Image

This skills gap is compounded by the fact that the industry and threat landscape change and evolve so quickly that it can be difficult even for talented professionals to keep pace with new skills and demands. It's without question a job seeker's market, but it remains competitive because the requirements for the job are constantly increasing.So, while job opportunities abound in the cyber security field, employers have set a high bar for applicants as they seek the right combination of skills, education and experience. If you are considering a career in cyber security, it can be hard to know where to begin. First of all, how do you know if the field is right for you? What skills matter most to employers? How will you gain the skills necessary to compete in the job market? To help you determine where to begin and what skill matters most, we decided to turn to the experts. We asked a handful of cyber security leaders with decades of experience in the field what they believed to be the most critical skills for cyber security professionals practicing today. Here is what they said.
Top Skills for Cyber Security Professionals
1. Critical Thinking
Richard Bejtlich, senior director at SplunkCIRT, and Jill Knesek, chief security officer at Cheetah Digital, both agree that critical thinking is one of the most important skills a cyber professional can possess. "In my opinion, the most critical skill for a cyber security professional is critical thinking — or objectively analyzing an issue to form a judgment. For me, critical thinking is about understanding the ‘why’ and not just the ‘how’ so you can make good decisions and implement solutions that address the root cause of an issue and not just the symptom,” explained Knesek.Image

Cyber security is an ever-changing world where the threat actors and threat vectors are constantly changing, as are the cyber threats themselves (malware, ransomware, privilege misuse, etc.). The ability to look at each event objectively and not just ask the first ‘why’ but the second and third ‘why’ to get to the root cause is an important skill in being successful in the cyber security field.“My FBI background has also served me especially well in this field,” she continued. “I treat each issue, problem or incident like an investigation and ask the typical ‘who, what, where, when and how?’ to get an understanding of the situation — but it's not until I ask ‘why’ that I truly understand how to prevent a future occurrence.” Knesek has spent over 20 years in the cyber security field working in both internal and customer-facing roles. She served as a special agent for the FBI, for which she was assigned to the Cyber Crime Squad in Los Angeles and served as the case agent for several high-profile cases including the infamous Kevin Mitnick and Mafiaboy investigations. Today, she works as the CSO at Cheetah Digital, where she is responsible for providing enterprise-wide leadership across several disciplines.
Image

2. Business Analysis Skills and a Hacker Spirit
Image

An IT security specialist should, first and foremost, be a business analyst. He should have a complete understanding of the business processes in the company and all the automated control systems being utilized. This will allow him to clearly break down the company infrastructure into subsystems according to their security levels, focusing on the entities that are critical for the business workflow.“The second most important skill is the ability to communicate with management," he continued. "Even further, an IT security specialist needs the skills of a psychologist. This will allow him to better understand his boss’ interests, priorities and pain points. An IT security specialist should be able to convince management of the need to allocate money for solving specific security tasks, which is actually a kind of art.” David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project, which presents expert opinions on contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.
3. A Genuine Desire to Serve and Protect
Steve Morgan, editor-in-chief at Cybersecurity Ventures, explained that in his view the best cyber security professionals have a genuine passion for service. "The most important asset for a cybersecurity professional is a true desire to serve and protect society, their homeland and their local community,” said Morgan.The most important skill would be a knack for cat-and-mouse play. The best people in our field have a nature that is inclined to the pursuit and capture of an adversary. While that nature cannot be trained, it can be built upon by universities and the workplace. For those with this combination of moral character and catlike instincts, I would highly recommend a career in cybersecurity.
Image

Image
