Perhaps it's my background in newspaper editing, but I've always been buffaloed by the advice to quantify your achievements on your resume.
You see quotes such as this one from John Campagnino, senior director of recruitment at Accenture:
We are looking for candidates who describe the work that they've done in market-relevant terms and quantify those claims; they must demonstrate the business value delivered.
My jobs have not been closely tied to increasing sales, cutting costs or any other number that I can think of. I worked on the copy desk at the Seattle Post-Intelligencer-now online-only as seattlepi.com-where the motto was "Saving your ass since 1878." How do you quantify that? Do I write, "3,238 run-on sentences sliced"? Or "2,017 careless errors averted"? How about "192 patooties protected"?
I'm sure folks in the IT department often find themselves at a loss to quantify their successes as well-especially as businesses overall struggle mightily to do so. How about the help desk? Do they write, "Resolved 4,915 errors between chair and keyboard"? (Please, don't ask my poor help desk guy about those.) How do you state the business value of security breaches that did not happen? My colleague Lora Bentley has written about similar difficulties for businesses in measuring risk management intangibles.
So I've been seeking advice about how to state hard-to-quantify achievements on your resume. Among those who responded to me was author and consultant Matt Podowitz, who made these points that apply in any industry:
Also responding was Diana Kelley, founder of Security Curve. She's a 20-year veteran of IT security and former IT hiring manager. Per my request, she offered specific examples of the resume wording she would use:
1. Achievement: No data loss-related security incidents.
Wording: Put into place data-access controls and data leak prevention tools that resulted in no data breach events for the 38 weeks since implementation.
2. Achievement: Helped with audits.
Wording: Prepared and completed pre-audit checklists for PCI and HIPAA compliance. Organization passed both audits for 2009 and 2010.
3. Achievement: Changed password policy.
Wording: Using SIEM and monitoring tools, identified high level of password resets on two critical systems. After completing risk assessment work, managed password life-cycle change from 30 to 90 days, which reduced help desk calls by 40 percent and resulted in no increase in unauthorized access to systems.
I will have more on this. In the meantime, I'd love to hear your thoughts in the comments below.