Top 8 Cybersecurity Skills IT Pros Need in 2018
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blte77df6b39e936a3d/64f0d73c5375e5b901203da9/01-Page1.jpg?width=700&auto=webp&quality=80&disable=upscale)
One-fifth of CIOs expect to expand their IT teams in the first half of 2018, a new report found, and nearly one quarter of the respondents cite cybersecurity as their top priority.
The survey results in the the Robert Half Technology IT Hiring Forecast and Local Trends Report also found that 43% of respondents point to cybersecurity as the technical skill in highest demand at their organization.
"When we entered 2017, the talking points were about bridging the gap between security and IT. But with sophisticated technical breaches and ransomware attacks like WannaCry, there is a return back to incident response and more technical skills, which are hard to find," says Owanate Bestman, information security contract consultant at Barclay Simpson.
As for technical skills, "play to your strengths," Bestman advises. "If you are a generalist IT manager, a business-facing security manager role that buys security software for the organization or launches security training may work. Or, if you are a network architect, then potentially you could make the transition to a security network architect."
Here are the eight key cybersecurity skills that IT professionals - as well as IT security pros - should have in 2018, say career and job experts.
IT staffs should be aware that the cybersecurity industry is undergoing a shift from a laser focus on the perimeter, to detection and response, says Gus DeCamargo, Korn Ferry's North America practice leader for information technology and cybersecurity.
As a result, IT professionals who possess a natural curiosity and love to solve mysteries may be well-suited for this 2018 shift that calls for threat hunting and incident response skills, career and job experts say.
In an ESG/ISSA report, Through the Eyes of Cybersecurity Professionals, 33% of the 371 survey respondents said their organization had an acute shortage of security analysis and investigation skills.
"We have already seen demand for this in the later part of this year and it will continue in 2018," Bestman says. He adds that cybersecurity professionals should drill down into digital forensic skills for identifying and isolating ransomware, as well as state-sponsored attacks, for instance.
Although the need for organizations to possess cloud security architecture skills is not exactly new, the demand is expected to continue to grow next year, Bestman says.
Cloud security architect skills are in demand the most, especially if your organization works with certain cloud platforms, such as Microsoft's Azure and Amazon's AWS, he says.
Twenty-two percent of survey respondents in the ESG/ISSA report listed cloud security skills as in short supply.
Candy Alexander, an information security consultant and board member of the Information Systems Security Association (ISSA), says companies will need cloud security skills to handle their risk posture, despite transferring their SOC to the cloud, for example.
A wide range of roles throughout an IT department, including cybersecurity, call for customer service skills to some degree, because there is a need to interact with internal customers, or co-workers, clients, and partners, says Mark Aiello, cybersecurity and operations vice president for Signature Consultants.
Using a cybersecurity example to drive his point home, Aiello says: "Some people may get hot under the collar when a breach is communicated internally. The incident response team, for example, needs to let these people vent before moving onto solving the problem."
In the ESG/ISSA report, 32% of survey respondents noted a sharp shortage of application development security skills at their organization. As more companies develop applications - including mobile apps - there is a constant and growing call for organizations to bake security into their development process from the get-go, rather than adding it later on, say career and job experts. As a result, app developers may find themselves facing a need to learn some security skills.
"I would not be surprised to see app security become even more significant at organizations in the future," Alexander says. "For as long as I can remember, we in the security profession have griped over how it would be so much easier and cost-effective to do security during development than applying it later. This would be a proactive approach to take, rather than a reactive approach like threat analysis and investigation."
Bestman, meanwhile, notes requests for app development security skills tend to comprise 15% to 20% of employer job requests.
Two important security skills IT professionals need to possess are analyzing risk and then negotiating with other departments within the organization to minimize risks, says Aiello. He adds that risk management professionals and project managers tend to need these security skills as well.
"One thing that has come through is businesses don't understand security and technology, but they are more familiar with risk and compliance," says Alexander, pointing to the ESG/ISSA survey results, in which 22% of respondents noted a shortage in risk analysis and compliance skills at their organization.
IoT devices present a large landscape for attack surfaces because the software for these devices are usually not secure, DeCamargo says.
"The IoT skills needed are ones to secure the platforms and devices, and the interconnectivity of these devices and systems," he says.
Network administrators, for example, may not view their cadre of printers as IoT devices, which can be at risk for an attack. As a result, network administrators and chief security architects, with a view across all the endpoints, need to have IoT security skills, say career and job experts.
Data scientists and IT professionals with data management predictive-analytics skills are the best suited for picking up cybersecurity data management skills, says DeCamargo.
"The volume of data companies manage today is overwhelming, and to respond to vulnerabilities and threats is hard to do when you have so much data in your environment," says DeCamargo.
As a result, security data management and analytic skills are in sharp demand, he notes.
Risk and compliance IT professionals, as well as security executives and managers, all need good communication skills, Bestman notes.
Communication skills are imperative for IT professionals and cybersecurity workers who interact with non-technical colleagues, customers, and executives, security career experts say.
"Cybersecurity is a boardroom topic right now," Aiello says. "I would not be surprised if everyone from the technical worker to the CISO is summoned to present to the board."
Risk and compliance IT professionals, as well as security executives and managers, all need good communication skills, Bestman notes.
Communication skills are imperative for IT professionals and cybersecurity workers who interact with non-technical colleagues, customers, and executives, security career experts say.
"Cybersecurity is a boardroom topic right now," Aiello says. "I would not be surprised if everyone from the technical worker to the CISO is summoned to present to the board."
One-fifth of CIOs expect to expand their IT teams in the first half of 2018, a new report found, and nearly one quarter of the respondents cite cybersecurity as their top priority.
The survey results in the the Robert Half Technology IT Hiring Forecast and Local Trends Report also found that 43% of respondents point to cybersecurity as the technical skill in highest demand at their organization.
"When we entered 2017, the talking points were about bridging the gap between security and IT. But with sophisticated technical breaches and ransomware attacks like WannaCry, there is a return back to incident response and more technical skills, which are hard to find," says Owanate Bestman, information security contract consultant at Barclay Simpson.
As for technical skills, "play to your strengths," Bestman advises. "If you are a generalist IT manager, a business-facing security manager role that buys security software for the organization or launches security training may work. Or, if you are a network architect, then potentially you could make the transition to a security network architect."
Here are the eight key cybersecurity skills that IT professionals - as well as IT security pros - should have in 2018, say career and job experts.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024