I've worked in both tech and cybersecurity, and I've used the same core resume strategy for both fields. Here's what actually works when you're trying to get past applicant tracking systems (ATS) and land interviews.
Read my article for free here.
Forget the Design Elements
Your resume doesn't need to look pretty. Graphics, colors, charts, and photos are actively hurting your chances.
Here's why: almost every resume you submit gets scanned by AI before a human ever sees it. Those fancy design elements confuse the parser, and your skills end up as gibberish in the system.
Keep it simple. Black text, standard fonts, minimal white space. The goal is to maximize the information for an ATS to read.
List Every Single Skill and Tool
This is where most people undersell themselves. If you've touched it, used it, or configured it — list it. The ATS is looking for keyword matches, and you need to give it as many matches as possible.
For Cybersecurity Roles
Cybersecurity is platform-heavy. List every security tool you've worked with:
- SIEM platforms (Splunk, QRadar, LogRhythm)
- Endpoint security (CrowdStrike, Carbon Black, SentinelOne)
- Network security (Fortinet, Palo Alto, Cisco ASA)
- Vulnerability management (Nessus, Qualys, Rapid7)
- Threat intelligence platforms (MISP, ThreatConnect)
- Security orchestration (Phantom, Demisto, Cortex XSOAR)
- Monitoring tools (eSentire, AlienVault, Arctic Wolf)
- Network mapping (Nmap, Wireshark, Zeek)
- Git (yes, even if you just used it for version control)
The job posting might ask for a tool you haven't used, but if you've used something similar, the ATS will still pick up related keywords.
For IT Roles
IT is different — it's software-heavy but also about soft skills and hardware knowledge. List:
- Ticketing systems (ServiceNow, Jira, Zendesk, Freshservice)
- Asset management tools (Lansweeper, PDQ, SCCM)
- Imaging software (MDT, WDS, Clonezilla, Ghost)
- Hardware you've worked with (Dell OptiPlex, HP EliteBook, Lenovo ThinkPad — be specific)
- Operating systems (Windows 10/11, macOS, various Linux distributions)
- Remote support tools (TeamViewer, AnyDesk, Remote Desktop)
- Directory services (Active Directory, Azure AD, Okta)
- Collaboration platforms (Microsoft 365, Google Workspace, Slack)
Tailor Your Resume for Every Application
Here's a trick that takes five minutes and dramatically improves your response rate: if the job posting asks for Freshservice and you've used ServiceNow, swap it in your resume. These platforms do essentially the same thing.
You're not lying — you're translating your experience into their language.
The ATS is searching for exact matches. Give it what it's looking for.
IT: Swap Freely
Stop overthinking it. If you've worked with one ticketing system, you can work with any ticketing system. If you've used one asset management tool, you can use another. The fundamentals are identical — ticket creation, categorization, assignment, escalation, documentation. The interface might be different, but the logic is the same.
See Freshservice in the job posting but you've only used ServiceNow? List Freshservice.
See Jira Service Management but you know Zendesk? Put Jira.
The company doesn't care which one you used, they care that you understand ticketing workflows. Just get your foot in the door. Once you're in the interview, you can explain your experience translates directly.
Same goes for asset management, remote tools, imaging software — all of it.
If you've done it in one platform, you can do it in another.
Cyber: Be More Selective
Cybersecurity tools require more precision. Palo Alto and Fortinet firewalls are different enough that you can't just swap them freely. But you can still be strategic about how you describe your experience.
If you configured SonicWall VPN tunnels, broaden that to "VPN tunnel configuration" or "site-to-site VPN implementation." The specific vendor matters less than the skill.
If you've used one SIEM, you understand log ingestion, correlation rules, alert tuning, and incident investigation — skills that transfer to other SIEMs. You can list "SIEM administration and threat detection" as a broader skill while keeping specific platforms you've actually used.
Be picky about where you do this in cyber. Don't claim expertise in tools you've never touched. But do emphasize the transferable skills and concepts that apply across platforms.
The Certification Trap
Be strategic about which certifications you list. Only include relevant ones, and never list low-level certs alongside serious ones.
Bad example:
- Google Cybersecurity Certificate
- Security+ (in progress)
- CEH
Good example:
- Security+
- CEH
- CISSP (or OSCP, or whatever your high-level cert is)
The Google cert is free and takes a few hours. If you're listing it next to Security+, you look entry-level. Drop it.
About "In Progress" Certifications
Here's the controversial part: if you're genuinely weeks away from taking a certification exam — a week, two weeks, a month at most — just list the certification. Drop the "in progress."
Why? Because if you're that close, you can speak intelligently about the topics in an interview. By the time they schedule you for an interview, you might already have passed. And realistically, if you're studying for it seriously, you know the material.(I hope)
Exception: degrees. Always mark a bachelor's or master's as "in progress" if you haven't completed it yet. Those timelines are longer and expectations are different.
Soft Skills Matter (Especially in IT)
For IT roles, don't just list technical tools. Include the soft skills that make you effective:
- Customer service
- Communication
- Training/onboarding
- Documentation
- Project management
- Cross-functional collaboration
- Escalation management
These aren't filler — they're what separate a good IT professional from someone who just knows how to reboot a router.
For cybersecurity, adjust the focus:
- Incident response
- Threat analysis
- Security awareness training
- Risk assessment
- Compliance documentation
- Stakeholder communication
Resume Length: One Page vs. Multiple Pages
Here's the truth: hardly any role requires 2–3 pages of resume material. Especially for entry-level positions.
Private Sector: Keep It to One Page
For entry to mid-level roles in private companies, one page is the standard. Recruiters spend seconds scanning your resume. More pages don't help — they dilute your impact.
You don't need to include every job, internship, and contract you've ever had. Cut what isn't directly relevant.
What to remove:
- Jobs older than 5–7 years (unless exceptionally relevant)
- Short-term contracts that didn't involve relevant tech
- Retail, food service, or unrelated work (unless it's your only experience)
- Internships if you now have full-time roles in the field
- Redundant positions that show the same skills
What to keep and extend:
- Your most recent and relevant roles
- Positions that demonstrate the exact skills in the job posting
- Any role where you used the specific tools they're asking for
If you need to consolidate your timeline, it's fine to extend work periods by a month or two to eliminate gaps or simplify your history. Just keep it reasonable and defensible.
Government and Academia: Two Pages Might Be Expected
Government roles, federal contractors, and some academic positions are more receptive to longer resumes. They often expect detailed accounts of your work history, clearances, and project involvement.
For these roles, two pages is acceptable — but don't pad it. Every line should still serve a purpose.
The Real Strategy
Don't feel obligated to cram in everything. Focus on:
- Recency — Your last 3–5 years matter most
- Relevance — Only include what connects to the role you're applying for
- Results — Cut vague responsibilities, keep concrete accomplishments with tools/platforms
One strong page beats two weak ones every time.
Maximize Information Density
Remember: minimal white space. Every line of your resume should work for you. If you have room, add more skills, more tools, more specifics.
Instead of: "Managed network security"
Write: "Managed network security using Fortinet FortiGate firewalls, configured VPNs, implemented IDS/IPS policies, monitored traffic with Wireshark, conducted vulnerability scans with Nmap"
The second version gives the ATS five more keywords to match.
The Bottom Line
Your resume isn't a creative project. It's a keyword optimization exercise designed to get you past the robots and in front of a human. Once you understand that, everything else falls into place.
Skip the graphics. List every tool. Tailor for each job. Be strategic about certifications. Pack in the details.
That's it. That's how you write a resume that actually works in tech and cybersecurity.
Get the Template
I've built a free ATS-optimized resume template that puts all of this into practice. No fancy graphics, maximum keyword density, organized sections for skills and tools, and structured to get past the bots.
This is the same format I've used to land roles in both IT and cybersecurity. It works because it's designed for machines first, humans second.
Download the template and start tailoring it for your next application. Your interview is waiting on the other side of the ATS.