The Most Popular Lies Cybersecurity Professionals Told on Their Resume, and Why
The task of separating objective fact from creative fiction.
Editor’s Note: We research and report on topics focused on cybersecurity careers, education, and training. Our position is clear: We don't condone lying on your resume. Given poorly written job descriptions and organizational wish lists seeking ‘unicorn’ talent, however, we can’t say we’re surprised it’s as common as it is.
Resume? More like resu-maybe.
In our most recent survey of cybersecurity professionals, we asked: “Have you ever lied on your resume?” Over 70% of anonymous respondents admitted to taking, shall we say, creative liberties with this document.
Follow up questions included: “What did you lie about, and why?“ The answers here revealed much about the world of cybersecurity hiring — including the challenge of genuinely meeting a laundry list of qualifications, experience, certifications, and more.
Here’s our round up of the most commonly found fabrications:
Education
Even though less than 24% of security jobs require one, we discovered that it wasn’t uncommon to lie about having a degree (35%).
We also found that a number of professionals opted to omit their advanced degrees (11%). As one respondent shared in the comments: “I was concerned that I’d be found ‘overqualified’, which is basically a nice way of saying ‘we don’t want to meet your salary requirements’.“
Despite having a college degree, some professionals (28%) changed the major listed on their resume to something that sounded more technical.
Certifications
Although most certifications simply test a candidate’s ability to memorize material, most cybersecurity job postings still list them, and so do candidates, whether they have them… or not (28%).
Experience
Given that even most entry-level roles require experience, lying about work history was another common category that emerged as we reviewed responses.
Some inflated their job titles (38%): Desktop support engineers became SOC Analysts, a number of SOC analysts found themselves representing themselves as SOC Managers, and Information Security Managers received unofficial promotions to CISO, and so on and so forth.
Others embellished job duration (47%). On average, adding an additional 3-5 years of experience, and glossing over periods of unemployment.
… and a few even invented jobs altogether (15%)
Why? We asked our anonymous (obviously) survey-taking cyber professionals why they felt the need to lie on their resume. Here’s what they shared:
“I lied about my experience because I knew I could do the job if I just had the opportunity.”
“I knew no one would ever consider my technical skills if I didn’t look qualified on paper.”
“I lied because most employers see ‘self-taught’ as a bad word. In their eyes, it means you don’t have any real education or experience.”
“I lied about my degree because I suspected I’d lose out in comparison to a college educated candidate.”
“I lied because I was told from several people that my resume wouldn’t even make it past the hiring software if I didn’t have the right words on it.'“
It’s not easy to get a job without experience, but the minute I got the job, the lie would become true, suddenly, I would have experience.
“I’m taking my certification exam soon, but I listed it anyway, because I’m studying for it and I’m confident I’ll pass.”
“I couldn’t afford to pay for the exam, but I had studied and done well on the practice tests I found online, so I listed the certification on my resume. Once I have a job and a stable income, I plan to take the exam… and pass.”
“I lied and it worked. I wasn’t being ignored or ghosted by recruiters anymore. So I kept doing it, and I got the job. Suddenly I was a ‘great candidate‘ though nothing had changed except the words.”
“I lied because they wouldn’t consider me for a managerial role without a graduate degree, even though I had a dozen years of experience.”
Forced to lie?
We won’t debate what constitutes lying here, save that for a philosophy class. But there is something we should consider: Are we guilty as hiring managers and recruiters and employers of forcing these professionals to lie about their experience, education, and work history? Resume gaps, job hopping, lack of certification, being a college drop out, not being able to afford formal training, the taboo of being self taught: All of these things are still frowned upon by many organizations. Is it any wonder then, that so many professionals felt a compulsion to ‘enhance’ their resumes?
Want to cite this report? AccessCyber Cybersecurity Resume Report