My (Imperfect) Guide for Job Seekers
Secrets of the Four Resilience Tactics and How to Craft a Hella Good CV
To summarize, this is the journey of the post:
So your CV uh?
Throughout my career, I've never walked out of an interview feeling I smashed it.
Interviewing is hard, it’s a vulnerable experience, exposing yourself to evaluating criteria that are never fully knowable, impostor syndrome is around the corner and you are constantly second-guessing your hard earned skills.
Hey, we've all been there and probably will be many times throughout our careers. But you can learn a few tactics and techniques to navigate these moments more easily.
One powerful approach is reducing the distance between your professional persona (like your CV) and who you genuinely are. This will foster authenticity and confidence.
Another powerful approach is building practical resilience techniques to help you bounce back from setbacks and stay grounded: Anticipate, Withstand, Recover and Adapt.
We'll explore both approaches in this post.
When we dive into the CV specifics, we'll focus on making it a true reflection of you without compromising on sending a powerful message. We have to forget about generic lists. We'll cover how to pinpoint and articulate your genuine accomplishments, quantify your impact authentically, and convey the real value of your skill sets. The goal of a CV that is not to list skills, but to tell your unique professional story.
In essense: we need to craft a hella good CV that tells your story right. However, it’s not all about just optimizing a CV.
There is a dimension of being in how you perceive and present yourself at work. It's all about resonance: who you are, who you aspire to be, the gadgets and tricks you pick up along the way, the artifacts you build to map the world around you and solve real problems.
True resonance occurs when your personal values and professional aspirations are in alignment. It's a harmonic convergence that creates a powerful connection. When your frequencies align, your message is not just heard, but deeply felt. Have you ever thought about the message you are projecting?
For many of us, pursuing the alignment of personal values and professional aspirations is an exciting adventure. A journey of wisdom and insight.
Now the obligatory disclaimer.
These are my personal opinions and mine only, they don’t reflect those of my employer. I am by no means an expert in all things related to a CV or how to "ace" your job interviews and this shouldn’t be taken as super-duper professional advice.
I will simply offer my humble and imperfect advice from the POV of someone who has seen 100s of CVs + interviewed + hired lots of people along the years in different continents, and someone who has been there and done that as a job seeker too.
Strategy 1. Crafting a Standout Cybersecurity CV à la Imperfect
Do you know what CV stands for? Curriculum Vitae. Supposedly the “Course of Life”. If it were a movie, it would be very, very, very long!
In reality, if the course of your life is like a nine part StarWars saga, your CV is nothing more than the official trailer. It’s a pitch, for the purposes of convincing prospective investors (employers) that it’s worth hearing what you have to say.
So, what you'll find here isn't a step-by-step recipe guaranteeing the ultimate CV. Think of it more as a collection of artifacts, navigational aids perhaps, gathered from my own winding path through this landscape. You may find a rusty compass that needs tuning, I can’t fix it for you, that’s your job.
My experience, like anyone's, is a unique journey, not a universal blueprint.
It's crucial you discern for yourself what resonates, what feels authentic and useful. Approach these ideas not as rigid directives, but as potential tools, perhaps even odd-shaped keys you might try in the locks you encounter.
First Impressions
Key Idea: Work on your introductory section, a single high-impact paragraph, an elevator pitch. In today's distraction economy, people's brain-cache is full to the brim by Instagram posts, TikTok videos, Twitter/BlueSky/Mastodon short posts, and every other kind of super-duper-urgent-FOMO-key-information platforms offer out there. If you want to stand out, you need a way to encapsulate your profile in a paragraph or two.
Do:
Start your CV with a paragraph or two summarizing your profile and experience.
Focus on your unique value proposition. What makes you stand out from other candidates?
Show personality, but keep it professional. Let your passion and enthusiasm shine through.
Avoid:
Using LLM to write your whole story. At least not without heavily reviewing, tweaking, editing to make sure it reflects you. You definitively don't want to sound so polished that any aspect of what makes you "you" has been sanitised.
Putting your cover letter as the first page of your CV.
Jumping straight into your first job with no context or introduction.
Skill & Proficiency
Key Idea: Nowadays the word "senior", "manager" or "expert" can mean anything depending on the context. I see people that are seniors after 6 months of experience, and experts in DevOps that don't know what Terraform or Ansible are. Come up with your own scale to break down skill and proficiency.
Do:
Come up with your own scale to break down skill and proficiency. Example Aware, Exposure, Proficient, Advanced. You can use existing models too like the Dreyfus Model of Skill Acquisition. Whatever it is, make sure that it’s a relative way of scoring your skills in particular domains.
Focus on three core skills, and then other skills that are one or two degrees of separation from your core skills and subservient to them. Think streams feeding a river.
Non-technical skills are super important. Beyond the technical artifacts and exploits, consider the connective tissue, the human protocols. Your mastery needs conduits to the wider ecosystem. Can you act as an interpreter across tribal boundaries, making the technical legible to those outside our specific domain? Can you shape understanding through well-structured written accounts, turning raw data into actionable insight?
Reflect on moments where you subtly shifted the momentum, influencing key figures not through force, but through resonance and clarity. Have you shared your own hard-won wisdom through mentoring, or shouldered the responsibility of leadership, guiding others through the fog? Demonstrating this side of your practice is important, it shows you understand the whole system, not just the code.
Avoid:
Portraying yourself as an absolute senior in everything. Nobody is. If you only list your best skills and you rate yourself the highest in all of them it may come across as fake. Seek a genuine representation of yourself, including skills that you are somehow proficient, it shows you are expanding and developing in other areas.
Positioning Yourself: The Long Game
Key Idea: One thing is for your CV to make it through, another thing is to get noticed, and another one is to stand out.
I remember a post I read somewhere where someone compared getting an interview with penetration testing or social engineering. It was hilarious, it rang true and it was a really cool analogy. I can't remember who said it (and if you find that post please reach out so I can provide attribution!) but it went something like this:
Perform reconnaissance, gathering information about the company culture and the specific role, while simultaneously ensuring your credentials are tailored to it.
Your CV is your payload. You want to deliver your payload by employing the right keywords that will get you past the automation bot or the human firewall.
Once your payload has landed, you need to employ gentle "nudges" to get someone to read it (i.e. execute it by loading at least your Name and Last Name in their running memory). Reach out to the recruiter, send an email to a contact address, call the person that acted as your referral. In essence: engage, don't sit there waiting.
What this analogy is telling us is that you need to play a strategic positional game. It's a long game. Starting now would be a good idea ☘️.
It's about positioning yourself, your assets (skills, experience, proficiencies, tradecraft) and your allies (network) in a way that will help you achieve your long term goals.
However, there is a catch: pursue all these things with genuine commitment to becoming your sincere and best self. Cultivate a meaningful profile oriented towards relevance and self-awareness. Otherwise it will feel like wearing a suit that is two sizes up or down, or wearing clothes you hate: you will feel uncomfortable, it won't generate resonance.
It's really easy to tell when a profile is simply a SEO-optimized, shallow applied recipe of "best practice" rules for "success".
Do:
Be imperfect, be genuine, stay committed to purpose and relevance realization.
Play the long positional game, talk to people, go to events, network.
Build a strong online presence. Optimize your LinkedIn profile, put work into a portfolio (a single python script in a repo, a blog post that shows your opinions about a topic, a CTF challenge you solved, etc.), and contribute to relevant online communities.
Develop a personal brand that highlights your unique strengths and expertise. (This is your "signature exploit" - what makes you stand out?)
Avoid:
Neglecting your network. Even casual acquaintances can provide valuable leads.
Engaging people with a purely instrumental approach. People can tell, your energy will give you away. You won't forge long lasting connections which are the long burning logs you need to survive when it rains.
Burning bridges. Maintain professional relationships, even with people you don't particularly like. Be stoic here, don't meander in low level emotions. It's hard, I know, but the less you ruminate on past feuds the more your mind is free to perceive new patterns that lead to better opportunities. Focus on forward momentum, not past conflicts.
Assuming that your work speaks for itself, make sure that it is seen in the right circles.
Putting effort into crafting a professional self that doesn't ring true.
Presenting Information
Remember, we live in a distraction economy. Every App and Ad out there is trying to capture not just your attention but that of your prospective employer. It is sad, but it is the reality of current times. I read this quote on the weekend that explains it all:
In these post-modern times, f you want your CV to stand out, it has to be visually appealing, and have an easily digestible format. Think of it as presenting a well-organized incident report – clear, concise, and impactful.
Think of your first page in the CV as your landing page. How do you want that to look like? The first page should summarize YOU.
I tend to imagine dashboards. Some Managers will love that, some won't. It's up to you to do some research and come up with a style that caters for multiple audiences or that is heavily tailored to a specific scenario.
Personally, I prefer coming up with a unified style that caters for most audiences but can be slightly tweaked if necessary.
Do:
Prioritize Readability. Use clear, consistent formatting with ample white space. Employ bullet points, headings, and subheadings to break up text.
Don't be boring. Provide visuals, graphs, etc. to portrait things like skills and achievements.
Highlight Relevant Certifications and Training: Prominently display your certifications and any specialized training you've completed.
Leverage Icons and Emojis: Use relevant icons or emojis to draw attention to specific sections or skills, like a shield for security or a lock for encryption.
Avoid:
A wall of text. Dense paragraphs are difficult to read and can overwhelm the recruiter or hiring manager.
Generic Language: Avoid vague terms like "team player" or "problem solver", these are commonplace cliches. Instead, go quirky, re-imagine the cliche. You could say bigger-picturist, exponential troubleshooter or anomaly detective instead of "problem solver". If you are not comfortable with this or it feels untrue, way off brand, then provide concrete examples that demonstrate the concept.
Using too much “very” everywhere. Yeah I am guilty of that! You know what rocks? This website: www.losethevery.com
Minimal separation between lines, this hinders readability.
Inconsistent Formatting: Inconsistencies in font, spacing, or style can make your CV look unprofessional.
Using too many colours: Keep the colour palette harmonious. You can use sites like coolors.co to generate nice colour palettes!
Impact != Outcomes != Output
Key Idea: People confuse Outputs with Outcomes and these ones with Impact.
An output is something you produce as a result of an action or units of work like a pentest report, a new detection rule, a threat actor profile report, etc.
An outcome is a measurable improvement as a result of your actions and outputs. A specific result that achieves something meaningful for stakeholders, it is immediate and tangible, it answers the question "so what?". Think about the "KR" (Key Result) in OKR. E.g. your pentest report might help inform key stakeholders of critical business vulnerabilities, your new detection rule increases the coverage for the early identification of a threat actor technique of key importance to the business, your threat actor profile report provides key insight into priority areas for red teaming, threat hunting, driving effort towards high priority threats.
Impact is going one level up from outcomes and looking at the bigger picture, it's about answering the question "what strategic goal are you contributing towards?". Think about the "O" (Objective) in OKR.
In a CV, you may not need to refer much to impact, but definitively focus on showing "outcomes", because those communicate your value add.
Do:
Think STAR (situation, task, action, result). For each current and past job experiences, add a short paragraph around outcomes, not just a list of tasks you performed.
Quantify Outcomes and Impact Whenever Possible: Use numbers, percentages, and specific metrics to demonstrate the value of your work. For example, "Reduced critical vulnerabilities by 30%, minimizing potential financial losses."
Show the "Ripple Effect": Whenever possible, describe how your actions positively influenced stakeholders and/or helped solved other secondary problems. This shows you are a person capable of high-ROI. Your outcomes don't need to be spectacular or intricate, they simply need to express positive influence on results.
Use Action Verbs That Highlight Impact: Use verbs like "reduced," "improved," "enabled," "protected," "enhanced," and "strengthened" to emphasize the positive effects of your work. Yeah these are boring verbs, but they seem to stick in the business world of cyber, and Managers -like yours truly- are programmed to pay attention to these.
Avoid:
A Shopping List of Tasks: Don't simply list the tasks you performed. Focus on the results and their significance. You can do tasks and activities, but connect them to the bigger picture.
Ignoring the "So What?" Question: If you can't answer "so what?" about your work, it's likely the hiring manager won't either. Without the "so what?" it's just an output, and not an outcome or impact.
Overusing Jargon without Context: While industry terminology is important, explain the context and impact of your work in a way that non-technical stakeholders can understand.
CV Operational Security & Privacy
Key Idea: Your CVs will be exposed to a high quantity of people over the course of your professional career. There are details that are relevant to your professional profile and other details that aren't.
Do:
Provide relevant information about your profile in the industry, your experience, influence and impact.
Avoid:
Exposing your references or contacts unnecessarily, their private contact details shouldn't be broadcasted to the world. Instead, state they can be provided upon request.
Sprinkle some Magic
Key Idea: This is absolutely optional. Some companies will love it, some will hate it. Do your research, understand what kind of company you are applying to and then make a decision about how quirky your CV should be.
Consider:
Add a top 5 of the books you most enjoy, this will give your employer a sense of your level of engagement with the field. It doesn't matter "what your read" as long as it's a window into your intellectual interests, the things you are passionate to understand deeper.
What's your most treasured hobby and why?
What podcast do you love?
What are the tabs you always have opened on your web browser?
Strategy 2. Resilience Tactics.
Even with the most impressive CV, the most awesome skills and certs and the most polished writing, you will fail, many times.
Don't let this discourage you, nothing of true value comes easy. The payoff you will get once you land a job will greatly outweigh any strenuous effort made in service of that goal.
In Developing Cyber-Resilient Systems - NIST 800-160v2 there are several strategies that mimic from the organic world into the machine world, and can be exapted and re-applied to your life. These are: Anticipate, Withstand, Recover and Adapt. I will attempt to shed some light into how I think of these in the professional world.
✨Warning, what follows is not for everyone. It's a sneak peak into some of my implicit sense-making algorithms. Challenging to put in words. There is some oblique artistry involved, rich in metaphors and philosophical gardening. And, there is some antimemetics involved.
Resilience Tactic 1: Anticipate. Scouting in a Shifting Landscape
Right then. Have you ever felt lost? I have. It's part of the journey. Embarking on a job hunt feels less like charting a known course and more like stepping into a fog where the landmarks occasionally rearrange themselves.
To Anticipate here isn’t about pretending you have perfect foresight (best to leave this to overly confident strategists). It’s about acknowledging the ambiguity and uncertainty of your journey while still doing your groundwork.
When lost, stick to the fundamentals, play the long positional game, the goal will come ⚽. Figure out what skills are actually in demand versus buzzword bingo, and know what you bring to the table.
Do the recon, yes – get a feel for the prevailing currents in your field, decipher the coded language of job descriptions (what are they really asking for?), and ready your personal grimoire (resume, GitHub projects, profile, conversational gambits). These will become your deck of many things.
However, hold these cards loosely. Imagine contingencies not merely as backups, but as potential openings to adjacent possibles you hadn't considered, yet.
Most importantly: cultivate your inner stance. Soak up the teachings of the stoics. Expect friction, rejection – the system's background radiation. See it not as a judgment, but as noisy data from a complex, often unpredictable machine sustained by a set of practices you won't always comprehend.
It’s about cultivating readiness for emergence, not just optimizing for the most probable dice rolls.
We live in a world of over-optimizing gurus that want to sell you a straight line between point A and point B. In real life, nothing is so linear.
Non-linearity, obliquity, zig-zags, one step back and two steps forward: these are the pivoting techniques you need to integrate into your deck of many things.
Optimization for an outcome too early may put you in over-fitting scenarios, collapsing the possibility space, unable to grok the wider possibilities out there. But most of all, if you follow the bible of each and every optimizer out there, you will curtail the unfolding of who you are, undermining the precious mana of internal motivation! As Brian Klass puts it in a great essay:
"This isn’t an invitation to resigned complacency, but rather a corrective compass: a reminder that personal striving should be guided by internal motivation, not to satisfy some unicorn-like social fantasy about the perfectly optimized life—astonishingly efficient, ruthlessly goal-oriented, and utterly nightmarish." (Brian Klaas, Against Optimization)
Resilience Tactic 2: Withstand. Tuning into Your Own Signal Amidst the Noise
My fellow cyberscout, let me tell you this, you will find yourself entangled in the inevitable muddle: the silence, the polite dismissals, the impostor syndrome, the gaslighting, the lack of a voice echoing back at you.
At times, you will feel disconnected from the feedback loop that helps you stay on track. And you will get scarred. This is the desert of white noise, where you can't tell right from left, up from down.
There is not much you can do here other than resorting to your learned fundamentals. There is an i-ching theme that appears in a few hexagrams:
"Perseverance furthers" (貞吉; zhēn jí)
Yeah I know, I'm flexing knowledge in "i-ching" which I don't really possess, and I sincerely apologise for the Chinese translation since I don't actually speak/write the language. But you get the point: perseverance pays off.
To persevere is to take the hit, to withstand it yes, but to allow that which temporarily harms you (a rejection letter, dismissive recruiters, ghosting, impostor syndrome, etc.) to teach you something about yourself and the environment around you. You don't want to remain immutable and unchanged. Seek a relationship with your context that re-connects you with that tight feedback loop you need to get past the obstacles.
be water my friend (Bruce Lee)
To Withstand it's to maintain your own coherence, your autopoiesis, amidst the chatter and indifference. Keep your core rhythms going – the searching, the applying, the connecting – like tending a small, persistent fire. Never stop searching for kindling. Keep the fire going even if at times it looks like a pile of embers. Remember that embers are the seed of new fire.
When the inevitable “no” arrives (often cloaked in euphemism or simply absent), acknowledge the blip, the momentary dissonance (perhaps offer a silent, friendly scoff at the absurdity of it all?), but don't let it corrupt your core operating system. Observe these moments less as “failures” and more as the landscape revealing its contours, its preferences, its sometimes arbitrary gates. And those tactics yielding nothing? Gently set them aside, not as “failures”, but as paths that turned out to be loops or dead ends for now.
Stay operational, seek the aliveness of things, yes, but more importantly, stay attuned to your own energy and the subtle shifts in the field.
Learn, let the scar be your teacher.
Resilience Tactic 3: Recover. Recalibrating in the Quiet Spaces
Sometimes the signal degrades significantly; the noise becomes overwhelming. Simply withstanding isn't the move anymore. You need to Recover. This isn't surrender by the way. It's savvy navigation. Retreating momentarily from the arena to recalibrate.
A strategic pause, consciously taken, allows for integration and sense-making that's impossible when you're just reacting. When you re-engage, do it incrementally, feeling your way back into the flow, testing the currents.
Seek shelter my friend. This is the time to head over to your sacred grooves and sanctuaries. The time to talk to your elders, seek the wisdom of the ones who've been there before you. Connect to your friends. Talk, have fun. It's fine to ask for help. Heck it is more than fine, it is fundamental for thriving in the jungle.
Tend to your circles of conviviality. This is what being part of a clan and a tribe is. When you tend to the shared fire, you build resilience against the storms.
Around the fire, we tell stories. Allow yourself to revisit past chapters of your story not as proof points, but as reminders of your inherent capacity to navigate uncertainty. Seek dialogue (feedback) not just for data, but for reflection. Practice listening deeply to yourself and the environment.
When the territory is dynamic, presence becomes as important as vigilance.
How present are you?
Resilience Tactic 4: Adapt. Strategy as a Living Conversation
Trying the same failed exploit code over and over gets you what? You guessed it, the same results. This is where we Adapt. It’s the heart of navigating complexity, where strategy becomes less a fixed plan and more a living conversation with reality.
The Cynefin Framework reminds us that when in the complex domain, the best way to navigate is to probe-sense-respond. Adaptive response in deep connection to our environment.
Treat every interaction, every response (or lack thereof), as a subtle whisper or a loud clue from the system you're interacting with. In the context of threat intelligence, I always say that your environment emits and radiates valuable data that you could turn into intel. The information is there, your weaknesses, your attack surface, your risk profile, your priorities, the question is, are you listening? Are you turning that data into intel?
Use this unfurling of information to refine your approach – tweak the resume's narrative, adjust your conversational posture, explore different ways of showing up.
Cultivate a richer, more multifaceted presence. And if the path feels consistently blocked or just… wrong? Pivot. Gracefully. Explore adjacent territories. Look into the less obvious spaces where interesting things might be brewing. That message somebody left in your mailbox and you never replied to, that invitation to a gathering you never imagined yourself attending to, that colleague that is connected to wizards in the field, that sorceress that has some inexplicable magic surrounding her.
This isn't just about staying dynamic, it's about becoming an active participant in the generative dance, finding the rhythms, embracing the uncertainty of your situation not as a problem to be solved, but as the very medium through which new possibilities arise.
So now what?
I admit it, some of the things I shared here won't resonate with a lot of you out there. And that's fine. Because I accept my uniqueness. I play in the in-between of memetics and antimemetics. I don't parse well in some settings. RegEx for these words would turn into a recursive loop. And again, that's fine. Not everyone should grok this content. But there are gems to be found my fellow cyber scout, there are beautiful, deep coloured gems.
The more you accept the struggle and come up with creative ways to overcome obstacles, the more you accept that uncertainty and ambiguity are fundamental primitives of the journey, the more you will learn, course-correct, re-shape the neural pathways of your sense-making tradecraft in the world.
This will result in a more meaningful orientation and attunement with the experiences that bring joy to your life. And the more joyful you are, the more opportunities you will find.