8 Hot Skills Sought By IT Security Departments
No company wants to leak customer data, have intellectual property stolen, or experience business services taken offline. Those that recognize these risks are thus scrambling to hire the right people to fill their information security roles.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt5a600071b08be9af/64f0d8e863b06d6fe5b9852f/01-image.png?width=700&auto=webp&quality=80&disable=upscale)
When it comes to picking the top skills needed to fill the massive number of open positions in the information security industry, Wils Bell, security recruiter at SecurityHeadhunter.com, says:
"All cybersecurity appears hot, and no one area is hotter than others. But if I had to pick one, application security (AppSec) is up there."
According to Bell, organizations face two key challenges when hiring for all cybersecurity positions:
Organizations are not willing to pay the going rate for experienced talent.
Many candidates are not nearly as good as they think; they have successfully entered the field of cybersecurity, but are not strong in terms of skills.
Here's a list of five hot skills in cybersecurity as curated from a collection of talent and security service firms. In addition to the hands-on skills, Bell reminds employers that leadership also is a critical skill.
(Note: Job search results referenced on slides were collected from Indeed.com on Oct. 26.)
Indeed job search: information security vulnerability = 10,957 job openings
Common job title keywords: Analysts, Engineers, Specialist
1,993 of the positions pay over $115K per year
Most (648) located in Washington, DC
As NRI SecureTechnologies' VP of business development Zachary Scott and account executive Danielle Kingsbury explain, knowledge of the latest vulnerabilities would be applied when reviewing logs pre- and post-breach. In a pre-breach situation, such knowledge would allow analysts to validate that a vulnerability is relevant for their environment and determine its priority for further investigation. In a post-breach situation, knowledge of the latest vulnerabilities would be applied to understand the path attackers took to succeed in their compromise.
In-depth knowledge of the latest vulnerabilities increases the awareness of and the determination between threats and white noise. This knowledge can streamline operations and allow analysts to save time and energy by focusing on what really matters. This is also a cost-saving process, because analysts are assigned to the tasks that matter most instead of chasing vulnerabilities that may not threaten the business.
While this skill can be learned through ongoing research, it is most applicable when learned on the job. The vulnerabilities, while common across the industry, are unique to each environment in that they may or may not exist, or they may not be exploitable even if they do exist.
Skill information provided in part by Jonathan Sander, VP at Lieberman Software.
Indeed job search: information security incident response = 7,605 job openings
Common job title keywords: Manager, Officer, Specialist, Architect
1,495 of the positions pay over $110K per year
Most (399) located in Washington, DC
Incident response skills can be applied to handle the response for incidents and vulnerabilities identified by security operations systems and incident detection systems. If we take this to the next level by adding automation to the mix, we find the following:
Indeed job search: information security incident automation = 1,265 job openings
Common job title keywords: Analyst, Officer, Architect
232 of the positions pay over $120K per year
Most (48) located in Washington, DC; Herndon, VA comes in a close second with 42 job openings
"By creating scripts and other means to automate the response process, the value to the security team comes in the form of a shortened mean-time-to-repair and a limit to the damage caused by any incident," Sander says.
"Basic automation skills, [such as] scripting, can certainly be gained through reading books, but the knowledge of which response should be married to which incident or vulnerability takes a great deal of on-the-job experience," he says.
Note: Indeed job search results collected on 26-Oct-2016
When it comes to picking the top skills needed to fill the massive number of open positions in the information security industry, Wils Bell, security recruiter at SecurityHeadhunter.com, says:
"All cybersecurity appears hot, and no one area is hotter than others. But if I had to pick one, application security (AppSec) is up there."
According to Bell, organizations face two key challenges when hiring for all cybersecurity positions:
Organizations are not willing to pay the going rate for experienced talent.
Many candidates are not nearly as good as they think; they have successfully entered the field of cybersecurity, but are not strong in terms of skills.
Here's a list of five hot skills in cybersecurity as curated from a collection of talent and security service firms. In addition to the hands-on skills, Bell reminds employers that leadership also is a critical skill.
(Note: Job search results referenced on slides were collected from Indeed.com on Oct. 26.)
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024