• United States



Sharpen Up Your Security Resume

Jun 01, 20065 mins

Two experts weigh in on how a fictional CSO job candidate can improve his security resume and his prospects

Whether you’re looking for a job or you’re happy as sheep in new grass, it’s a good idea to keep your resume current. But what kind of resume (and for that matter, what kind of background) will get you a callback when you apply for a top security job?

Here you’ll find the resume of a fictional job seeker Donald Dithers, with pointed critiques from two real-world experts: chief security officer (CSO) David Saenz of Levi Strauss & Co., noted by peers as a great developer of talent, and Kathy Lavinder, a recruiter at SI Placement who has worked extensively in the security field. Their comments on specific sections of the resume are linked to the [bracketed numbers].

You can find generic resume advice in innumerable books and websites, but Saenz and Lavinder’s security-specific direction can help you sharpen your own personal development and future job prospects in a unique manner.


Donald Dithers

999 West East Street Apt. 9, Spivey’s Corner, N.C.

(999) 999-9999 [1 Experts’ Overall Feedback]


A Chief Security Officer position utilizing the diverse background and skills of a high-integrity, results-oriented individual.

[Critique 2]

Certifications and Professional Memberships

PSP certification; member in good standing of ACFE (associate) and ASIS; currently pursuing CPP and GIAC certifications.

Work Experience [Critique 3]

Assistant Director of Operations, Facilities and Security

Health-Care Device Co., April 2004-Present

Reporting to the COO with responsibility for maintaining operational excellent at manufacturing corporate approaching $600M annual revenue. Assist COO in defining and capturing metrics for weekly report to company leadership. Principal responsibility for ensuring workforce compliance with security policies including access control measures. Assisting Information Systems department in establishing information security program based on ISO17799 guidance and compliant with HIPAA requirements. Spearheaded project to update Y2K plan into a well-defined disaster response protocol.

Special Projects Manager [Critique 4]

Widget Enterprises, September 1999-March 2004

Managed internal fraud investigations including interview process, computer forensics as well as review of surveillance records where appropriate. Maintained 90 percent-plus positive case resolution rate. In cooperation with General Counsel, managed work with collection agencies and recovered significant restitution from delinquent customers. Codirected implementation of IP network-based surveillance network in four sites in conjunction with IS group.

Regional Manager of Loss Prevention

Acme Retail Outlets, January 1997-September 1999

Seven-store geographic region reduced inventory shrink by 9 percent under my direction.

Loss Prevention Associate

Acme Retail Outlets, June 1992-December 1996

Part-time position while finishing college degree. Responsible for store and employee security, inventory protection.

[Critique 5]

Military ServiceUS Army, 1989-1992 with honorable discharge EducationBachelor of Science degree in Sociology and Criminology

Wichita State University, 1996

SANS coursework in information security, ongoing (Essentials, Firewalls and 17799 completed).



1. Overall input:Lavinder: Dithers is not ready to go for a CSO position. He needs to keep looking for opportunities in his current environment to pick up responsibilities, even projects, that would help him build the case over time. He should be thinking about getting a master’s degree, and something in the information arena would go a very long way to increasing his chances of becoming a CSO one day. Master’s degrees are much more common these days and candidates without them are often at a disadvantage. A logical next step would be for Dithers to find a deputy position in a large organization where the physical and information security functions are merged , but I don’t think that would be realistic without the GIAC or CISSP.Saenz: CSO positions typically have a very large geographical range. This applicant’s experience appears very light. The only position that demonstrates range is a loss prevention job that covered seven stores. This area really needs to be strengthened. 2.Saenz: Well-done Objectives section. The certifications will be largely meaningless to an audience outside security. Actually the entire resume suffers from its use of acronyms. Spell out what these acronyms mean. The consequences of not knowing them will fall on the applicant, not the reader. Also, put certifications toward the end of the resume, neared to the education section.Lavinder: I usually counsel candidates to avoid an Objective section on the resume and incorporate it into the cover letter. A candidate’s objective may not match the needs of a potential employer, and it can be a bit transparent to merely parrot sections of a job posting. 3.Saenz: He uses verbs that are too passive to describe the work. “Assist” and “in cooperation with” better describe a good assistant than a leader. The CSO must be a leader.Lavinder: The resume focuses too much on current duties and responsibilities. He should emphasize initiatives and accomplishments, particularly around the ISO standards. Looks like his involvement in the development of metrics in noteworthy, but it gets lost in this telling. Bullet points work best in the job sections. I like the way the company is described and the reporting structure identified, but I would flip it: Talk about the company first, then the reporting structure. 4.Lavinder: The section on Widget is better because it focuses on tangible results with hard numbers provided. He could expand on the surveillance network initiative to add important detail.Saenz: Reducing inventory shrinkage by 9 percent seems like a very substantive accomplishment with real business impact. I think not enough is said about it and how it was accomplished (keeping in mind that the emphasis should be on the strategic components, not the tactical). 5.Saenz: Military service does not say enough. Either it should say more or it is not relevant and should be dropped. What rank did the applicant have? Promotions or citations? Specialized training that would be germane? Among the greatest benefits of military experience are good training and the opportunity to work with large numbers of people. Nothing is said about either.Lavinder: I suggest candidates keep a training log [military or otherwise] and indicate that it is available upon request. If he has had some particular, specialized training that bolsters his CSO aspirations, by all means, highlight that in a Training section to follow Education and Certifications.