Luke Gough

I have been a recruiter for 15 years. I've condensed everything I know into one guide. - Certifications that actually get you hired. - A clear roadmap. - Resume and LinkedIn tips from a recruiter. The Cybersecurity Job-Ready Blueprint is live. Launch price $9.99 for 7 days only (then $14.99) Link in the comments 👇

@HackingDave Completely understand Dave!

With the release of Claude/Codex/etc., something interesting has happened now that everyone is a coder. I'm getting hit up 4-5 times a day (thats the low end) to ask if I'll spend a an hour going through their new tool, or if I can hop on a call to talk through it. I definitely and always try to help, but I don't have the time in the day to review 4-5 vibe coded tools, or new revolutionary ways of doing things. Hope that doesn't come off bad, but if I spent 5 hours a day reviewing vibe coded tools, I wouldn't be able to work or see my family 😐

@gabbytech01 You’re welcome!

@Avidityrecruit Thanks Luke

Thanks for everyone who tuned in to my live webinar where we discussed how to optimise your Resume and LinkedIn for cybersecurity roles. Hopefully you found it helpful. If you missed it, watch the replay. Keep levelling up your career!

Today I ran a free live session breaking down the two things that get most cybersecurity candidates rejected: their resume and their LinkedIn profile. We covered a lot in 90 minutes. Here's what we walked through: - How recruiters actually scan resumes (and why most don't survive 6 seconds). - A full side-by-side walkthrough of a bad resume vs a good resume, same person, same background, completely different result. - How ATS filters work in plain English and how to get past them without keyword stuffing. - The LinkedIn headline formula that makes recruiters find you. - How to write an About section that actually tells a story. Open to Work settings and when to use them. - Q&A If you missed it, the full replay is below 👇

Most people in their first cybersecurity role leave money on the table. Here's how to negotiate like you know what you're worth. As a recruiter, I'm often in the room when salary conversations happen. And the number one mistake I see first-timers make is accepting the first offer without a word. Companies rarely lead with their best number. Before you negotiate, do your research. Use resources like SEEK, LinkedIn Salary Insights, and industry salary surveys to understand the range for your role and location. In Australia, a junior SOC analyst role currently sits between $70K and $90K depending on the employer and city. Knowing that gives you a firm foundation. When you get an offer, pause before responding. Say something like: "Thank you, I'm really excited about this opportunity. I was expecting something closer to [X] based on my research into current market rates. Is there any flexibility there?" That's it. Direct, professional, and not aggressive. If base salary is fixed, ask about other levers: training budgets, additional leave, flexible working arrangements, or a six-month review clause. These are often more negotiable than base pay and add real value. And remember: negotiating professionally never costs you the offer. Companies want people who know their value.

No degree? Here's how people are actually breaking into cybersecurity in 2026, from a recruiter's perspective. I want to be upfront: a degree is not a prerequisite for a cybersecurity career. Candidates are placed without degrees into SOC analyst, GRC, and junior penetration testing roles. What they had instead was something more compelling: demonstrated capability. First, practical skill platforms. TryHackMe, Hack The Box, and Blue Team Labs are taken seriously by technical hiring managers. If you can show progress on these platforms and speak confidently to what you've learned, that's real evidence of capability. Second, certifications that prove fundamentals. Security+, CompTIA CySA+, or Google's Cybersecurity Certificate for complete beginners are all legitimate entry points. They signal that you've committed to learning the craft. Third, a portfolio or home lab. Document what you've built, broken, or defended. GitHub repos, a blog, or even a LinkedIn writeup of a CTF challenge you completed all show initiative that no degree can replicate. Fourth, community involvement. Attending local OWASP meetups, participating in CTFs, and engaging in online communities signals genuine passion, not just resume-building. The path can be longer without a degree, but it is absolutely there. Focus on stacking evidence of capability.

Make this the week you break into Cybersecurity!

@CyberCX 100%. IAM is quietly one of the best career paths in cyber. Massive demand, touches every part of the business, and you don't need a traditional security background to get started. Great space to build a long career.

Interested in launching a career in one of the fastest growing areas in cyber security? 🚀 If you enjoy a people focused role that blends problem-solving and technology, working in Identity and Access Management (IdAM) could be the perfect place for you.

In this video I break down exactly what cybersecurity employers are actually hiring for in 2026. After years of recruiting in cybersecurity, the biggest gap I see right now is between what people are training for and what companies are desperate to fill. Everyone wants pen testing. Almost no one's preparing for the roles that are wide open. Thanks to Coursera for sponsoring this video. If you want to start building job-ready cybersecurity skills, you can get 40% off your first 3 months using my link in the video description. 🔗 Link in comments 👇

Watch here 👉 youtu.be/EHa3lqTSAC0 Coursera 40% off 👉  imp.i384100.net/JkkmLr

@Doubra_Williams Absolutely Rachael!

@Avidityrecruit This is so true. I’m learning that it’s not just about having skills, It’s about how you present them. Most CVs fail before a human even sees them.

Most cybersecurity CVs often get rejected. Here's what's actually costing people interviews. As a recruiter, I can tell you that most CVs miss the mark in the same ways. And it's not about qualifications. The first thing I look for is relevance. Your CV needs to match the language of the job description. If the role talks about SIEM tools and you've used Splunk for three years but never mentioned it, that's a miss. Mirror the terminology hiring managers use. Second, I want to see outcomes, not just duties. "Managed firewall rules" tells me nothing. "Reduced unauthorised access incidents by 40% through firewall policy overhaul" tells me a lot. Numbers matter, even rough ones. Third, certifications need context. Having a CISSP is great, but if you list it without showing how you applied it, it becomes noise. Tie your certs to real work. Finally, length. Two pages ideally, three maximum. Hiring managers in cyber are busy people. If your CV runs to four pages, you're telling me you can't prioritise, which is ironic for a security professional.

@cybershlogi You’re welcome!

This is great, thank you for the tips Luke.

GRC is the most overlooked entry point into cybersecurity right now. Here's why non-technical people are getting placed into these roles. You don't need to code. You need risk framework knowledge (ISO 27001, NIST), clear writing, and systematic thinking. Backgrounds that convert well: audit, legal, project management, compliance. The skills transfer more than you'd think. Salary in Australia right now: $75K-$90K junior, $140K+ senior. Demand is outpacing supply. If you've been told you need a tech background to get into cyber, GRC is proof that's not always true.

@ireteeh 😂

Web Application: “Your new password cannot be the same as your old password” User: Adds 1 at the end….. If you are fond of doing this, I am judging you already 👀

@AlexHormozi Love this!

If you obsess over acquiring customers, you'll lose them to competitors who obsess over keeping them. If you obsess over keeping customers, you'll never need to obsess over acquiring them.

@Doubra_Williams Fantastic and I agree! Hope you find it helpful!

@Avidityrecruit This is exactly what a lot of people need right now. Most candidates are doing everything right… except for packaging themselves correctly. Looking forward to this 🔥

One week from today. I'm running a free live session on how to get your cybersecurity resume and LinkedIn profile actually noticed by recruiters. No fluff. No generic advice. Just what I've seen work after 15 years of recruiting. I'll be covering what makes a CV pass ATS filters, what LinkedIn headlines actually get recruiter attention, and what we look for when shortlisting candidates. Plus a live Q&A where you can ask me anything. Thu 2 Apr | 9:30am AEST Wed 1 Apr | 7:30pm EDT | 4:30pm PDT Register below 👇