtain clearances.

Languages you speak

If you're applying to a position at an international company, mention your foreign language skills. This shows your ability to communicate with ESL team members in other languages, which is often helpful.

Professional organizations you participate with

If there's room, mention any professional organizations you belong to on your cybersecurity resume. Employers want to see your dedication to a greater community and your profession.

Courses you've taken

You can also mention any courses you've taken, such as online courses or continuing education courses. An example might be MOOCs that show your dedication to learning but don't award credit or certification.

About John Boyle

John Boyle is senior talent director at nationwide cybersecurity and information technology staffing firm, CIBR Warriors. John has been in the staffing industry for 27 years, having held production and leadership roles throughout his career. 

His passion revolves around developing superior relationships and coupling these with best-of-breed practices to ensure world-class service. He truly enjoys helping people to make the most of their career endeavors. 

About Zoë Morris

Zoë Morris is president of Frank Recruitment Group and oversees its ongoing business and sales operations, employee training, and hiring initiatives. Zoë studied psychology at the University of London and has nearly 20 years' experience in the recruitment industry. 

Under Zoë's leadership, Frank Recruitment Group has consistently achieved substantial year-on-year growth as well as winning many industry awards.

This article was reviewed by Monali Mirel Chuatico

Monali Mirel Chuatico, a woman with long dark hair, smiles in a headshot.

In 2019, Monali Mirel Chuatico graduated with her bachelor's in computer science, which gave her the foundation that she needed to excel in roles such as a data engineer, front-end developer, UX designer, and computer science instructor.

Monali is currently a data engineer at Mission Lane. As a data analytics captain at a nonprofit called COOP Careers, Monali helps new grads and young professionals overcome underemployment by teaching them data analytics tools and mentoring them on their professional development journey.

Monali is passionate about implementing creative solutions, building community, advocating for mental health, empowering women, and educating youth. Monali's goal is to gain more experience in her field, expand her skill set, and do meaningful work that will positively impact the world.

Monali Mirel Chuatico is a paid member of the Red Ventures Education Integrity Network. 

Last reviewed April 28, 2022.

Editorial standards