Friday, January 23, 2015

What Is The Right Length For A Resume?

What Is The Right Length For A Resume?

Yes I know I write about resumes all the time.  Please trust me when I tell you that I’m trying to write about a variety of topics and if you’ll stick with me, I have many interesting topics coming that are in my pipeline.

When I write articles for LinkedIn, I do so with much thought and I’m highly strategic about what I write.  For the Security Recruiter Blog, I write whatever comes to my mind whenever the topic comes to my mind and whenever I have a few minutes to write.


If you go to Google (which I don’t have time to do), I suspect that you’ll find thousands of opinions regarding the proper length of a resume.  First, there is no universal rule that governs the length of a resume so whatever opinion you adopt, it is your right to have your opinion.

My opinion is based on 25 years of recruiting, on 6.5 years of delivering professional resume writing services and based on my opinion formed by receiving both solicited and unsolicited resumes every day for the past 25 years.

My Experience This Week

Over the past week, I’ve received three particular resumes that have stood out to me.  The first resume was 41 pages, the second was 13 pages and the third was 10 pages.  Those are just a few of the resume I’ve received.

If you’re thinking about writing a resume this weekend, 41 pages, 13 pages and 10 pages are too many pages.  We live in a world where brains have been trained to process sound bites.  You can bet that the people you’re sending your resume to are data overwhelmed. 
If the recipient of your resume is an HR gatekeeper, those people all have too much to do and they have short attention spans. 

Resume Length

For the past 6.5 years, well over 95% of my client's resumes have been created in the 2.5 to 3 page length range.  Based on my resume writing methodology, this length of resume works out just fine and it produces results.

While I can't cite the article, I do recall reading an article written by a senior executive at Google who looks at tens of thousands of resumes.  He suggests that a resume can have 1 page covering every 10 years of work experience.  I'm fine with that.  

Not too long ago, I helped a 62 year old client who has 40 years of professional experience to build a resume that was 3 pages long versus the 8 pages he originally brought to me.

Consider This

  • If your resume is headed to a Human Resources department, you can assume that the department is under-staffed and that everyone in the department is overworked.  I can't see this type of gatekeeper reading a long resume.
  • If the recipient of your resume is a recruiter, you can trust that the recruiter has too many voice mails, too many InMails on LinkedIn, too many emails and likely a lot of text messages to manage.
  • If your resume is going directly to a hiring decision maker, what I just wrote about the recruiter applies.

10-20 Seconds - First Impression

You have 10-20 seconds to make your first impression with most resume reviewers.  If they can’t figure out who you are, how to contact you, how you’re educated and credentialed and what you’re great at in the first 10-20 seconds of reviewing, you may never make to the playing field to compete in the game you want to play.

I’m not trying to be mean in sharing this information.  In fact, just the opposite is true. I love to see people succeed.  Just ask my various forms of coaching clients if that is a true statement.  Here's where you can find some of those testimonials.

  • Personal Branding Matters
  • First Impressions Matter
  • Communicating in Your Audience's Style and Language Matters
  • This is true in a Cover Letter, in a Resume and on LinkedIn

Custom LinkedIn Header Building Services

You Get One Chance To Make A First Impression

What Kind of First Impression Are You Making?

Right now, you have an opportunity to improve your personal branding in order to stand out from the crowd.  These are two examples of custom LinkedIn headers I've built for my own LinkedIn page.  

If you take action now, you can stand out from the crowd.  I look at hundreds of LinkedIn profiles every week as a security recruiter.  Some profiles are okay.  Many profiles are simply a skeleton that someone likely put up years ago and has never done any work to improve since.

A very small number of profiles I visit are taking advantage of a custom header.  You can add a unique custom header if you have a premium LinkedIn account.  When I do run across a custom header, 50% of the time, the header was built with the best of intentions but it was not built to take the LinkedIn pop-ups into account.

Another 40% of LinkedIn profiles I visit that have a custom header simply have a header with one of LinkedIn's stock photos.  Why not use your header as a billboard to let the visitor to your profile know who you are, what you do and what you're great at delivering professionally?

The words you see in my headers have no SEO value that I'm aware of because they are words embedded into a picture.  It is my LinkedIn Profile Optimization service that teaches my clients how to build a LinkedIn profile that will be found be recruiters and hiring authorities.  Here's an example of a recent LinkedIn Profile Optimization client's success in just a short period of time.

How about taking your LinkedIn profile to the next level?  

When you visit, you'll find all of my Personal Branding services priced individually. You'll also find all of my services priced in bundles with discounts when you purchase more than one service at a time.  

  • Great resume content serves as the foundation for great LinkedIn content
  • Strategically building your LinkedIn presence in order for employers and recruiters to find you for the right reasons increases your odds of being found for your next career opportunity.
  • Customizing your LinkedIn header makes it easy for the visitor to your LinkedIn profile to determine whether they should read your profile or whether they should move on to the next one.  You can put whatever information you desire in your custom LinkedIn header.
Here are the current background choices I've built for my Custom LinkedIn Profile Header clients.

Who's Ready To Be Unique And Stand Out From The Crowd?

Thursday, January 22, 2015

Security Jobs: Information Security Program Manager, Irvine, CA, Relocation: Yes

Information Security Program Manager
Irvine, CA
$110,000 to $125,000+, Bonus
Education: BA/BS, Masters Preferred
Relocation: Paid
Certification: CISSP, CISM, CISA, PMP Appreciated has been engaged by a global client where we placed the CISO in 2014 to build a global security, risk, compliance and privacy program.  This newly created position exists in a company that manufactures around the globe.  Protecting trade secrets and intellectual property is this company’s most significant focus.  This role will align the chosen candidate with significant opportunities to grow and to be mentored by one of the best CISOs I’ve ever placed.

The Program Manager will promote and guide the Software Development Life Cycle (SDLC) to ensure that security is built into processes, systems and applications. This position requires a strong individual information security contributor with sound knowledge of business processes and security technologies. The Program Manager will proactively work with business units to provide security guidance across the SDLC and system applications, including security architectural reviews.

The Program Manager will work in partnership with corporate line of business stakeholders and partners to integrate security transparently into the business. The Program Manager will work extensively with data classification to determine which sets of intellectual property are most important to the business and then build appropriate security strategies to protect this information.


·         Promote and guide the Software Development Life Cycle (SDLC) to ensure security is built into systems and applications
·         Develop key relevant business training and reports to support the security in processes, policies, and practices.
·         Close partnering with the information security team and corporate compliance, audit, legal and HR management teams
·         Support the global inventory of critical assets and data in a manner that meets compliance and regulatory requirements
·         Monitor the external threat environment for emerging threats, and its relevance to the program
·         Maintain the security of the company’s products throughout the product lifecycle
·         Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection
·         Create architecture framework, design, implementation, and function of information security systems and their corresponding processes, metrics, and impact to overall assets
·         Provide strategic security risk guidance for the SDLC, including the evaluation and recommendation of business and technical controls.
·         Ensure that introduced security initiatives are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
·         Perform security audits of systems and applications, including manage security audits performed by third parties
·         Provide guidance as a security consultant on new technology architectures as well to ensure proper security tools and monitors are in place
·         Lead the Security Information Incident Reponses plans
·         Administer and support security solutions to protect data at rest, data in use and data in motion
·         A Bachelor of Science degree from an accredited university in the area of engineering, computer science or computer information systems is strongly preferred, equivalent work experience may be considered
·         Minimum of 8 years of experience integrating security into the business, security risk management, information processes, product security, business architecture positions is required
·         Demonstrate a history of successful implementation of security in processes, applications, and systems within mid to large size corporate environments
·         Proven track record and experience applying a proactive approach to information security in business processes, architecture, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment, required.
·         Authored technical documentation such as architectures, process diagrams, procedures, policies, verification and validation documentation and integration diagrams, required
·         Must exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
·         Experience in implementing Incident Response Programs, strongly preferred
·         Experience working with Business Continuity/Disaster Recovery policies and procedures, preferred
·         Experience in preparing executive summary presentations
·         Must be a critical thinker, with strong problem-solving skills
·         Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, within a global environment
·         Ability to work at all levels from initial concept to operational implementation
·         Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security related concepts to technical and non-technical audiences
·         Knowledge and understanding of one or more legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard required.
·         Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST
·         Familiarity with industry standard security tools
·         Strong large scale Project Management skills and experience
·         Familiarity and adherence to change management policies and procedures
·         Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred.
·         Understanding of global privacy regulations is a plus as well as IAPP certification

Apply Online:

Jeff Snyder's,, Security Recruiter Blog, 719.686.8810

Wednesday, January 21, 2015

New Jobs Coming To You Ready?

I know that what my article and blog readers care most about is when I have great security jobs to share.  Well, you’ll have to wait no longer.

Negotiations are complete.  Contracts have been signed and we’re ready to rock and roll with new jobs.  I felt this momentum building in December.  If you’ve ready any of my past articles or blogs, you’ll know that I make a big deal out of momentum. I love momentum!

Stay tuned as I get a bunch of new jobs written up in Phoenix, Southern California and in Boston. These jobs will all be different in nature but they’re all with companies that I’ve either worked with in the past or companies that I’ve found to be top-shelf as my new relationships with these companies grows.

It is these new security jobs that causes me to always beat on my resume writing and LinkedIn profile optimization drums.  I’m about to start a whole bunch of direct recruiting effort to find top-shelf candidates.  If you haven’t made yourself easy for me to find on LinkedIn, you might miss the boat as it passes by.

If you then don’t have a great resume to send if you’re interested in my recruiting call, the entire career advancement process will slow down while you’re getting your resume up-to-date.  No, that's not me.  It's just a picture I had in my portfolio that came to mind.

When my father retired from the Air Force many years ago, his colleagues gave him a plaque that I'll never forget.  The saying on the place read like this:

"With my luck, I'll be at the airport when my ship comes in."

Do not leave for tomorrow what you could get done today!  Be prepared when your ship comes in.

My Clients Asked…I Listened…A Solution for Your Custom LinkedIn Header Is Here

You get the privilege of adding a custom LinkedIn header to your LinkedIn account when you have a Premium account. Why would you want to have a customized header on LinkedIn?  Because you can use this space on LinkedIn to promote your personal brand any way you want to.  You will stand out from the crowd.

This is my newest LinkedIn header that I created for my own LinkedIn page: 

Jeff Snyder LinkedIn Header

While walking one of my 1 Hour Resume Writing and LinkedIn Profile Optimization clients through the coaching bundle he purchased from me, I was asked how I created my LinkedIn header.  My client told me that he tried to create his own header but whatever software he was using ddidn'tmake the job easy.

Well, nothing about LinkedIn is particularly easy but I’ve been constantly figuring out my next move on LinkedIn for over a decade now.  When I learned that I could upgrade my LinkedIn header, I didn't just settle for the stock images that LinkedIn provides, the Maximizer in me had to figure out how to leverage this new LinkedIn feature.

Here's an example of a LinkedIn stock header that does nothing to brand or market you.

Am I the only person on LinkedIn who has upgraded their header?  No I am not.  I won’t show you other people’s LinkedIn headers but I have collected several examples of upgraded headers that look good but they don’t play nicely with the pop-ups that LinkedIn allows to pop up on top of your header. 

I’ve built my header around LinkedIn’s pop-ups and so far so good.

My job coaching client asked me if I would be willing to build a custom header for him.  Of course I would be willing. I’m willing to do anything within my wheelhouse of skills that will help my clients to reach their goals.  

Here are a few examples of sample headers I created yesterday:

LinkedIn Header Example

LinkedIn Header Example

LinkedIn Header Example

From my client's request, my latest service was born.

Follow this link to my Security Job Coach website and it will take you directly to the page that shows this new service. When you get to the bottom of this page, click on the Security Job Coach Fees page and you’ll immediately see all of the fees connected to my Job Coaching Services.

Does Negotiating Make You Cringe or does Negotiating Energize You?

I borrowed this photo that I found on Facebook from Paul Boynton, author and Chief optimist at Begin with Yes!  I give full credit for this photo to Paul Boynton.  I don’t know Paul and I don’t know anything about him but the photo grabbed my attention.

Today, I got to start my day with a negotiation with a Chief Operating Officer.  Following a 20 minute call yesterday and then the COO doing his homework on me last night, the negotiation call took less than 5 minutes. This picture captured the way I'm feeling this morning.

Here's what I love about negotiating...and I mean that I passionately love to negotiate. Not only did I get what I needed in the deal but my client is going to get what he needs in the deal.

Somewhere along the line, many people were taught that negotiating means that someone wins and the other person loses. I could not disagree with this approach more than I do.

A successful negotiation happens when balance is reached and both parties to the negotiation are still standing at the end. Just my 2 cents....or maybe 10 cents.

Then next time you find yourself in a negotiating position, consider that your negotiation will be most successful if you can find the balancing point between what you want and need and what the party you're negotiating with wants and needs.

Monday, January 19, 2015

Cyber Security News, Education and Vulnerability Patch Report for the Week of January 19, 2015





Cyber Crime

Park ‘N Fly, OneStopParking Confirm Breaches: Late last year, KrebsOnSecurity wrote that two huge swaths of credit card numbers put up for sale in the cybercrime underground had likely been stolen from Park ‘N Fly and from, competing airport parking services that lets customers reserve spots in advance of travel via Internet reservation systems. This week, both companies confirmed that they had indeed suffered a breach. KrebsOnSecurity, January 14, 2015

Cyber Attack

In Wake Of Violence, France Reports Spike In Cyberattacks: Since the deadly shootings in Paris Jan. 7, cyber attackers have hit 19,000 French websites, mostly with denials of service. Admiral Arnaud Coustilliere, head of cyberdefense for France’s military, said today “that’s never been seen before. This is the first time that a country has been faced with such a large wave.” DarkReading, January 15, 2015
Pro-ISIS Hackers Hit U.S. Military Twitter, YouTube: Video segment featuring Dr. Stahl – Federal agents are investigating a hack attack on the Twitter and YouTube accounts for the US Central Command. The hackers claim they’re working on behalf of the terrorist group ISIS. Mekahlo Medina reports for the NBC4 News at 5 Monday, Jan. 12, 2015. NBC4, January 12, 2015

Cyber Underworld

Need Some Espionage Done? Hackers Are for Hire Online:A man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord’s website. A woman in California says she will pay $500 for someone to hack into her boyfriend’s Facebook and Gmail accounts to see if he is cheating on her. … The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs, shadowy political operatives and disgruntled “hacktivists” taking aim at big targets. Rather, it is an increasingly personal enterprise. New York Times, January 15, 2015

Cyber Privacy

David Cameron’s plan to ban end-to-end encryption is catastrophic for Internet freedom: Earlier today, British Prime Minister David Cameron announced his plan to revive legislation that would allow the UK government to ban applications that use end-to-end encryption to ensure user security. TheNextWeb, January 13, 2015

Financial Cyber Security

Bank Fraud Toolkit Circumvents 2FA & Device Identification: Another user-friendly attack toolkit is on the market, and it’s perfect for the budding Brazilian banking fraudster. It’s got an attractive, user-friendly interface that includes a “start phishing” button. And it effectively circumvents both two-factor authentication and device identification protections. Dark Reading, January 14, 2015

Cyber Warning

How Hackers Are Using #JeSuisCharlie To Spread Malware: In the wake of the tragic shootings at the Charlie Hebdo offices in Paris last week, #JeSuisCharlie soon became a trending message of solidarity. But journalists aren’t the only ones following these viral news events with interest. Malware organizations are quick to latch onto tragedy to to spread malware, and they’re getting better at it with each new disaster, according to research from Blue Coat security firm. Forbes, January 15, 2015
‘Skeleton Key’ malware unlocks corporate networks: The newly-discovered “Skeleton Key” malware is able to circumvent authentication on Active Directory systems, according to Dell researchers. ZDNet, January 13, 2015

Cyber Security Management

Cyber-crime and business: Think of a number and double it:  CHICK-FIL-A, a fast-food chain, and Morgan Stanley, a bank, have in recent days joined a long list of big American companies to admit that their systems have been hacked into, putting customers’ financial information at risk. But how many businesses suffer from cyber-crime, and how much it ultimately costs them, are huge unknowns. In part this is because much hacking goes undetected, and partly it is because businesses sometimes try to cover up breaches of data security, to avoid embarrassment. The Economist, January 17, 2015
New report: DHS is a mess of cybersecurity incompetence: A large, embarrassing, and alarming Federal oversight report finds major problems and grave shortcomings with Department of Homeland Security cybersecurity programs and practices which are “unlikely to protect us”. ZDNet, January 14, 2015

Cyber Security Management – Cyber Update

Adobe, Microsoft Push Critical Security Fixes: Microsoft on Tuesday posted eight security updates to fix serious security vulnerabilities in computers powered by its Windows operating system. Separately, Adobe pushed out a patch to plug at least nine holes in its Flash Player software. KrebsOnSecurity, January 14, 2015
OpenSSL release patches 8 vulnerabilities: The OpenSSL Project has released updates for the popular eponymous open-source library that implements the SSL and TLS protocols. Help Net-Security, January 9, 2015

Securing the Village

Early Bird Registration for Summit7 is open: Take advantage of special Early Bird savings of 40% off the standard fee when you register by February 15. And if you are an ISSA-LA member, we are proud to offer you an additional 30%. Check your e-mail for details soon! Not a member yet? Join today and receive this additional Summit discount, as well as the many other benefits of ISSA-LA membership. ISSA-LA, January 15, 2015
ISSA-LA Donates to ISSA Educational Foundation For Its Information Security Scholarship Programs: Dr. Stan Stahl, president of the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA), presented a check for $3,000 to the ISSA Education Foundation (ISSAEF) in support of its scholarship program. Foundation Board Chair Sandra Lambert accepted the donation on behalf of the Foundation. PRLog, January 7, 2015

National Cyber Security

Secret US cybersecurity report: encryption vital to protect private data: Newly uncovered Snowden document contrasts with British PM’s vow to crack down on encrypted messaging after Paris attacks. The Guardian, January 15, 2015

Cyber Law

Obama: Fighting cybercrime is ‘shared mission': President Obama renewed long-standing efforts Tuesday for legislation to improve the sharing of cyber information between the government and the private sector, and to shield businesses from lawsuits over revealing cybercrimes. USA Today, January 13, 2015
Toward Better Privacy, Data Breach Laws: President Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well lead to more voluminous but less useful disclosure. Here are a few thoughts about how a federal breach law could produce fewer yet more meaningful notice that may actually help prevent future breaches. KrebsOnSecurity, January 13, 2015
Why tort liability for data breaches won’t improve cybersecurity: Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. The Washington Post, January 11, 2015

Cyber Sunshine

Another Lizard Arrested, Lizard Lair Hacked: Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators. KrebsOnSecurity, January 16, 2015

Weekend Vulnerability and Patch Report

Important Security Updates

Adobe Flash Player: Adobe has released version to fix at least 9 highly critical vulnerabilities reported in previous versions. Updates are available from Adobe’s website.
Adobe Shockwave Player: Adobe has released version of Shockwave Player running on Windows and Macintosh. Updates are available through the program or from Adobe’s Shockwave Web Site.
Google Chrome: Google has released Google Chrome version 39.0.2171.99 to fix at least 9 highly critical vulnerabilities reported in previous versions. Updates are available from within the browser or from Google Chrome’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 8 updates to address at least 24 vulnerabilities, some of which are highly critical within Windows, Internet Explorer, Office, Word, Windows Flash Player, and other Microsoft products.
Mozilla Firefox: Mozilla has released version 35 to fix at least 9 highly critical unpatched vulnerabilities reported in previous versions. Updates are available within the browser or from Mozilla’s website.

Current Software Versions

Adobe Flash [Windows 7: IE]
Adobe Flash [Windows 7: Firefox, Mozilla]
Adobe Flash [Windows 8: IE]
Adobe Flash [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.10
Dropbox 3.0.5 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 35
Google Chrome 39.0.2171.99
Internet Explorer 11.0.9600.17501
Java SE 8 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Safari 5.1.7 
Safari 7.1.1 [Mac OS X]

Newly Announced Unpatched Vulnerabilities

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates for its Adaptive Security Appliance (ASA), TelePresence VCS and Cisco Expressway Series, IronPort AsyncOS, WebEx Meetings Server, MDS 9000 Series and others. Apply updates. Secunia reports unpatched vulnerabilities in Cisco’s Unified Communications Domain Manager (CUCDM) and ACNS (Application and Content Networking System). No official solution is available.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.

Get in touch
323 428 0441
info@citadel-information.comCitadel Information Group


About Us

Citadel Information Group is a full service integrated cyber security management firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.
The post Weekend Vulnerability and Patch Report, January 18, 2015 appeared first on Citadel Information Group.'s Security Recruiter Blog