Cloud

6/14/2016
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead

Today's employers aren't looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.

It’s no surprise that, among the myriad concentrations that fall under the banner of “IT careers,” cybersecurity looms large. According to CompTIA’s IT Industry Outlook report, information security analyst snagged the number-one spot for IT occupation growth in 2015. At the end of 2014, the number of information security analyst openings stood at around 17,500; a year later, it reached more than 25,000.

For Class of 2016 graduates seeking career paths in this burgeoning field, professional success starts with making sure your skills stand out among the competition. Mastering identity management and device encryption techniques are table stakes for landing a cybersecurity job today. Though technical chops are prerequisites, it’s the soft skills – including communication and a knack for problem-solving – that will differentiate candidates from the pack.

IT has evolved from a back-office function to the main artery that keeps an organization running smoothly. As a result, employers aren’t looking simply for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply their security expertise across the business in order to yield bottom-line results.

Here are five in-demand soft skills aspiring cybersecurity gurus need to get ahead:

Skill #1: Strong research and writing instincts: One of the most important tasks enterprise cybersecurity teams take on is policy creation and enforcement. According to recent CompTIA research, 45 percent of hiring managers admit having a key security skills gap around “policy development and implementation” in their organizations. Businesses of any size and industry need some type of security plan that includes end user guidelines, incident response protocol and governance structures. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis – then synthesize those insights into a thoughtful policy.

Skill #2: A teacher’s disposition: Along with crafting policies, cybersecurity pros must be able to educate their colleagues about safe technology habits, and instill an awareness about the risks of poor IT hygiene. A 2015 survey of full-time employees found that almost half don’t receive any sort of cybersecurity training at work – illustrating organizations’ persistent need for internal mentors. To demonstrate even more value to potential employers, cybersecurity job-seekers should highlight their ability to communicate dense, technical information in a palatable way.

Skill #3: Collaboration: In the U.S., 49 percent of business and IT executives rank teamwork as the top soft skill any IT professional should possess, according to CompTIA’s International Technology Adoption and Workforce Trends study. Knowing how to navigate projects and difficult conversations with anyone from the CIO to end users, and even vendors, is an essential trait for cybersecurity workers. More lines of businesses are getting involved in their organizations’ IT decision-making process, and cybersecurity teams must be able to partner with each of them effectively. An inclusive, patient, and open-minded attitude can go a long way when managing major IT security initiatives across teams or office locations.

Skill #4: Consultative thinking: In many ways, cybersecurity professionals (even those who work in-house) have to think like a consultant, whether they’re advising the IT department on a new investment, or helping the accounting team evaluate the security of a cloud-app they plan to adopt. Cybersecurity experts should be able to look at the big picture and ask the right questions of their colleagues and senior management in order to solve real business problems. Rather than operate at a purely tactical level, security staff should know how to layout project plans that their efforts can be executed and measured against (and understand how their work impacts the organization’s bottom-line.)

Skill #5: A passion for learning: To work in cybersecurity, you’ll need to be a lifelong student as much as a teacher. The IT threat landscape is constantly changing: today’s issues run the gamut from advanced persistent threats to phishing and inside vulnerabilities, but the scene could look vastly different months or years from now. As the playing field moves from traditional hardware and software to Internet-enabled devices and the cloud, the nature of cyberattacks against consumers and businesses will evolve. Employers want proactive cybersecurity experts who are always exploring, and finding ways to get ahead of, tomorrow’s biggest challenges.

There is tremendous opportunity for recent graduates who want to break into the cybersecurity space. Remember though: hiring managers will be inundated with resumes and applications overloaded with technical buzzwords. To grab their attention, strike a balance between showcasing your soft skills and your IT pedigree. 

Black Hat USA returns to the Mandalay Bay in Las Vegas July 30 - Aug. 4, 2016. Click for the conference schedule, including a two-day Cybersecurity Summit, and to register.

 

Related Content: 

 

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Todd Thibodeaux
50%
50%
Todd Thibodeaux,
User Rank: Apprentice
6/16/2016 | 12:57:05 PM
Re: Soft Skills
Thanks GonzSTL. The additional insight is apperciated. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
6/16/2016 | 11:36:04 AM
Soft Skills
Two things I always tell my students:

1. Companies like to hire geeks to keep their IT infrastructure running, but no one wants to hire a geek with the personality of a door knob.

2. Be prepared to communicate orally and in written form, to convey a message that addresses your audience appropriately. By all means, geek out when talking to your tech colleagues, but also know that when your message should be fit for executive consumption, craft that message accordingly.
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8360
PUBLISHED: 2019-02-16
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8361
PUBLISHED: 2019-02-16
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8362
PUBLISHED: 2019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o...
CVE-2019-8363
PUBLISHED: 2019-02-16
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8358
PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.