When things change, the most successful organizations and individuals are those who can learn from the new environment and adapt to the new requirements. In the age of COVID-19, what lessons have infosec professionals been able and willing to learn? Whether you have been busier than ever or recently joined the ranks of the unemployed, cybersecurity pros have been learning new skills to get by -- training in the school of hard knocks or in more formal settings.
So we asked: What types of security training modules have become more or less popular? What types of skill sets are people interested in developing now and why? What is most essential and what isn't? Some of these will have consequences that last for the duration of the pandemic, while a few show consequences that may last for years to come.
What lessons have you learned during the pandemic? Which skills have become more valuable? Let us know in the Comments section, below -- we can all learn from others in the industry!
(Image: dizain VIA Adobe Stock)
More Hunger for Hands-On Skills
"What we have seen recently is somebody really trying to prepare themselves for another job. So in other words, people are joining the Career Paths on the site to prepare themselves for their next level self," says Ryan Corey, CEO and co-founder of online security training library Cybrary.
The focus on skills doesn't surprise Corey. Hiring managers, he says, want to see potential employees who can demonstrate those skills in real-world simulations and situations. Corey points out that Cybrary has seen a dramatic increase in individuals who want to take practical courses with hands-on labs and exercises -- courses that prepare them for an interview process with practical tests as part of the process.
(Image: WrightStudio VIA Adobe Stock)
Less Interest in Certifications
Learning new skills is an important path for individuals in 2020. Earning certifications to prove those new skills to potential employers is much less important, judging from the courses users are taking at e-learning platforms like Cybrary.
"Our use has shifted to 80% preparing the career path now and 20% certifications," says Cybrary's Corey. "Hiring managers have been consistently telling us that they tend to not take the certifications very seriously, and they want to look for skills," Corey says. And in a time of economic uncertainty, individual students also seem much more interested in learning new skills than in learning the very specific knowledge required to pass certification exams.
However, interest in certification courses hasn't completely gone away. "Cybersecurity as an industry is transitioning to a skills-based world as opposed to, in my opinion, a certification based world," he says. The emphasis going forward, he believes, will be on the skills a candidate can prove rather than a certification the candidate can show.
(Image: dizain VIA Adobe Stock)
Everyone Wants to Be a SOC Analyst
One specific area that individuals are studying for is security operations center (SOC) analyst -- a job category that has seen a dramatic increase in interest since the beginning of the year.
"The most dominant one, easily hands down, without a doubt, is the SOC analyst career path," says Cybrary's Corey. He explains that the interest begins at the most junior level and extends to those trying to move from junior to senior levels within the SOC.
One of the reasons some give for interest in the SOC analyst position is that the role exists both in the normal enterprise and at managed security services providers. As such, it is seen as a position that can weather shifts in trends for SOCs to be part of the enterprise or part of a service offering provided to the enterprise.
Even in the SOC analyst training, though, the emphasis from most students is on the practical rather than certification study. Being able to pass a rigorous vetting process is seen as more important than a certification that might get you an initial interview but no more.
(Image: RolandoMayo VIA Adobe Stock)
Less Interest in Penetration Testing
There is one area of cybersecurity skill that has not seen an increase in interest: Corey says he has heard from multiple industry sources that pen testing has seen a marked decline in interest since the beginning of the year. One theory is that the decline in interest is tied to a decline in cybersecurity activities that aren't directly tied to compliance or insurance audits -- a decline in activities that are seen as "nice-to-have" rather than "absolutely essential" by corporate executives.
In many cases, pen testing has become a more consultative role rather than one based strictly on skills, making it more difficult for someone to take a set of courses and be able to advertise their services as a pen tester.
(Image: putilov_denis VIA Adobe Stock)
Cloud Security Rises to the Top
When it comes to securing specific types and areas of IT infrastructure, a couple stand out, with one leading all the rest. While the Internet of Things (IoT) is still an area of significant interest, cloud computing security is the specific study area that floats like a, well, you know, to the top.
"People are taking the systems administrator career paths with us in the cloud because companies are so in demand or they're so much looking for people with cloud skills," says Corey. "And the cloud skills are still thinner out there than I think most hiring managers would like." That thin skill set extends past the systems administration role to security, making individuals with any substantive cloud skills in demand among hiring managers./p>
Even security professionals with skills in traditional infrastructures are looking at learning cloud skills because of the rise in hybrid infrastructures. While some companies have moved to a purely cloud infrastructure, those that are solely on-premises make up a smaller and smaller set of the IT market. Smart professionals understand that cloud security knowledge is important for ensuring job security into the future.