6 Traits to Develop for Cybersecurity Success
Cultivate these half-dozen qualities and watch your career soar.
December 20, 2019
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltfceecb8ecb46fe84/64f0d3bee0ecf195b865e563/Image_1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
From the 1950s through the 1970s, popular magazines carried an ad for the Famous Artists School that asked, "Could you be an artist?" The ad promised that if you had the basic traits for art, you could become a famous artist.
Could the same be said about a cybersecurity career?
Hundreds of thousands of people have gone into the field, but what specific intellectual and personality traits are more useful — ones that make it a bit easier to become a success?
Recently, we looked at some nontechnical degrees that can lead to cybersecurity success. Their existence means success is not just about being good at mathematics or having the right background in computer science. Also worth noting: There are many paths to success in cybersecurity, just as there are many positions within the field. However, certain qualities bear cultivating for anyone who wants to enter — or advance — in the field.
(Image: Alex Po VIA Adobe Stock)
"Within cybersecurity and threat intelligence, getting multiple perspectives on various issues is key to forming a concrete and inclusive analysis," says Harrison Van Riper, strategy and research analyst at Digital Shadows. "Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives which may be impacted."
One of the key reasons experts say diverse viewpoints are so important is that attackers and criminals have diverse motivations and are highly creative in finding new ways to exploit vulnerabilities. Defenders locked into a particular viewpoint or way of thinking are less likely to be able to recognize novel attacks and exploits.
"We all need a greater diversity of thought and background, in addition to traditional diversity concerns, in order to attack the complex problems we face," says Dan Basile, executive director of the security operations center at Texas A&M University System.
Focus can be a good thing, but if it's the only tool in your mental tool chest, then it's likely you'll miss something critical during an attack. Broaden your mental horizons, and you'll increase your value to cybersecurity teams.
Charlie Miller, senior adviser at The Santa-Fe Group, says a penchant for jigsaw puzzles is a good indicator of a person who can work well in cybersecurity. The ability to look at a wide variety of disparate pieces and see how they fit into a whole is something he sees cybersecurity professionals use over and over again in their daily work.
And it's not just the ability to solve puzzles -- it's the delight in doing so that can be important. "Most good hackers tend to want to solve problems, so critical thinking and being able to look at things from varied perspectives gives one an advantage, especially if facing a challenge they've never faced before," says Jason Kent, hacker in residence at Cequence Security.
Because cybersecurity can be a demanding field, the mere ability to solve a puzzle may not be enough to set a candidate apart from others competing for positions. "Personally, I look for passion and the drive to solve a puzzle," Texas A&M's Basile explains. "The technology can be taught -- these two cannot."
"Cybersecurity is not a technical challenge -- it is a human one," says Joseph Carson, chief security scientist at Thycotic. The ability to talk with other human beings, both to understand the evidence of a security issue and to enlist them as allies in the effort to boost the organization's cybersecurity readiness, is important for security professionals.
"Whether you're conducting an investigation of a threat actor or performing incident response, it's important to understand all of the different views and perspectives which may be impacted," Digital Shadows' Van Riper says. Gaining the understanding and then doing something productive to remediate the issues involves both listening and communicating with others.
"The issues we face require a holistic approach to problem-solving, the ability to communicate with others, and the ability to create ways to educate people on the dangers," says Catherine A. Allen, CEO of Shared Assessments. She lists good communication skills as one of the most important traits of a successful cybersecurity professional.
Research in many fields begins with the words, "What if ..." Cybersecurity is no different -- but the combination of a need to ask the question and the willingness to follow through with action is paramount.
In interviews with Dark Reading, industry experts consistently mention curiosity as a defining characteristics of successful cybersecurity professionals. Whether that curiosity is manifested in finding a vulnerability in the organization's infrastructure or learning how to pick a physical lock, the urge to know how stuff works always comes up.
Beyond simple curiosity, though, successful cybersecurity professionals do something with that curiosity -- pushing the button, clicking the link, or typing in the unexpected string to actually see what happens rather than simply wondering as time goes on.
Cybersecurity skills don't just happen. They must be learned and honed --- and the process of perfecting those skills is something that pros should relish, not simply endure.
Tom Garrubba, CISO at Shared Assessments, touts the advantages that musicians can bring to the field. "They're good at following direction and practice at playing the piece perfectly," he explains. "They know they are part of a team and strive to get better to sit in that 'first chair.'"
Practicing the trade is something every cybersecurity professional needs to do. And in order to do it to the extent required for true expertise, enjoying the process (as well as the results) is exceptionally useful. Shared Assessments' Allen describes the trait as being invested in the "practice of continuous learning."
In a field that see adversaries practicing continuous improvement, continuously improving skills and knowledge is critical.
In a previous slide, Thycotic's Carson stated that cybersecurity is a human field, not a technology field. That is echoed by experts who emphasize the ability to listen to users and understand what they do, why that's important to the business, and how cybersecurity issues are impacting them.
"As one advances through their career, communication and understanding the business impact become more and more important," Cequence Security's Kent says. And as Dana Tamir, vice president of market strategy at SilverFort, points out, "Your ability to understand the business, the customers, and their needs is key and can open many doors."
Many of the experts we spoke with discussed the importance of communication, but this goes beyond merely sharing a message. Listening with purpose and working to understand the business and the people who make up the workforce are critical for cybersecurity professionals who want to excel at the multiple dimensions of the field and lead the entire organization to better security.
In a previous slide, Thycotic's Carson stated that cybersecurity is a human field, not a technology field. That is echoed by experts who emphasize the ability to listen to users and understand what they do, why that's important to the business, and how cybersecurity issues are impacting them.
"As one advances through their career, communication and understanding the business impact become more and more important," Cequence Security's Kent says. And as Dana Tamir, vice president of market strategy at SilverFort, points out, "Your ability to understand the business, the customers, and their needs is key and can open many doors."
Many of the experts we spoke with discussed the importance of communication, but this goes beyond merely sharing a message. Listening with purpose and working to understand the business and the people who make up the workforce are critical for cybersecurity professionals who want to excel at the multiple dimensions of the field and lead the entire organization to better security.
From the 1950s through the 1970s, popular magazines carried an ad for the Famous Artists School that asked, "Could you be an artist?" The ad promised that if you had the basic traits for art, you could become a famous artist.
Could the same be said about a cybersecurity career?
Hundreds of thousands of people have gone into the field, but what specific intellectual and personality traits are more useful — ones that make it a bit easier to become a success?
Recently, we looked at some nontechnical degrees that can lead to cybersecurity success. Their existence means success is not just about being good at mathematics or having the right background in computer science. Also worth noting: There are many paths to success in cybersecurity, just as there are many positions within the field. However, certain qualities bear cultivating for anyone who wants to enter — or advance — in the field.
(Image: Alex Po VIA Adobe Stock)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024