One reason companies can’t find the experienced cybersecurity professionals they need: there aren’t many tech pros who have mastered not only the necessary technical abilities but also “soft skills” (such as clear communication)—and those who have, well, they’re already employed (often with hefty salaries and benefits designed to keep them in place for the long term).
With that in mind, if you want to plunge into a career in cybersecurity (and there’s no reason you shouldn’t, at least in terms of salary), here are some of the traits you’ll need to exhibit.
That’s in addition to the aforementioned soft skills; remember, security professionals often need to communicate complicated subjects to people who might not have much of a technical background (such as C-suite executives). With that in mind, mastering the following is usually a prerequisite for climbing to more advanced positions on the cybersecurity ladder:
- Excellent presentation and communications skills to effectively communicate with management and customers.
- Ability to articulate complex concepts (both written and verbally).
- Ability, understanding, and usage of active listening skills (especially with customers).
For a network security specialist, tech pros should understand the architecture, administration, and management of operating systems (various Linux distros, Windows, etc.), networking, and virtualization software. In other words, get to know—and love—things like firewalls and network load balancers. That’s in addition to general programming/software development concepts and software analytics skills.
There’s also the need to understand the more common programming languages, including Java, C/C++, disassemblers, assembly language, and scripting languages (PHP, Python, Perl, or shell). Many employers demand certifications as a prerequisite for employment, and it’s easy to see why. In a recent survey, the International Information System Security Certification Consortium (ISC)² noted that a degree and certifications were often a major factor in hiring. “Cybersecurity certifications are essential to showing the level of knowledge of a cybersecurity professional. However, they should never alone be the only reference,” Joseph Carson, the chief security scientist at security vendor Thycotic, told Dice in an email.
Potentially important certifications include the following:
- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional)
- CISA (Certified Information Security Auditor)
- GCIH (GIAC Certified Incident Handler)
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Architecture Professional (CISSP-ISSAP)
- Information Systems Security Engineering Professional (CISSP-ISSEP)
- Information Systems Security Management Professional (CISSP-ISSMP)
Any good cybersecurity pro knows how to examine a company’s security setup from a holistic view, including threat modelling, specifications, implementation, testing, and vulnerability assessment. They also understand security issues associated with operating systems, networking, and virtualization software.
But it’s not just about understanding; it’s also about implementation. They study the architecture of systems and networks, then use that information to identify the security controls in place and how they are used. Same with weaknesses in databases and app deployment.
Professionals at all levels not only understand security concepts and principles; they also know the most up-to-date privacy and security regulations. For example, the California Consumer Privacy Act of 2018, which offers some modest fines for privacy violations, will become law on Jan. 1, 2020. No wonder many analysts regularly identify security and privacy as the top two issues facing businesses today—failing to maintain security not only leaves data open to hackers, but it can risk fines from government entities increasingly concerned about how data is managed.