Cybersecurity is an in-demand skillset. At the same time, the market is competitive. One of the best ways to set yourself apart from the crowd is by building a polished, beautiful portfolio. While portfolios are commonplace in artistic fields like photography and design, tech workers are less likely to have one. In this article, I’ll guide you through the best strategies for creating an attractive, unique cybersecurity portfolio from scratch.
Instead of just dishing out advice, I’ll walk the path with you by showing examples by performing each task as well, so you can see how it might look in the real world.
Add a fullstack app to your cybersecurity portfolio
I know, I know – you want to work in cybersecurity, not software engineering! I’m not telling you to build an operating system. Rather, use your existing technical background to create something that feels tangible. If you’re a mobile application security engineer, make some mobile apps that do something cool and security related. But even if you just know basic scripting, you can create a CLI tool to automate some pentesting apps. Or you could make an add-on for Burp Suite or nmap.
Creativity is the key – find a way to create something original using what you know. If you don’t know any code at all, I highly recommend learning some coding. It’s a useful skill in the security world, and one that many security engineers sorely lack.
To demonstrate this, I tried thinking of an app that felt missing. And it occurred to me: Hacker News has several apps for finding open jobs, but none for finding available candidates! So I made this:
If you search for a skill, then candidates appear:
These results come from public posts to the monthly hiring threads. You can see the live app for yourself here: https://darighost.github.io/find_candidates/.
Not particularly impressive, right? But the point is to have fun coding, and make something that I can share. Furthermore, a cybersecurity pro who can code is worth much more than one who can’t. You needn’t be a CSS or React expert to just make something neat.
If you’re still having trouble deciding what to make, here are some ideas to get your creative juices flowing.
- Script to detect and block DDoS attacks.
- Implement a network canary.
Contribute to open source
Open source is the easiest way to add impressive items to your portfolio. Why? Basically, it boils down to two reasons:
- Most Open source projects are easy to contribute to.
- Open source projects look good on your portfolio.
By the way, open source projects need every kind of contributor, not just coding. If you can do any of the following:
- design
- web development
- systems administration
- translation
- technical writing
- event planning
Then there are plenty of prestigious open source projects that need your skills. In other words, even very prestigious projects are easy to contribute to. Talk is cheap, so I’ll contribute to my favorite open source project right now.
My favorite project is Urbit, so I decided to add a feature I’ve always wanted: the ability to embed SoundCloud songs in chat. Here’s what it looks like:
The maintainers haven’t accepted the PR yet. I’ll need to make some more changes. But once they approve it, I’ll have a cool experience to list on my portfolio. If you aren’t sure what project to contribute to, here are some open source projects you can consider:
- Tor
- Urbit
- Kali Linux
- Mastodon
- Racket
Or whatever else you’re interested in!
Publish a blog
Tech blogging is a smart practice even if you don’t intend to show it off in your portfolio. Blogging gives you a reason to explore cool tech things in depth and share it with your friends. It also gives you a chance to improve your writing. Which may not seem like an important skill – but consider that writing reports is a big part of the actual work you’ll do as a cybersecurity pro. Plus, as a cybersecurity worker, you will mostly communicate via the written word in your professional setting.
But what to blog about? Unlike coding, you don’t need to have an in-depth knowledge of something just to write about it. You really can just pick whatever you want.
Example blog post
When I was writing the Hacker News search app earlier, I got distracted for a bit (many such cases!) and began reading a thread about old technology. That got me thinking about my own intro to the tech world, and my odd path to cybersecurity. So maybe I could write about that!
If you don’t like writing, there are other ways to publish content that looks great in your portfolio. For example, you could show how different exploits work in quick, 1 minute long TikTok videos. Or let viewers follow you along for an hour as you hack the most recent challenge on HackTheBox. The idea is to show off your passion for cybersecurity in a way that’s fun, creative, and impressive. Even simple things can really make a cybersecurity portfolio shine.
The following platforms let you publish a blog for free:
- Blogger
- WordPress
- Github Pages
- Tumblr
Blogging has never been more accessible than now. What matters is getting out there and writing something that you can show recruiters!
Don’t stop adding to your cybersecurity portfolio!
The tips above are just the tip of the iceberg! For example, we’ve written before about the portfolio value of doing bug bounties. Another fantastic idea is to start going to local tech meetups. Eventually, once you find the right meetup, you can give a talk and record yourself, which can go on your portfolio as well.
For more inspiration, you can view my cybersecurity portfolio here: https://seisvelas.github.io/portfolio/
The sky’s the limit. What matters is to generate cool, interesting content that you can share with potential employers to show your passion and commitment to cybersecurity.
Leave a Reply