Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
So I'm planning for the future career move, right now I'm mostly overseeing a pentesting group with a little bit of participation during the tests. I've coded many projects over my time in many languages, but I really enjoyed doing reverse engineering of malware and various other things as they popped up years ago. I can't imagine there's a lot of that available, though. I have a GREM, GPEN, GCIH, and GASF from SANS (I wanted to get more but the company stopped paying for distance travel the last few years). I'm currently 100% remote in the US mid-Southwest and really enjoy it. I've got 13 years of a large variety of professional experience in the cybersecurity and general IT world, with a little bit of a dip into OT with some ICS classes. I'm also trained in digital forensics imaging and handling, as I've spent some time working for a law enforcement branch (that was a wild ride)
My main question that I have these days is.. what would I call myself, professionally? What types of jobs should I be looking to do. I can do management and leadership but I like getting my hands dirty and solving problems.
With that background you can call yourself what you want. Really just depends where you want to go. At most companies you'll end up either a "something" engineer or on management track depending on which path you wanna go. At 13 years experience though you are somewhere in the realm of Staff/Lead - Principal engineer I would imagine.
What do you guys think about a projects section on a resume instead of a skills section for someone early in their career? The idea would be instead of just listing Python & Nessus you could list something like "Used Python to start a scan against a target system with Nessus API".
I think you would want to have both. Have a summarized section where you list skills you have still but if there's something notable you know how to do, such as programmatically control Nessus using Python (as you have suggested), I think it's worth making the connection in a separate section.
That is generally what I'd recommend, and have liked seeing in a resume.
My thinking is that seeing projects tends to showcase not just a particular skill like with a language you used, but shows an understanding of the problems facing some area that your project is trying to solve. I've never really been a fan of skills listings just because they offer basically no context. Whereas projects give me something to bounce off of in an interview, and hopefully get the candidate talking.
I will say though that I wasn't the person reviewing resumes deciding who got an interview, I've just been an interviewer after someone made it through the screening.