Actual photo of someone submitting their resume. Photo by Julia Joppien on Unsplash

I’ll bet you have a spreadsheet with the most recent 40 jobs you’ve applied for. You got the cyber degree, you have a couple years of cyber experience, you picked up all the cyber certs. How many call backs do you have? Probably not many.

It’s not you.

Well actually, it might be but that’s another article for another day. But more likely, you’re not beating what pretty much EVERYONE hates: the dreaded ATS — Applicant Tracking System.

Yes, everyone’s favorite punching bag, the various Applicant Tracking Systems are great for many, many roles out there. But they are not

Kittens knows security is hard. Photo by Sereja Ris on Unsplash.

It’s been a week since you started your new role. You’re almost done with onboarding and you get an email from your CEO. She needs help?

You don’t want to disappoint! This is important!

She’s about to give a conference talk but she forgot the prizes and needs you to pick up some gift cards, scratch the back off, and send her pictures of the cards. She needs it in the next hour.

Patch your systems TODAY. Photo by @photoshobby

The security side of Microsoft’s Patch Tuesday this week was a bit hectic with multiple critical vulnerabilities. Potentially the worst of which is a Microsoft Exchange Server vulnerability with a CVSS rating of 9.1 out of 10 which is effectively a “patch this YESTERDAY” type of vulnerability. Specifically, CVE 2020–16875 is a remote code execution type vulnerability.

Let’s break this down in plain English.

  • Microsoft Exchange Server receives your organization’s emails.
  • Attackers start this vulnerability by sending you a special email.
  • The server picks up the email and runs whatever commands the attacker feels like.
  • Remote code execution (RCE) is…

So you want to be a tool developer or start reverse engineering? You can. Here’s how. Photo by Kelly Sikkema.

This article is designed for people that want to break into reverse engineering and tool development. This breakout is effectively the pipeline that has gotten a large number of candidates jobs in these two disciplines.

Tool development: the art and science of systematically building software that can break other software to find and test their vulnerabilities which leads to protecting against those same vulnerabilities. Figure out how and why something breaks so that it can be fixed before the bad guys break it.

Reverse engineering (RE): The art and science of looking deeply at a tool or piece of malware…

You joined to serve, and you can continue to serve after you get out. Photo by Elias Castillo, @eli_j

This guide is meant as a reference. If you find errors or omissions or notes that you think are important for the people who follow you to know, please take notes and let us know. We consider this a living document.

  • Over a year out, start looking for mentors, coaches, and communities that will help you transition. You know: like StrataCore.
  • Get your wills, powers of attorneys, and other legal documents knocked out while you have access to free legal assistance.
  • About a year out, pull your medical records and find a VSO (Veterans Service Organization) that will help you…

Don’t cry over spilled Whiskey: Jack Daniels is fighting to remediate ransomware. Photo Credit to @anshu18

The last three weeks have been high profile for ransomware attacks in the US. The outdoor navigation company Garmin was hit in late July with a huge ransomware attack and paid multiple millions of dollars to a hacker group in Russia known as Evil Corp. While most of us know Garmin for fitness apps, the real impact here was that pilots were unable to update or download new maps from Garmin’s flight navigation server which is a MAJOR safety issue! Just last week, the Maze hacker group locked the camera manufacturer and multimedia company Canon offline. According to Maze, stole…

The Cyber Work Role landscape is incredibly broad. So are certs. Even this isn’t accurate.

Welcome to cyber security. There is no singular entry point, plan, pipeline, or training workflow to prepare you for cyber: there are many.

Cyber security is incredibly broad, increasingly specialized, and each of the many diverse work roles within the landscape require their own training . To emphasize how broad the cyber domain is, at the time of this writing, SANS offers 40 different cyber-related certifications ranging in categories from cyber defense, to penetration testing, to management, to legal, to incident response.

Well that doesn’t help. So what next?

There’s a ton of hype around certs. Don’t get caught up…

Military career coming to a close

I get this question all the time: “ I will be transitioning out of the {service} in a couple months. Any advice on transitioning?” I’m a former Army Cyber guy myself and I started a Veteran-focused cyber recruiting company (now acquired) so my advice is almost always focused along those lines.

Step 1: Reading. First, you need to inventory yourself. Start here. I can’t tell you how important this will be to your happiness. Read Strengths Finder 2.0 and do the associated assessment. Crazy important. Then read The First 90 Days. This is the go-to book for moving into a…

No one agrees. The goal is to be the least wrong.

Everything in this article is inflammatory. Why? Because no one agrees on any of this. So let’s jump in and take a mildly analytical approach to resume writing.

What’s the final answer to writing technical resumes? It depends.

If you want to jump ahead to my recommended ATS-friend resume template, go here:

Unfortunately, every recruiter will tell you that your resume needs work. Why does your resume need work? Because no matter who helped you write it, no matter what template you used, no matter what format you tried, resume is art, not science. Compounding that matter, each industry…

How to Learn Cyber Over the Weekend: An Orientation in 48 Hours

It’s Friday night and you finally decided to “get into cyber.” Or maybe you are starting a Masters degree and are about to take an introduction course to the cyber field and want to read up a bit before the first day of class. What do you do next? The market is so full with buzzwords and a myriad of organizations that promise career preparation that candidates often experience difficulty framing the problem set.

The goal for this article is to help you figure out which direction you…

Stephen C. Semmelroth

VP Cyber at StrataCore. I talk to the bits so the customers don’t have to.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store