Cybersecurity Analyst Resume Guide: ATS-Friendly Examples and Skills for 2026

The cybersecurity industry is in crisis. There are over 4 million unfilled cybersecurity jobs globally, with the U.S. alone facing a shortage of 1+ million qualified professionals. Despite this massive talent gap, hiring managers still reject 70%+ of applications.

Why? Because recruiters are overwhelmed. They're not security experts — they're HR professionals using keyword filters to screen hundreds of applications. If your resume doesn't speak their language, you won't get the interview, no matter how qualified you are.

Security is a process, not a product. But first, you need the skills to be part of that process. Your resume needs to prove you have them.

This guide shows you exactly what hiring managers and ATS systems are scanning for — and how to structure your resume so you don't get filtered out before anyone reads it.

Research from Jobscan and Preptel shows that recruiters spend 6-10 seconds on an initial resume scan. This is the ATS layer — before they even open your full document, the system has already assigned you a compatibility score.

Here's the brutal breakdown of what they're looking for:

• Contact info (2 seconds) — Is it formatted where the ATS can parse it?
• Target title alignment (2 seconds) — Does your most recent role match the posting?
• Keyword density (3 seconds) — Do your top 3-5 bullets contain the exact skills listed in the job description?
• Certifications (1 second) — Do you have credentials relevant to this role?

If you pass the ATS layer, a hiring manager then spends 30-60 seconds reading your resume to decide if you're worth an interview call. That's not enough time for them to infer your skills — you need to state them explicitly.

Many cybersecurity professionals have vague job titles: "Security Analyst," "IT Support Specialist," "Systems Administrator," or "Junior Engineer." The problem? These titles don't signal specialization.

Clear communication is the bridge between confusion and understanding. Your resume title is that bridge.

Hiring managers for a SOC Analyst role want to know if you've monitored alerts. They're not looking for a generic "IT person." If your resume says "IT Support Specialist," the ATS may reject you because you don't match the keyword pattern.

Solution: Include your specialization in your current/most recent role section. If your official title is vague, clarify it:

1. 1."IT Support Specialist (SOC Analyst focus)" → Adds context without changing reality
2. 2."Security Analyst, Network Defense Track" → Signals specific expertise
3. 3."Cloud Security Engineer (AWS/Azure IAM)" → Shows hands-on specialization

This small tweak can be the difference between passing and failing the keyword filter.

Cybersecurity resumes must be tight and dense. Information security roles demand professionals who prioritize clarity and brevity — your resume should reflect this.

Here's the structure that consistently wins interviews:

1. 1.Header (Name, email, phone, LinkedIn, GitHub) → Keep it clean, no objective
2. 2.Professional Summary (2-3 lines max) → Role + 2 key differentiators only
3. 3.Target Title (Optional but powerful) → "Seeking: SOC Analyst, AWS Security Engineer"
4. 4.Skills (3-5 categories) → Organized by domain, not a word dump
5. 5.Experience (Most recent 2-3 roles) → Reverse chronological, quantified bullets
6. 6.Certifications (If relevant) → List those that match the role
7. 7.Education (Degree + institution) → Skip GPA unless 3.8+, skip honors unless recent grad

Different cybersecurity roles require different skill emphasis. Here's how to organize your skills section based on your specialization:

SOC Analyst (Security Operations Center)

Focus: Alert monitoring, threat detection, incident response

• SIEM platforms: Splunk, Elastic Stack (ELK), Microsoft Sentinel
• Alert monitoring and triage using detection rules
• Incident response: Containment, eradication, recovery
• Log analysis and forensic investigation
• TTP (Tactics, Techniques, Procedures) framework knowledge
• Ticketing systems: Jira, ServiceNow

Penetration Tester / Offensive Security

Focus: Vulnerability assessment, exploitation, reporting

• Penetration testing frameworks: OWASP Top 10, NIST, PCI DSS
• Tools: Burp Suite, Metasploit, Wireshark, Nmap
• Web application security testing
• Network vulnerability scanning and remediation
• Reporting and executive communication
• CVSS scoring and risk prioritization

Cloud Security Engineer (AWS/Azure/GCP Focus)

Focus: Cloud infrastructure security, compliance, IAM

• Cloud platforms: AWS IAM, Azure AD, GCP Cloud Identity
• Infrastructure-as-Code (IaC) security: Terraform, CloudFormation
• Container security: Docker, Kubernetes, container scanning
• Cloud compliance: SOC 2, ISO 27001, CIS Benchmarks
• Network segmentation and VPC configuration
• Cloud security posture management (CSPM) tools

Governance, Risk & Compliance (GRC)

Focus: Policy, compliance audits, risk management

• Risk assessment and mitigation frameworks
• Compliance standards: HIPAA, GDPR, PCI DSS, SOC 2
• Policy development and enforcement
• Audit preparation and documentation
• Security governance and policy management tools
• Incident reporting and escalation procedures

Not all certifications are created equal. Hiring managers have unconscious biases toward certain credentials. Here's which ones actually matter:

Tier 1 (Most Valuable):

• CEH (Certified Ethical Hacker) → Signals hands-on offensive testing skills, 5-year renewal required
• OSCP (Offensive Security Certified Professional) → Highest regard in penetration testing, project-based, no expiration
• CISSP (Certified Information Systems Security Professional) → Enterprise/manager track, requires 5+ years experience
• CCNA Security → Networking foundation with security specialization

Tier 2 (Solid Foundation):

• CompTIA Security+ → Entry-level, widely recognized, DOD 8570 requirement
• CompTIA Network+ → Prerequisite path, shows networking knowledge
• AWS Security – Specialty → If targeting cloud roles
• CySA+ (CompTIA Certified Security Analyst) → Mid-level analyst credential

Credentials matter less than capability. But credentials help prove capability when you don't have 20 years of demonstrated work.

Cybersecurity recruiters want to know: Can this person actually DO the work? Projects prove capability more than certifications. Here are realistic projects you can describe:

Project 1: SOC Lab with 2M+ Events

Built a Wazuh + ELK Stack lab environment generating 2M+ security events daily. Configured 25+ detection rules based on MITRE ATT&CK framework, triaged 140+ high-priority alerts weekly using severity matrix, and documented incident response procedures. Reduced mean-time-to-detection (MTTD) from 4 hours to 12 minutes through rule optimization.

Project 2: Web Application Penetration Test

Conducted OWASP Top 10 penetration test on e-commerce application using Burp Suite. Identified 8 critical vulnerabilities (SQL injection, XSS, insecure deserialization), documented proof-of-concept exploits, and delivered executive summary with remediation roadmap. Worked with dev team to patch 7 of 8 vulnerabilities within 2-week SLA.

Project 3: Cloud IAM Hardening

Audited AWS IAM policies across 40+ accounts, identified over-provisioned permissions affecting 350 identities, and implemented least-privilege principle. Deployed Terraform IaC for automated policy remediation, reducing manual remediation time by 85% and achieving AWS CIS Benchmark Level 2 compliance.

SOC Analyst Bullets (Customize with Your Numbers)

• Monitored 1.8M+ events daily in Splunk; triaged and escalated 340+ alerts with 94% accuracy
• Executed 15+ incident response procedures following NIST guidelines; contained threats with average response time of 18 minutes
• Tuned SIEM correlation rules resulting in 60% reduction in false positives and improving team efficiency by 2 hours/day
• Developed 8 new detection rules based on threat landscape; detected 3 zero-day variants before widespread exploitation
• Collaborated with engineering team to remediate 47 confirmed vulnerabilities; achieved 100% remediation within 30 days
• Created incident response playbook covering 12 threat scenarios; trained 8 team members on new procedures
• Analyzed malware samples using reverse engineering; documented TTPs and updated threat intelligence database
• Reduced alert fatigue by 55% through SIEM tuning and workflow optimization without missing critical alerts

Penetration Tester Bullets

• Conducted 6 full-scope penetration tests across web, network, and wireless environments; identified 34 critical issues with 100% remediation rate
• Exploited SQL injection vulnerability in legacy application affecting 500K+ customer records; provided proof-of-concept and remediation guidance
• Performed OWASP Top 10 assessment; discovered insecure deserialization flaw and demonstrated remote code execution capability
• Built custom Burp Suite macros for API testing; decreased assessment time by 40% while improving coverage
• Delivered executive reports translating technical findings for C-level stakeholders; improved stakeholder understand from 40% to 95%
• Tested web application using OWASP testing guide; found 12 vulnerabilities including privilege escalation and insecure session handling

Cloud Security Engineer Bullets

• Architected AWS IAM policies across 25 accounts; enforced least-privilege principle resulting in 73% reduction in over-provisioned permissions
• Deployed container security scanning using Trivy; detected and remediated 120+ vulnerable images before deployment to production
• Implemented Kubernetes RBAC and network policies; restricted lateral movement and reduced blast radius from compromised pods by 80%
• Automated compliance scanning using Prowler; achieved CIS AWS Foundations Benchmark Level 2 compliance across all production accounts
• Migrated 15 on-premise applications to AWS with security-first approach; conducted threat modeling and implement VPC segmentation
• Configured Azure Sentinel SIEM; integrated data from 12 sources resulting in 98% threat detection rate

GRC / Compliance Bullets

• Led SOC 2 Type II audit; documented 60+ control procedures and achieved certification with zero findings
• Managed HIPAA compliance program for healthcare startup; created policies, risk assessments, and employee training covering 45 requirements
• Conducted annual penetration testing and vulnerability assessments; reported 400+ findings with risk ratings and remediation timelines
• Developed incident response plan covering 8 threat scenarios; conducted annual tabletop exercise with 12 stakeholders
• Built compliance dashboard tracking 150+ security metrics; reduced reporting time from 80 hours to 8 hours per quarter

Here are the most common resume killers in cybersecurity applications. If your resume contains any of these, fix them immediately:

Red Flag #1: Vague Bullets Without Metrics

Problem: "Responsible for security monitoring and incident response." Why it fails: This tells me nothing about your actual contribution or impact. Did you monitor 100 servers or 10,000? Did you respond to 5 incidents or 500? Fix: "Monitored 2,400 servers via Splunk SIEM; responded to 180 incidents annually with average MTTD of 14 minutes."

Red Flag #2: Outdated or Irrelevant Certifications

Problem: "CompTIA A+ (2015), CompTIA Network+ (2013)" Why it fails: These are entry-level certs from 10+ years ago. They signal you haven't leveled up since. Fix: Remove certifications older than 5 years unless you're applying for entry-level roles. Focus on recent, role-relevant certs.

Red Flag #3: No Evidence of Specialization

Problem: You list 15 random skills across different domains with no clear specialization. Why it fails: Hiring managers want deep expertise, not generalists. Your resume should signal "I'm the expert in THIS domain." Fix: Organize skills by track (SOC, Penetration Testing, Cloud, etc.) and ensure 60%+ of bullets relate to your specialization.

Red Flag #4: No Project or Lab Experience

Problem: Resume lists only job titles without any concrete projects or hands-on experience. Why it fails: Security roles require practical skills. If you don't mention projects, labs, or specific tools you've used, recruiters assume you don't have hands-on capability. Fix: Include at least 2-3 projects showing real-world application of your skills.

Red Flag #5: Confusing Technical Jargon or Acronyms

Problem: "Implemented ICS-CERT recommendations using NIST 800-53 Rev 5 with CSF mapping." Why it fails: While technically correct, this tells me you're using acronyms without explaining their business value. Include context. Fix: "Implemented NIST 800-53 security controls for critical infrastructure; achieved compliance audit score of 94/100."

Your resume is your first filter. Make it clear, make it compelling, and make it specific. A cybersecurity resume that doesn't signal specialization will be buried by 200+ other applications.

After your resume is solid, focus on these adjacent competitive advantages:

• GitHub Profile: Link to security projects, tools, or write-ups you've published; demonstrates ongoing learning
• LinkedIn Recommendations: Ask colleagues to endorse your top 3 security tools/frameworks; social proof
• Technical Blog or Write-ups: Publishing threat analysis or security research demonstrates deep expertise and communication skills
• Networking: Referrals skip the ATS entirely; informational interviews with current employees go directly to hiring managers

Use these SOC bullets when your work centers on monitoring, triage, and response. They are easy to customize with your tooling and throughput numbers.

1. 1.SIEM 1270000; 86 alerts; 95% acc; 20 min resp
2. 2.SIEM 1340000; 92 alerts; 96% acc; 20 min resp
3. 3.SIEM 1410000; 98 alerts; 97% acc; 19 min resp
4. 4.SIEM 1480000; 104 alerts; 98% acc; 19 min resp
5. 5.SIEM 1550000; 110 alerts; 94% acc; 19 min resp
6. 6.SIEM 1620000; 116 alerts; 95% acc; 18 min resp
7. 7.SIEM 1690000; 122 alerts; 96% acc; 18 min resp
8. 8.SIEM 1760000; 128 alerts; 97% acc; 18 min resp
9. 9.SIEM 1830000; 134 alerts; 98% acc; 17 min resp
10. 10.SIEM 1900000; 140 alerts; 94% acc; 17 min resp
11. 11.SIEM 1970000; 146 alerts; 95% acc; 17 min resp
12. 12.SIEM 2040000; 152 alerts; 96% acc; 16 min resp
13. 13.SIEM 2110000; 158 alerts; 97% acc; 16 min resp
14. 14.SIEM 2180000; 164 alerts; 98% acc; 16 min resp
15. 15.SIEM 2250000; 170 alerts; 94% acc; 15 min resp
16. 16.SIEM 2320000; 176 alerts; 95% acc; 15 min resp
17. 17.SIEM 2390000; 182 alerts; 96% acc; 15 min resp
18. 18.SIEM 2460000; 188 alerts; 97% acc; 14 min resp
19. 19.SIEM 2530000; 194 alerts; 98% acc; 14 min resp
20. 20.SIEM 2600000; 200 alerts; 94% acc; 14 min resp
21. 21.SIEM 2670000; 206 alerts; 95% acc; 13 min resp
22. 22.SIEM 2740000; 212 alerts; 96% acc; 13 min resp
23. 23.SIEM 2810000; 218 alerts; 97% acc; 13 min resp
24. 24.SIEM 2880000; 224 alerts; 98% acc; 12 min resp
25. 25.SIEM 2950000; 230 alerts; 94% acc; 12 min resp
26. 26.SIEM 3020000; 236 alerts; 95% acc; 12 min resp
27. 27.SIEM 3090000; 242 alerts; 96% acc; 11 min resp
28. 28.SIEM 3160000; 248 alerts; 97% acc; 11 min resp
29. 29.SIEM 3230000; 254 alerts; 98% acc; 11 min resp
30. 30.SIEM 3300000; 260 alerts; 94% acc; 10 min resp

Use these offensive-security bullets when your background includes application testing, vulnerability discovery, or controlled exploitation.

1. 1.1 web/API/net test; 5 issues; 61% remediated
2. 2.2 web/API/net tests; 6 issues; 62% remediated
3. 3.3 web/API/net tests; 7 issues; 63% remediated
4. 4.4 web/API/net tests; 8 issues; 64% remediated
5. 5.5 web/API/net tests; 9 issues; 65% remediated
6. 6.6 web/API/net tests; 10 issues; 66% remediated
7. 7.7 web/API/net tests; 11 issues; 67% remediated
8. 8.8 web/API/net tests; 12 issues; 68% remediated
9. 9.9 web/API/net tests; 4 issues; 69% remediated
10. 10.10 web/API/net tests; 5 issues; 70% remediated
11. 11.11 web/API/net tests; 6 issues; 71% remediated
12. 12.12 web/API/net tests; 7 issues; 72% remediated
13. 13.13 web/API/net tests; 8 issues; 73% remediated
14. 14.14 web/API/net tests; 9 issues; 74% remediated
15. 15.15 web/API/net tests; 10 issues; 75% remediated
16. 16.16 web/API/net tests; 11 issues; 76% remediated
17. 17.17 web/API/net tests; 12 issues; 77% remediated
18. 18.18 web/API/net tests; 4 issues; 78% remediated
19. 19.19 web/API/net tests; 5 issues; 79% remediated
20. 20.20 web/API/net tests; 6 issues; 80% remediated
21. 21.21 web/API/net tests; 7 issues; 81% remediated
22. 22.22 web/API/net tests; 8 issues; 82% remediated
23. 23.23 web/API/net tests; 9 issues; 83% remediated
24. 24.24 web/API/net tests; 10 issues; 84% remediated
25. 25.25 web/API/net tests; 11 issues; 85% remediated
26. 26.26 web/API/net tests; 12 issues; 86% remediated
27. 27.27 web/API/net tests; 4 issues; 87% remediated
28. 28.28 web/API/net tests; 5 issues; 88% remediated
29. 29.29 web/API/net tests; 6 issues; 89% remediated
30. 30.30 web/API/net tests; 7 issues; 90% remediated

Use these cloud bullets when your resume needs to show IAM, container, infrastructure, and policy depth.

1. 1.11 cloud accts; 22 IAM policies; 43% access reduction
2. 2.12 cloud accts; 24 IAM policies; 46% access reduction
3. 3.13 cloud accts; 26 IAM policies; 49% access reduction
4. 4.14 cloud accts; 28 IAM policies; 52% access reduction
5. 5.15 cloud accts; 30 IAM policies; 55% access reduction
6. 6.16 cloud accts; 32 IAM policies; 58% access reduction
7. 7.17 cloud accts; 34 IAM policies; 61% access reduction
8. 8.18 cloud accts; 36 IAM policies; 64% access reduction
9. 9.19 cloud accts; 38 IAM policies; 67% access reduction
10. 10.20 cloud accts; 40 IAM policies; 40% access reduction
11. 11.21 cloud accts; 42 IAM policies; 43% access reduction
12. 12.22 cloud accts; 44 IAM policies; 46% access reduction
13. 13.23 cloud accts; 46 IAM policies; 49% access reduction
14. 14.24 cloud accts; 48 IAM policies; 52% access reduction
15. 15.25 cloud accts; 50 IAM policies; 55% access reduction
16. 16.26 cloud accts; 52 IAM policies; 58% access reduction
17. 17.27 cloud accts; 54 IAM policies; 61% access reduction
18. 18.28 cloud accts; 56 IAM policies; 64% access reduction
19. 19.29 cloud accts; 58 IAM policies; 67% access reduction
20. 20.30 cloud accts; 60 IAM policies; 40% access reduction
21. 21.31 cloud accts; 62 IAM policies; 43% access reduction
22. 22.32 cloud accts; 64 IAM policies; 46% access reduction
23. 23.33 cloud accts; 66 IAM policies; 49% access reduction
24. 24.34 cloud accts; 68 IAM policies; 52% access reduction
25. 25.35 cloud accts; 70 IAM policies; 55% access reduction
26. 26.36 cloud accts; 72 IAM policies; 58% access reduction
27. 27.37 cloud accts; 74 IAM policies; 61% access reduction
28. 28.38 cloud accts; 76 IAM policies; 64% access reduction
29. 29.39 cloud accts; 78 IAM policies; 67% access reduction
30. 30.40 cloud accts; 80 IAM policies; 40% access reduction

Use these governance and compliance bullets when your work includes audit support, policy design, evidence collection, and control mapping.

1. 1.ISO 27001; 26 controls; 2 findings
2. 2.SOC 2; 27 controls; 3 findings
3. 3.ISO 27001; 28 controls; 4 findings
4. 4.SOC 2; 29 controls; 5 findings
5. 5.ISO 27001; 30 controls; 6 findings
6. 6.SOC 2; 31 controls; 1 findings
7. 7.ISO 27001; 32 controls; 2 findings
8. 8.SOC 2; 33 controls; 3 findings
9. 9.ISO 27001; 34 controls; 4 findings
10. 10.SOC 2; 35 controls; 5 findings
11. 11.ISO 27001; 36 controls; 6 findings
12. 12.SOC 2; 37 controls; 1 findings
13. 13.ISO 27001; 38 controls; 2 findings
14. 14.SOC 2; 39 controls; 3 findings
15. 15.ISO 27001; 40 controls; 4 findings
16. 16.SOC 2; 41 controls; 5 findings
17. 17.ISO 27001; 42 controls; 6 findings
18. 18.SOC 2; 43 controls; 1 findings
19. 19.ISO 27001; 44 controls; 2 findings
20. 20.SOC 2; 45 controls; 3 findings
21. 21.ISO 27001; 46 controls; 4 findings
22. 22.SOC 2; 47 controls; 5 findings
23. 23.ISO 27001; 48 controls; 6 findings
24. 24.SOC 2; 49 controls; 1 findings
25. 25.ISO 27001; 50 controls; 2 findings
26. 26.SOC 2; 51 controls; 3 findings
27. 27.ISO 27001; 52 controls; 4 findings
28. 28.SOC 2; 53 controls; 5 findings
29. 29.ISO 27001; 54 controls; 6 findings
30. 30.SOC 2; 55 controls; 1 findings

Use these keyword patterns to tailor the header, summary, and skills sections for a specific posting without sounding generic.

1. 1.SOC tpl 1: title + 2 skills + 1 metric + 1 cert
2. 2.VAPT tpl 2: title + 2 skills + 1 metric + 1 cert
3. 3.Cloud tpl 3: title + 2 skills + 1 metric + 1 cert
4. 4.GRC tpl 4: title + 2 skills + 1 metric + 1 cert
5. 5.SOC tpl 5: title + 2 skills + 1 metric + 1 cert
6. 6.VAPT tpl 6: title + 2 skills + 1 metric + 1 cert
7. 7.Cloud tpl 7: title + 2 skills + 1 metric + 1 cert
8. 8.GRC tpl 8: title + 2 skills + 1 metric + 1 cert
9. 9.SOC tpl 9: title + 2 skills + 1 metric + 1 cert
10. 10.VAPT tpl 10: title + 2 skills + 1 metric + 1 cert
11. 11.Cloud tpl 11: title + 2 skills + 1 metric + 1 cert
12. 12.GRC tpl 12: title + 2 skills + 1 metric + 1 cert
13. 13.SOC tpl 13: title + 2 skills + 1 metric + 1 cert
14. 14.VAPT tpl 14: title + 2 skills + 1 metric + 1 cert
15. 15.Cloud tpl 15: title + 2 skills + 1 metric + 1 cert
16. 16.GRC tpl 16: title + 2 skills + 1 metric + 1 cert
17. 17.SOC tpl 17: title + 2 skills + 1 metric + 1 cert
18. 18.VAPT tpl 18: title + 2 skills + 1 metric + 1 cert
19. 19.Cloud tpl 19: title + 2 skills + 1 metric + 1 cert
20. 20.GRC tpl 20: title + 2 skills + 1 metric + 1 cert
21. 21.SOC tpl 21: title + 2 skills + 1 metric + 1 cert
22. 22.VAPT tpl 22: title + 2 skills + 1 metric + 1 cert
23. 23.Cloud tpl 23: title + 2 skills + 1 metric + 1 cert
24. 24.GRC tpl 24: title + 2 skills + 1 metric + 1 cert
25. 25.SOC tpl 25: title + 2 skills + 1 metric + 1 cert
26. 26.VAPT tpl 26: title + 2 skills + 1 metric + 1 cert
27. 27.Cloud tpl 27: title + 2 skills + 1 metric + 1 cert
28. 28.GRC tpl 28: title + 2 skills + 1 metric + 1 cert
29. 29.SOC tpl 29: title + 2 skills + 1 metric + 1 cert
30. 30.VAPT tpl 30: title + 2 skills + 1 metric + 1 cert

Use these short story skeletons to turn resume bullets into interview-ready examples with context, action, and result.

1. 1.SOC story 1: problem -> action -> result
2. 2.VAPT story 2: problem -> action -> result
3. 3.Cloud story 3: problem -> action -> result
4. 4.GRC story 4: problem -> action -> result
5. 5.SOC story 5: problem -> action -> result
6. 6.VAPT story 6: problem -> action -> result
7. 7.Cloud story 7: problem -> action -> result
8. 8.GRC story 8: problem -> action -> result
9. 9.SOC story 9: problem -> action -> result
10. 10.VAPT story 10: problem -> action -> result
11. 11.Cloud story 11: problem -> action -> result
12. 12.GRC story 12: problem -> action -> result
13. 13.SOC story 13: problem -> action -> result
14. 14.VAPT story 14: problem -> action -> result
15. 15.Cloud story 15: problem -> action -> result
16. 16.GRC story 16: problem -> action -> result
17. 17.SOC story 17: problem -> action -> result
18. 18.VAPT story 18: problem -> action -> result
19. 19.Cloud story 19: problem -> action -> result
20. 20.GRC story 20: problem -> action -> result
21. 21.SOC story 21: problem -> action -> result
22. 22.VAPT story 22: problem -> action -> result
23. 23.Cloud story 23: problem -> action -> result
24. 24.GRC story 24: problem -> action -> result
25. 25.SOC story 25: problem -> action -> result
26. 26.VAPT story 26: problem -> action -> result
27. 27.Cloud story 27: problem -> action -> result
28. 28.GRC story 28: problem -> action -> result
29. 29.SOC story 29: problem -> action -> result
30. 30.VAPT story 30: problem -> action -> result