Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/14/2016
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead

Today's employers aren't looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.

It’s no surprise that, among the myriad concentrations that fall under the banner of “IT careers,” cybersecurity looms large. According to CompTIA’s IT Industry Outlook report, information security analyst snagged the number-one spot for IT occupation growth in 2015. At the end of 2014, the number of information security analyst openings stood at around 17,500; a year later, it reached more than 25,000.

For Class of 2016 graduates seeking career paths in this burgeoning field, professional success starts with making sure your skills stand out among the competition. Mastering identity management and device encryption techniques are table stakes for landing a cybersecurity job today. Though technical chops are prerequisites, it’s the soft skills – including communication and a knack for problem-solving – that will differentiate candidates from the pack.

IT has evolved from a back-office function to the main artery that keeps an organization running smoothly. As a result, employers aren’t looking simply for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply their security expertise across the business in order to yield bottom-line results.

Here are five in-demand soft skills aspiring cybersecurity gurus need to get ahead:

Skill #1: Strong research and writing instincts: One of the most important tasks enterprise cybersecurity teams take on is policy creation and enforcement. According to recent CompTIA research, 45 percent of hiring managers admit having a key security skills gap around “policy development and implementation” in their organizations. Businesses of any size and industry need some type of security plan that includes end user guidelines, incident response protocol and governance structures. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis – then synthesize those insights into a thoughtful policy.

Skill #2: A teacher’s disposition: Along with crafting policies, cybersecurity pros must be able to educate their colleagues about safe technology habits, and instill an awareness about the risks of poor IT hygiene. A 2015 survey of full-time employees found that almost half don’t receive any sort of cybersecurity training at work – illustrating organizations’ persistent need for internal mentors. To demonstrate even more value to potential employers, cybersecurity job-seekers should highlight their ability to communicate dense, technical information in a palatable way.

Skill #3: Collaboration: In the U.S., 49 percent of business and IT executives rank teamwork as the top soft skill any IT professional should possess, according to CompTIA’s International Technology Adoption and Workforce Trends study. Knowing how to navigate projects and difficult conversations with anyone from the CIO to end users, and even vendors, is an essential trait for cybersecurity workers. More lines of businesses are getting involved in their organizations’ IT decision-making process, and cybersecurity teams must be able to partner with each of them effectively. An inclusive, patient, and open-minded attitude can go a long way when managing major IT security initiatives across teams or office locations.

Skill #4: Consultative thinking: In many ways, cybersecurity professionals (even those who work in-house) have to think like a consultant, whether they’re advising the IT department on a new investment, or helping the accounting team evaluate the security of a cloud-app they plan to adopt. Cybersecurity experts should be able to look at the big picture and ask the right questions of their colleagues and senior management in order to solve real business problems. Rather than operate at a purely tactical level, security staff should know how to layout project plans that their efforts can be executed and measured against (and understand how their work impacts the organization’s bottom-line.)

Skill #5: A passion for learning: To work in cybersecurity, you’ll need to be a lifelong student as much as a teacher. The IT threat landscape is constantly changing: today’s issues run the gamut from advanced persistent threats to phishing and inside vulnerabilities, but the scene could look vastly different months or years from now. As the playing field moves from traditional hardware and software to Internet-enabled devices and the cloud, the nature of cyberattacks against consumers and businesses will evolve. Employers want proactive cybersecurity experts who are always exploring, and finding ways to get ahead of, tomorrow’s biggest challenges.

There is tremendous opportunity for recent graduates who want to break into the cybersecurity space. Remember though: hiring managers will be inundated with resumes and applications overloaded with technical buzzwords. To grab their attention, strike a balance between showcasing your soft skills and your IT pedigree. 

Black Hat USA returns to the Mandalay Bay in Las Vegas July 30 - Aug. 4, 2016. Click for the conference schedule, including a two-day Cybersecurity Summit, and to register.

 

Related Content: 

 

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Todd Thibodeaux
50%
50%
Todd Thibodeaux,
User Rank: Apprentice
6/16/2016 | 12:57:05 PM
Re: Soft Skills
Thanks GonzSTL. The additional insight is apperciated. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
6/16/2016 | 11:36:04 AM
Soft Skills
Two things I always tell my students:

1. Companies like to hire geeks to keep their IT infrastructure running, but no one wants to hire a geek with the personality of a door knob.

2. Be prepared to communicate orally and in written form, to convey a message that addresses your audience appropriately. By all means, geek out when talking to your tech colleagues, but also know that when your message should be fit for executive consumption, craft that message accordingly.
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .