In partnership with

Hey everyone,

Welcome back to The Career Compass. This week I want to talk about the one piece of evidence that is making the difference between candidates who get interviews and candidates who don’t in 2026. It is not your certs. It is your proof of work.

Let’s get into it.

Stat of the Week

Almost 9 in 10 cybersecurity professionals say their organisation has suffered a breach, missed alert, or delayed incident response directly tied to a skills gap.

Source: ISC2 2025 Cybersecurity Workforce Study

What it means for you: Hiring managers in 2026 are not nervous about credentials; they are nervous about competence. They are paying for proof you can actually do the work, not proof you studied it. That changes how you build your job-search assets this year.

The proof-of-work portfolio every cyber candidate needs in 2026

Here’s the thing. The candidates I see being placed into SOC, GRC and cloud security roles in 2026 do not have more certs than anyone else. They have one thing on their CV that makes a recruiter stop scrolling. Proof of work.

Here is the pattern I keep seeing in junior cyber CVs. Two candidates with the same paper credentials. Security+, maybe SC-200, eighteen months of self-study, a stack of TryHackMe and HackTheBox rooms. The first one has a public GitHub with even one half-finished project, a clean README, and a write-up they can talk about for ten minutes. The second one has a Word doc full of certificate screenshots and lab badges. The first one gets shortlisted. The second one does not. The certs are not the difference. The visible proof of work is.

Here is what hiring managers in 2026 are actually scoring you on.

1. One specialism, one project, done well

Pick one direction. SOC, GRC, cloud, AppSec, threat intel. Not all of them. Then build one project that proves you can do bounded, real-world work in that lane. A SOC candidate does not need ten Splunk dashboards. One good detection, properly documented, beats five half-finished labs every single time. Hiring managers are looking for legible skill, not a smorgasbord.

2. A public, organised GitHub

This is non-negotiable in 2026. Your GitHub does not need to be impressive on day one. It needs to exist, have your real name, a clean README, and at least one project you can talk about for ten minutes. If you cannot show a recruiter where your work lives, the recruiter cannot show a hiring manager. Most candidates I screen do not have one. Be the candidate who does.

3. A write-up that explains your thinking

A short blog post or LinkedIn article on what you built and what you learned beats a list of tools every time. Hiring managers in 2026 want to see how you think, not just what you ran. 600 words. What you built, why, what broke, what you fixed. That is what makes the difference between knows the tools and ready to do the job.

4. Tie it to something real

The strongest portfolios connect a project to a real incident or threat. Pick one CVE from the last 30 days, build a small detection or test scenario for it, and write up what you found. Suddenly you are not a junior asking to be hired. You are someone showing what you would do on day one.

Recruiter’s Take

When I screen CVs for SOC or GRC roles, one of thefirst things I look at after the cert line is the link to a GitHub or write-up. If it’s there and it shows real work on a real problem, the candidate moves to the top of the pile. If it’s not there, it is almost always a no, regardless of certs. Recruiters in this market are not gatekeepers, we are evidence collectors. Give us the evidence. A half-finished SOC playbook beats a stack of certs with no evidence every time.

So, where does this leave you? If you have certs but nothing public to show for them, your problem is not the market, it is the proof. Fix the proof and the interviews start coming.

  • Trellix confirms source code breach. Cybersecurity vendor Trellix disclosed unauthorised access to a portion of its source code repository this week. The career angle: even the people selling security tools have skills gaps to fill, which is why detection engineering roles are heating up in 2026.

  • Lightning Python package weaponised in supply chain attack. Versions 2.6.2 and 2.6.3 of the popular Lightning package were published on April 30 with credential-stealing payloads. For job-seekers, this is the exact kind of recent incident you can build a proof-of-work write-up around this week.

  • NSW Treasury insider charged over 5,600 documents. A 45-year-old NSW Treasury staffer was arrested and charged after allegedly transferring 5,600 sensitive documents to an external server. Insider threat detection skills are now squarely in the JD for SOC analyst and GRC roles across Australian government clients.

  • Albanese government commits up to $21B to cyber capability. The new National Defence Strategy ringfences between $15 billion and $21 billion of spending for the cyber domain. Translation for early-career professionals: cleared cyber roles in Australia are about to expand significantly, and the lead time to apply is now.

Write docs 4x faster. Without hating every second.

Nobody became a developer to write documentation. But the docs still need to get written — PRDs, README updates, architecture decisions, onboarding guides.

Wispr Flow lets you talk through it instead. Speak naturally about what the code does, how it works, and why you built it that way. Flow formats everything into clean, professional text you can paste into Notion, Confluence, or GitHub.

Used by engineering teams at OpenAI, Vercel, and Clay. 89% of messages sent with zero edits. Works system-wide on Mac, Windows, and iPhone.

Video of the Week: Why Your Cybersecurity Resume Gets Rejected in 10 Seconds (Recruiter Reveals)

If your cybersecurity job applications aren't getting responses, your cybersecurity resume is likely the problem, not your skills. With 15 years of experience, I've seen countless resumes rejected in under 10 seconds because they aren't optimised for the applicant tracking system (ATS). This video will guide you on how to create an ATS resume that recruiters will actually see, boosting your chances in the competitive cybersecurity jobs market.

New videos every week on cybersecurity careers, certifications, and what recruiters actually want.

Quick Wins

  1. Create a public GitHub today. Use your real name, add a clean README that says who you are and what you are working on, and pin one repo even if it is empty. Takes 15 minutes.

  2. Pick one CVE from the last 30 days (CVE-2026-32201 SharePoint zero-day is a strong choice) and write a 300-word LinkedIn post explaining what it is, who it affects, and how you would detect it.

  3. Sign up for TryHackMe or HackTheBox and complete one free starter path tonight. Screenshot the completion. That is your first portfolio entry.

Resume Trap of the Week


Cert spam at the top of page one.

Most junior cyber CVs I screen open with a row of cert badges and logos eating the most valuable real estate on the document. Recruiters often spend less than ten seconds on a first pass, and that opening space is where they look for one concrete result, not a logo wall.

Fix: list your two or three highest certs in one clean line, by name and date, then use the space you free up to name one project you built and one thing you found, broke, or fixed.

Interview Question of the Week

"Walk me through how you would investigate a suspicious login alert." This shows up in lots of SOC analyst interviews. Most candidates jump straight to tool names. Hiring managers want structured thinking.

Simple framework that lands every time:

(1) gather context - who, where, when, what device.
(2) Compare to baseline behaviour.
(3) Look for related signals - failed attempts before, MFA prompts, unusual downloads after.
(4) Decide and document - dismiss, escalate, or trigger the playbook, and write down why.

Drill the framework, not the tool list.

Weekly Challenge

This week, pick one breach from the news section above and write a 500-word recruiter-style summary on LinkedIn. Cover what happened, what was missed, and which one control would have stopped it. 30 to 60 minutes of work.

Tag #cybersecurity, post it, and add the link to the projects section of your CV. That is now public proof you can analyse a real incident, which is exactly what hiring managers want to see in 2026.

🎓 From the Desk: Cybersecurity Job-Ready Blueprint

If certs alone are not getting you interviews, the missing piece is almost always the proof of work. The Cybersecurity Job-Ready Blueprint is a step-by-step guide built from 15+ years of placing candidates. It covers the exact path from zero to job-ready: which certs to get first, how to build proof of work, how to write a resume that gets past ATS, and how to approach applications like a recruiter.

The portfolio module alone can help career changers go from no replies to multiple first-round interviews in under 30 days.

Thanks for reading and as always, keep levelling up your career.

Luke

Career Coach | Cybersecurity Recruiter / YouTube channel

Subscribe here to get The Career Compass free to your inbox.

P.S. If you take on the Weekly Challenge above, hit reply with your post link. I will feature the three sharpest summaries in the next edition, with a link back to your profile. I read every reply.

P.S. Remember to share The Career Compass with your network, and let’s work together to empower more careers!

Reply

Avatar

or to participate

Keep Reading