Career Advice Tuesday – “ The Artist Formerly Known As “QSA”
June 5, 2012
My question centers around my resume and my application for an information security position.
First some background. I used to work as an information security consultant at one of the largest PCI consulting firms. When I worked at the company, I was a QSA and held other related PCI Certs. When I left that firm, I went to work in a consulting firm that was not a QSA, so I had to allow my QSA to lapse.
Recently I have decided to leave consulting in order to locate a position at a corporation, where I can help them with their governance, risk, and compliance initiatives. I have located an opportunity with a retailer, who has posted for such a position, but the job description states that all applicants must be QSA Certified.
I know that I can do the job. My skills as a QSA have not lapsed. Quite frankly they were not that difficult to acquire. However, I cannot claim that I am currently a “QSA”.
I think that I have two options – either to list it on my resume, and explain it later – or to list on my resume that I am a former “QSA” – however, I feel that this could be received negatively by the internal screener.
Can you provide me some advice?
“The Artist Formerly Known As “QSA”
This is a very interesting situation.
Your example points out the exact problem with key word screening criteria, and job descriptions written by the uniformed. What may also be funny is if the internal screener was also screening out candidates who currently work at consulting firms – which in essence would eliminate the entire candidate pool and leave the position unfilled.
First of all, you can never ever misrepresent the truth on a resume. This is a show- stopper, a red flag, and questions your integrity and ethics. Companies will check your certifications, and when it comes up that you do not hold the QSA, your interview process will come to an abrupt end.
The best advice that I can give you is to list on your resume: “Former QSA” – Your Certification Number – and the Years You Held The Certification. You can also list your other PCI related certifications as well with a similar format.
Underneath your certifications and in the body of your resume, you should explain in one sentence or bullet point as to why your QSA certification lapsed. You need to show the screener – that it is impossible to maintain a QSA without working at a Certified Assessor. If necessary – you can link a website –that could reference this, so that they can validate it.
Unfortunately, we live in a world where not all involved in the decision making process understand the nature of qualifications for information security roles. Considering that many in the HR field are trained to exclude on “key words” and not to investigate further, it is very possible to be overlooked for a role for which you are qualified and are an excellent candidate.
I would like to reiterate to all of the Infosecleaders in the audience, that it is in your best interest to assist your HR team members and educate them when you are enlisting their help in recruiting for an experienced information security professional.
Hope this helps,