10 Experts Weigh in: What Skills Do Cybersec Experts Need Now
Do you have what it takes to be a cybersecurity expert in our world right now? (Hint: It’s not being a gamer.)
--
We know there’s a talent gap in the cybersecurity industry, with lack of filled jobs expected to reach 3.5 million by 2021. As a cybersecurity expert, you’re in a great spot to position yourself as the expert these companies are looking for. For most companies, that’s a mix of skills with cybersecurity and otherwise:
“What we discovered when talking with top tech and cyber companies and their HR departments, is that it’s never really about any one skill. For recruiters and managers it’s less about focusing on if the candidate has any one specific skill and more about hiring a candidate who has taken more of holistic approach to their skills and training,” said Thomas Callahan, Director of Learning at Cybrary.
We’re sharing the advice of cybersecurity and recruiting experts about what mix of skills you need right now. Brush up on communication, new tech (think: AI and machine learning), and much more.
Ready to dive in? Don’t miss PolySwarm’s brand-new grant program, where cybersecurity experts can earn $5,000 to build their micro-engine for the PolySwarm platform! Apply today!
1. Knowledge of the Top Cloud Platforms
Mark Wilcox Vice President, ICSynergy International, LP
“The #1 skill would be people who understand the security best practices for Amazon and Azure clouds. These are the top 2 cloud platforms and they have so many products within them, it’s easy to accidentally expose yourself. Such providing private data on a public Amazon S3 folder or giving a system administrator full administrator rights over your cloud.”
2. Technical Competence
Frank Downs, Director of Cybersecurity Practice at ISACA
“The fundamental lack of technical competence is the biggest problem within the cybersecurity field right now. Since cybersecurity is a relatively new field, (and not one that is uniformly defined by all of its constituents) a skills gap, specifically in technical capabilities, has emerged. These are skills such as level one and level two incident response, forensic analysis, malware analysis, deep packet analysis, and others.
There are many programs in academia which will train individuals for cybersecurity management, but inadequately prepare them for technical hurdles. Likewise, in the professional certification field, many certifying organizations continue to churn out certificates and certifications obtainable through rote memorization and not practical skill implementation.
You wouldn’t trust an airplane pilot who earned his license simply by passing a multiple choice test with no practical experience. Why would you trust your sensitive data with a cybersecurity professional whose qualifications are that they have certifications and degrees which are all based on theory and reinforced through multiple choice examination?”
3. Better Communication
Greg Scott, author of “Bullseye Breach: Anatomy of an Electronic Break-In”
“The tech skills we all possess, and the ability to think like an attacker, will always be important. But by now, these are only baseline skills. We also need to the ability to process large amounts of information, make smart decisions, and communicate it well.
Communicating well these days means we need to modify how we communicate. Because the harsh reality is, nobody cares about our baseline skills and nobody will listen to our messages unless we craft them in a manner the public can understand. I offer as exhibit A the almost-daily dose of sensational data breaches and the unending litany of excuses from senior leaders who should know better.I tell busy executives a six word rhyme captures everything they need to know about cybersecurity: Care and share to be prepared. Hopefully, that earns the right to elaborate — and so then I say, care enough about cybersecurity to invest, and share liberally what you learn. And if that piques their interest, I’ll go deeper.
But after the executives close their briefcases and finish their high-level meetings, senior cybersecurity people return to the heart of business operations, where everything in the organization interacts with everything else. We need the ability to process large amounts of information, make smart decisions, and communicate it well, now more than ever because cybersecurity done properly is at the heart of all business operations.”
Read More:
4. Problem-Solving
Sarah Boisvert, Founder, Fab Lab Hub
“Our recent research with 200 U.S. manufacturers on the skills needed for Industry 4.0 demonstrated that the top skill all employees, including [those in] CyberSecurity, Big Data Analytics, and Internet of Things specialists, need is: problem-solving. Technology is changing so quickly, employees need to be able to adapt to changes, quickly troubleshoot issues and integrate new tools into existing systems.”
5. Ability to Work With New Technology (And Have Sociology Skills?)
Hunter Muller, Founder, president and CEO, HMG Strategy, LLC
“Cybersecurity experts [need to] develop a strong understanding of artificial intelligence, machine learning, and deep learning. Given the skills shortage that continues to intensify, along with the need to apply automation to help enterprises to more quickly identify and respond to potential threats, cyber pros will need to understand how cognitive technologies can be applied to help protect the organization.
In addition, forward-looking CISOs will actively seek team members who have sociology and other social science skills and background — people who can help the organization to understand how ‘Bad Actors’ behave and the motivations behind their actions in order to get out in front of the bad guys.”
Read More:
6. Ability to Focus on Practical, Not Theoretical
J. Colin Petersen, President and CEO, J — I.T. Outsource
“Cybersecurity experts need to get away from the theoretical and get into the practical world. If they don’t know how toexecute a brute force attack, or implement a successful phishing scam, then they’re really not going to be adept at recognizing it when one happens. The key word here is “execute..” It can be really easy to become a policy wonk.
Speaking of policy, cybersec pros need to know how to actually enforce policy within the team. This can be tricky because it involves people and different personalities, so you have to couple great team training with proper enforcement technologies (e.g. content control). But hey, a good security expert should be able to use social engineering to make it happen, right?
Bottom line: Learn how to do the things you’re protecting an organization from.”
7. Multi-Disciplinary Skills
Max Aulakh, Chief Security Officer, Ignyte Assurance Platform
“Cybersecurity experts need multidisciplinary skills and depending on the position, role and level — skills can be within the technical domain, business, legal and managerial. For junior team members, I am looking for technical skills such as vulnerability analysis, source code analysis, penetration testing, continuous monitoring. The management member of technical teams also needs to understand how to not only manage but have business related skills such as budgeting, cost management and vendor relationship management.
The smaller team, but a more strategic team, is usually my governance team, purposely built for providing assurance to management. These team members can have an accounting, legal or security background.
Assurance team members work with internal and external audit, 3rd party audits, compliance issue management and conduct business level risk management using Ignyte Assurance Platform. The skills needed are critical thinking, formal communication via email, IT audit framework knowledge and management of time.”
Read More:
8. Cybersecurity Strategy
Ilia Kolochenko, CEO, High-Tech Bridge.
“Cybersecurity strategy management is definitely the most scarce resource today. No technology or technical expertise can ever be efficient and economically-effective for a company, if a well-thought risk management and cybersecurity strategy does not exist…
Most of the modern cybersecurity failures are, however, attributable to wrong assessment of corporate risks, processes and capabilities.
When cybersecurity is isolated from business needs and rather follows isolated technology trends, forgetting about practical tasks, we will always face skills shortage and other exaggerated problems.”
9. Effective Communication and Change Management
Stephane Charbonneau, Chief Technology Officer, TITUS
“One of the key skills cybersecurity leaders need these days is to understand change management and effective communication strategies because it all comes down to influencing how people think about and approach information security. In the past, security had a very “command and control” type of feel to it.
That approach doesn’t work these days because employees work across multiple devices and collaboration tools, so they need the freedom and confidence to keep information secure, but they’ll only be able to do that when they understand what’s in it for them and why it’s in the best interest of the business from a security perspective.”
10. Big Data and Network Security Expertise
Natasha Orme, Insights for Professionals
“Our State of IT Report 2018 highlighted cybersecurity as one of the biggest challenges and biggest trends for this year. Further research has shown us that the skills cyber security professionals need most are:
Network Security: The increase in external and internal security threats and the sophisticated of these types of attacks mean that they can be incredibly difficult to identify. Safeguards are simply not enough and Security professionals need to be able to identify unusual activity before it causes any damage or exposing sensitive information.
Big data analytics: The introduction of GDPR means that data storage is a top priority. And keep that data secure is of paramount importance to avoid hefty fines for those businesses storing data on EU citizens. Coupled with this, the vulnerabilities of big data analytics can be vast and there are many opportunities for hackers to gain access to this information. Unusual activity within big data can often be buried and hidden behind mountains of data and hundreds of data processes, making detection almost impossible via traditional methods.”
BONUS: Integrity, Active Learning and Constant Evolution
Nicole Beauchemin, Human Resources Manager, PolySwarm
“As the Human Resources Manager for PolySwarm, I encounter a lot of candidates applying to work in the cybersecurity and blockchain space we are building. Most aren’t memorable. The ones that are memorable demonstrate two core traits: passion and integrity.
Beyond the technical skills, I love to see candidates whose interest in programming and development clearly extends beyond their jobs. Fully built personal projects, active Githubs, and a marked interest in keeping abreast of new developments and technology. Threats are constantly evolving and if you work in cybersec, you need to do the same.
I look for integrity in how you represent yourself (Blockchain Investment Experts need not apply) and the work you have done. We don’t require previous blockchain experience and we are apt to investigate any previous blockchain experience very closely.
Much of this experience is exaggerated or with a project that appears to be either operating in bad faith in some way. It can be an automatic disqualifier. Building a trustworthy anti-malware platform demands that we cultivate integrity at every level in this work.”
We’re always trying to help you become a better cybersecurity expert—and share all new resources like this one in our Weekly Cybersecurity Experts Newsletter. Sign up for helpful articles, updates about PolySwarm, and more!
