In the past, we covered how important a strong position description is to setting the company’s expectations for the CISO role. The same can be said for a CISO candidate’s resume or CV when looking for a position. The resume is still the best two-dimensional introduction to the candidate’s security narrative and career trajectory.
If you’re applying for a CISO role, your resume should accomplish three primary goals:
1: Take the reader on your journey
The reader needs to see how you have become a consistent performing leader and how and where you have grown. Make sure to include where you were promoted; how you transformed your position; and how you gained the confidence of the business and other like-minded past executives in past positions.
Tell the reader about the companies you have worked for. How large are they? What market do they operate in? What is their scale? Do not assume that the reader knows. Even if you are working for a well-known company, take the time to explain the group that you are with. For example, if you are with a SaaS company, talk about the scale of the delivery infrastructure, the number and market size of the products, and anything else that allows the reader to evaluate scale. The scale at which your current company operates in is a critical part of the evaluation for an onlooking executive.
2: Clearly define your successes
Share your wins and accomplishments. This is probably the most consistently underperforming part of the CISO resumes that I review. A CISO’s role is very difficult and this is your time to shine. Show what you have accomplished in each of your positions. We like to see facts - specific business results, their impact on the business and how those accomplishments came about. Include specific samples of your security program scale, scope and successes that you and your team were able to accomplish during your tenure. Ask yourself: How did you drive the security programs and strategy? How did you drive security DNA and discipline into the creation of the company’s products and services? What evidence do you have on tying security successes back to the business strategy?
You can answer these and other questions by offering samples of project wins, specific before and after examples, and bullet points that focus on the high-level business impact that occurred as a result of your efforts. When explaining these successes be sure to air on the side of more detail around the scale and scope of the project or program you completed. How you specifically achieved these successes should be discussed during the interview process.
3: Show how you are a sales and business enabler
The need for today’s CISO to be a true sales enabler has never been more important in the evaluation of a CISO candidate. Take the time to explain how you (and don’t forget your team) helped strengthen the company’s product, compliance story, or overall security posture in the community. In addition to proving how you work regularly on both the internal and external sales enablement effort, it is also important to show evidence of your outward facing skills in contributing to the security community. Be sure to highlight specific content you have created, discussions you have led, and panels you have participated on as ways you are working to impact the greater community.
Being able to achieve these goals during the creation and revision of your resume will likely weigh heavy on your evaluators.
A few more quick tips to consider when creating your CISO resume:
LinkedIn versus Resume
We are often asked, “How much detail should you have on LinkedIn versus your resume?” Our suggestion is that the resume and LinkedIn profile mirror one another with the resume including more information and samples of projects or work. We see LinkedIn used by executives to get a quick view of the candidate while the resume is given more time and consideration. Be sure to fully describe anything you list in the summary section of your resume in the appropriate tenure section.
The old ‘two page’ rule
We still receive a lot of questions about this rule. While it is important to stay concise, it is not important to limit yourself to two pages. Add the necessary data and detail to get the point across. If it takes three pages to do that, so be it.
Use facts and figures
This is an important one and something we are constantly reminding senior leaders about. If you cannot quantify your accomplishments than that is a problem. In a resume (or on LinkedIn) you need to specify figures, monetary savings/or spend, and percentages to quantify your work.