A (mostly) unstructured stream-of-consciousness dedicated to life, tech and infosec minutiae.

Captain's Log (September 01, 2021)

Site News
Shellsharks Community
  • Had an extra SEC460 practice exam voucher to giveaway. It was snatched up pretty quickly.
What I’m Learning

Continuing some threads from last month

  • I’ve passed the GEVA exam with a 90+ score which qualifies me for the SANS instructor development program for that particular course. I’ve been interested in potentially becoming an instructor for SANS for some time now and this may be the course that I decide to pursue.

  • I’ve been pretty distracted and unable to make any meaningful progress on my eWAPT certification effort.

  • Speaking of distractions, I’m currently prepping for the SEC450 / GSOC exam which was just released.

  • Looking forward to the Advanced Web Attacks and Exploitation (AWAE/OSWE) course from OffSec. Planning to start sometime in October.

  • I recently served as a SANS virtual TA (vTA) for SEC503. That class has always been a beast and being a quasi-instructor for it is no joke. The added difficultly was TA’ing in a completely virtual setting where I could not see students’ screens or help them troubleshoot in person.

  • I recently participated in the Core NetWars Tournament at SANS Offensive Operations West 2021. This is the 7th iteration of Core NetWars, the theme of which was IoT. It was fun but certainly challenging. It being my first time participating in this iteration, I was competing in the “newbies” pool. I placed 4th in that bracket and as a result won not only a shiny NetWars champion coin but also punched a ticket to the annual NetWars Tournament of Champions which typically takes place annually at SANS CDI. For an added bonus, this particular NetWars event was also a Coin-A-Palooza event where I was able to win a couple SANS course challenge coins from previous classes I have completed. Love the bling!





  • In the process of sharing some links to content on my site, I noticed there was an issue with the image populating correctly as part of that share. Peeking into my site source I noticed the “og:…” tags and did a little research on what they were and how they are used. This led me to learning a lot more about The Open Graph protocol.
Fitness
TV
Life

A Rant on Traditional Resumes

I recently re-thought the visuals and content-approach for my professional resume, the outcome of which you can find a digital version of on my site. The big difference between this new approach and the traditional approach is I have not included the list-of-each-job-in-chronological-order-with-what-I-did-at-each-place stuff that you typically see. Instead, I have summarized the projects and skills that best summarize my experience and included an alphabetical list of places I have worked. Let me explain why I don’t like the traditional approach…

  • I find that the focus being on where you’ve worked as opposed to what your achievements are is really just a means by which prospective hiring teams can discriminate against you or otherwise discount valuable experience you have because they don’t like or know the company that that experience was associated with. That’s not to say that 5 years of experience at Google is the same as 5 years experience at some small company, but in the end, I’ve never been in an actual interview where it’s seemed like I’ve gotten points based on where I’ve worked in the past. Ultimately, I still needed to prove my knowledge in the interview and that can be done by anyone with the skills/confidence required, not just by those with the “best” companies listed.

  • Total years experience. This is and has always been a dreadful way of judging someone’s relative skill. There are plenty of 10+ year pros who can’t do half of what some talented up-starts with 3 years experience can do. In a traditional resume, you have to list time and duration for every. single. job. This artificial handicap serves only to limit otherwise equally/more-talented younger professionals.

  • Speaking of “total years experience”, what about having to include jobs you held 7+ or even 10+ years ago? This is often expected / required on traditional resumes but does little to help bolster the way you market yourself. Companies should care about what relevant skills you have, not what you were up to that long ago. This serves only as a way for companies to potentially profile or judge you based on what you did in the past. For example, let’s say you served on a help desk 10 years ago, maybe a company will think negatively of that experience. Why share your entry-level experience when they are looking for what you have done at a more senior level?

  • Project/job held duration. This is one of my least favorite things that is expected on traditional resumes. The point here I guess is that companies want to know if you’re some sort of serial job hopper. But there are LOTS of reasons to leave a job, many of which do not or should not reflect poorly on a prospective candidate. But, despite this, I think most prospective hiring panels see short stints on a resume and think the worst, even in areas (DC metro anyone?) where short-term consulting gigs are not only common, but potentially the norm!

Instead of having to conform to this exact resume format, why not market yourself how YOU want to market yourself? Traditional resume formats are designed to put you at a disadvantage, revealing everything about yourself while the company has to reveal nothing about itself. Does the company you’re applying for have to reveal everyone it has fired and why? Does it have to reveal past or future lay-off plans? Though some companies are more transparent than others, all of them - and I mean 100% of them reveal less about themselves to a prospective employee as you must divulge to them. A background check is a good example of this, when’s the last time you ran a background check on a company? We, as a society of professionals need to change our mindset on resumes, and begin to collectively accept non-standard resume formats.


All Log Entries


Disclaimer