Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
I could use a resume review.
I’m a security architect in the public sector, state government. I started as an entry level sysadmin around 2000. I’m being strongly encouraged to apply for the CISO position here. I’m 46, and currently lead a team of 3.
Every time I apply for the private sector, including lower level jobs, it’s crickets. If I apply for govt work, I get people banging on my door.
How do I get a resume review, or someone to point out what I need to make the jump from govt to private sector?
It’s an odd position to be in; I work in the private sector but my company deals almost exclusively with government and NGO contracts, so at times I feel like I’m public sector.
What I’ve noticed is that even though the desired outcome is nearly identical for both sectors, the buzz words associated with each is what determines who responds to my job applications. As an example:
Private: IaC and Policy-as-Code, supply chain and software composition analysis, SAST, DAST, etc.
Public: Compliance automation, risk management frameworks, risk quantification (this one has generated a lot of excitement recently), etc.
This is purely anecdotal, but you may find adjusting your resume to include some of these buzzwords as applicable to the industry to which you are applying may help you get your foot in the door.
To reiterate, yes I know in the end all of these companies strive toward the same goals, whether it be passing audits or being able to demonstrate prudent security practices to clients, sometimes the hiring manager is looking for specific terminology and will discard any applications that exclude it.