The recent list of layoffs reads like an honor roll of tech’s best and brightest: Amazon, Google, IBM, Microsoft, Salesforce, SAP, and many others. In the first month of 2023, over 200 technology companies have laid off more than 75,000 workers, according to statistics kept by the website Layoffs.fyi.
While these reductions have affected both tech and non-tech employees at these companies, cybersecurity pros and specialists have largely weathered the layoff storm—least for now. For example, the Wall Street Journal reports that Capital One decided to cut parts of its IT staff, but the bank is still actively looking to fill multiple cybersecurity roles (and is encouraging affected workers to apply for those open positions).
Still, the economy both inside and outside of the U.S. remains uncertain and even some well-known cybersecurity firms are considering whether to trim staff. Sophos, which is based in the U.K., recently eliminated 10 percent of its workforce—about 450 workers worldwide, according to TechCrunch.
The uncertainty over the job market is one reason why tech professionals need to take the time to recession-proof their resumes now instead of waiting for the pink slips to appear. While an organization might decide to eliminate positions, security issues such as cybercrime and nation-state attacks guarantee that other companies and government agencies are still in need of skilled cyber pros and are willing to hire, noted John Bambenek, principal threat hunter at security firm Netenrich.
“Headlines are full of big tech company layoffs, and it sucks, no doubt about it—I’ve been laid off before also—but there are also lots of openings. Fintechs and security vendors often have openings, or you can use the current economic environment to go get a master's degree or Ph.D.,” Bambenek recently told Dice.
Whether it's brushing up on the resume basics, emphasizing certain degrees and accomplishments to help make an application stand out, or focusing on sought-after areas such as cloud computing and Zero Trust, experts note there are several steps tech pros can take to recession-proof their cybersecurity resume.
“When I’m hiring, I’m usually looking for the right mix of ‘security plus’ people. Yes, I’m looking for the right mix of core cybersecurity competencies, but I’m also looking for some other experience in a related technical or compliance field,” said RSA CISO Rob Hughes. “It’s not enough to just know security. All of that’s a long way of saying don’t be afraid to go broad and get involved in the business aspects of projects you are involved with so you can relate to the teams you will be working with.”
Start with Resume Basics
Industry observers noted that, when it comes to ensuring your resume is recession-proof, the best place to start is with the basics, including updating the actual resume document and keeping active on career networking sites such as LinkedIn.
“Get into the habit of updating your resume and LinkedIn at least every three months. This helps people think about what they are doing right now that future employees would find important,” Claude Mandy, chief evangelist for data security at Symmetry Systems, told Dice. “This change in mindset helps people focus on what they are doing, which is important because that is also exactly the same thing your current employer should be reminded about it, right now. It also highlights your current skills that might be exactly what your company or future company needs.”
Bambenek also noted that attending local networking events, and presenting ideas or solutions about current cybersecurity problems to these groups, can also help build a resume. It shows potential employers that a candidate is thinking about current issues in the field.
“Find something to present at your local BSides and build a brand. Don’t worry about being the expert because we’re all figuring this out as we go, and by the time we figure out how to solve a problem, 12 more new problems are created by the latest new technology,” Bambenek added. “Right now, there are quite a few of my fellow professionals working on helping place laid-off employees in their own networks. We have an industry of people willing to be helpful.”
Emphasize Certifications and Accomplishments
While insiders argue over the merits of attaining cybersecurity certifications, Mika Aalto, co-founder and CEO at security firm Hoxhunt, noted that having these certs on the resume is a way to make a profile stand out while job hunting.
Any of the major certifications (CISSP, CISA, CISM, SSCP) help candidates stand out to recruiters and executives looking to hire talent.
“Some say that certs like CISSP, CISA, CISM, and SSCP are not important, nor a technical background or relevant computer science education. While that might be true in practice, certs and degrees can open doors and make you stand out in a pile of applications,” Aalto told Dice. “They aren’t free and it can be a sizable commitment to obtain one, though, so candidates must assess whether it’s worth their time and money to pursue.”
In addition, experts note that by including specific and concrete accomplishments in a cybersecurity resume, candidates can communicate to potential employers that they understand the issues and have taken creative approaches to problem-solving.
“It is more important than ever that cybersecurity professionals focus more on communicating the impact of their work than the technical details of what was done,” Mandy added. “The benefits might range from tangible risk reduction, customer feedback, increased compliance, cost savings or efficiency gains depending on the role.”
An emphasis on certifications and accomplishments also helps when applying to those sectors and industries that need cybersecurity help no matter the economy, Mandy said. Healthcare, K-12 school organizations and critical infrastructure are all hiring cyber talent and “helping secure organizations in these sectors is an inspiring mission that should attract more talent,” he noted.
Highlight In-Demand Skills Like Cloud and Zero Trust
Even in a shifting economy, companies are still hiring but likely to emphasize specific areas. At Capital One, the WSJ reported, the bank wants cybersecurity pros as well as those who know machine learning, data analytics and cloud computing.
This is why John Yun, vice president for product strategy at security firm ColorTokens, suggests candidates note in their resume any experience securing cloud environments or working on Zero Trust initiatives, since these areas are ripe for investment.
“As organizations adopt cloud at a rapid pace, they are uncovering gaps in security in their hybrid environment,” Yun told Dice. “Emphasizing the experience in cloud but perhaps more importantly, the experience in security hybrid or networks that are in transition to the cloud is a much sought-after skill set.”
And while the need for cloud skills has been evident for some time, Zero Trust continues to gain momentum; research firm Gartner found that about 10 percent of large enterprises will have a mature Zero Trust program in place in the next three years. These initiatives require additional investment and talent.
“Zero Trust Is a radically different approach to cybersecurity, and while many organizations are kicking off Zero Trust initiatives, the professionals with practical experience to shepherd such initiatives along are few and far between,” Yun added. “Brushing up on the latest solutions and even partnering up with security vendors can result in significant insight sought-after by many organizations.”
When it comes to recession-proofing a cybersecurity resume, RSA’s Hughes added that it all comes down to mastering a new area of knowledge.
“One of the ways I keep learning is finding a topic that I’m not confident in and just really digging into it. I'd recommend honing technical skills related to Identity and Zero Trust, cloud, automation and don’t forget your soft skills like communication, project management and leadership,” Hughes told Dice. “In many generalist security roles, you’ll be expected to cover a lot of ground. Focusing a bit on your soft skills could set you apart from other candidates.”