6 Essential Skills Cybersecurity Pros Need to Develop in 2019
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent — even in the face of a skills shortage.
April 3, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1c623032721de994/64f0d484b0da290c4e3a9bfe/01-essentialskills.jpeg?width=700&auto=webp&quality=80&disable=upscale)
It's definitely a job seeker's’ market out there in the cybersecurity employment pool. According to an about-to-be released report from ISSA and ESG, 74% of organizations today have been impacted by the cybersecurity skills shortage. Meantime, a report released last month from ISACA says that 60% of organizations need a minimum of three months to fill cybersecurity vacancies because there aren't enough bodies to fill seats.
On their face, these stats may engender a bit of complacency from cybersecurity professionals. It would only be natural to figure that anybody with a pulse and some security experience has got it made.
But here's the rub.
Many disruptive forces are at play that are set to drastically change the way security duties are carried out in the coming years. New security automation platforms, new architectures, and complex hybrid cloud implementations require major shifts in bread-and-butter security technical knowledge. Not only is security technology changing rapidly, but so are many of the fundamental roles held by cybersecurity professionals. Tons of emerging technologies and pervasive use of the Internet of Things are touching every aspect of business operating models, and software delivery is becoming more agile and embedded into lines of business. As a result, security pros are tasked to take positions requiring more consultative leadership and more enablement of democratized security across the organization.
That is why even the most veteran security pro can't afford to become complacent about professional development. Those who want to truly future-proof their careers need to start honing new skills now to keep up with the disruptions as they hit the industry. The following are some of the most important skills that will make security professionals more instrumental to their current employers, more recruitable, and more likely to command higher salaries.
Two major trends are driving enterprises toward greater security automation across the board. First of all, security is using automation as a way to scale incident response and security analysis to keep up with ever-multiplying threats. Second, as DevOps and continuous delivery of software become de riguer at many organizations, the table stakes for IT automation across the board has risen considerably. This requires security teams to build security controls directly into these automated pipelines and to move at the same automated pace so as not to gum up the works.
According to a recent survey conducted by Dimensional Research on behalf of Tripwire, 63% of organizations have invested lately in automation of security tasks, and 88% of those who said they haven't have plans in the works. This means security professionals will need to stay up-to-date on the ins and outs of orchestrating all of these automated systems to maintain integrity of controls and maximize efficiency of security operations.
Security leaders are increasingly looking for security people with programming chops or even coders who they can train in security fundamentals for a number of core reasons. First of all, it's crucial for application security in a DevSecOps environment that requires optimal collaboration between security and development functions.
"I only hire developers, and I don't make the condition of their hiring be that they have security credentials and background," says Larry Maccherone, senior director of DevSecOps transformation for Comcast. "I can teach them the security stuff in no time flat, but what I can't teach easily is how to talk to developers in a way that the security team has 'cred' with developers."
But on top of that, many organizations need security experts with coding expertise who can help smooth integrations and build customized tooling that can support the push for security automation. As organizations move to an infrastructure-as-code mentality for managing systems, security will be expected to keep up in lockstep.
According to Gartner experts, the drive to improve cloud security competencies in the face of massive enterprise shifts to the cloud is among the top seven security and risk management trends for 2019. As organizations increasingly scale up experimental and edge case cloud deployments, security teams are being stretched thin, Gartner says. This means that organizations and security professionals need to start focusing on building out cloud security skills as soon as possible.
"Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation," says Peter Firstbrook, research vice president for Gartner.
It's definitely a job seeker's’ market out there in the cybersecurity employment pool. According to an about-to-be released report from ISSA and ESG, 74% of organizations today have been impacted by the cybersecurity skills shortage. Meantime, a report released last month from ISACA says that 60% of organizations need a minimum of three months to fill cybersecurity vacancies because there aren't enough bodies to fill seats.
On their face, these stats may engender a bit of complacency from cybersecurity professionals. It would only be natural to figure that anybody with a pulse and some security experience has got it made.
But here's the rub.
Many disruptive forces are at play that are set to drastically change the way security duties are carried out in the coming years. New security automation platforms, new architectures, and complex hybrid cloud implementations require major shifts in bread-and-butter security technical knowledge. Not only is security technology changing rapidly, but so are many of the fundamental roles held by cybersecurity professionals. Tons of emerging technologies and pervasive use of the Internet of Things are touching every aspect of business operating models, and software delivery is becoming more agile and embedded into lines of business. As a result, security pros are tasked to take positions requiring more consultative leadership and more enablement of democratized security across the organization.
That is why even the most veteran security pro can't afford to become complacent about professional development. Those who want to truly future-proof their careers need to start honing new skills now to keep up with the disruptions as they hit the industry. The following are some of the most important skills that will make security professionals more instrumental to their current employers, more recruitable, and more likely to command higher salaries.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024