Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/14/2016
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead

Today's employers aren't looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.

It’s no surprise that, among the myriad concentrations that fall under the banner of “IT careers,” cybersecurity looms large. According to CompTIA’s IT Industry Outlook report, information security analyst snagged the number-one spot for IT occupation growth in 2015. At the end of 2014, the number of information security analyst openings stood at around 17,500; a year later, it reached more than 25,000.

For Class of 2016 graduates seeking career paths in this burgeoning field, professional success starts with making sure your skills stand out among the competition. Mastering identity management and device encryption techniques are table stakes for landing a cybersecurity job today. Though technical chops are prerequisites, it’s the soft skills – including communication and a knack for problem-solving – that will differentiate candidates from the pack.

IT has evolved from a back-office function to the main artery that keeps an organization running smoothly. As a result, employers aren’t looking simply for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply their security expertise across the business in order to yield bottom-line results.

Here are five in-demand soft skills aspiring cybersecurity gurus need to get ahead:

Skill #1: Strong research and writing instincts: One of the most important tasks enterprise cybersecurity teams take on is policy creation and enforcement. According to recent CompTIA research, 45 percent of hiring managers admit having a key security skills gap around “policy development and implementation” in their organizations. Businesses of any size and industry need some type of security plan that includes end user guidelines, incident response protocol and governance structures. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis – then synthesize those insights into a thoughtful policy.

Skill #2: A teacher’s disposition: Along with crafting policies, cybersecurity pros must be able to educate their colleagues about safe technology habits, and instill an awareness about the risks of poor IT hygiene. A 2015 survey of full-time employees found that almost half don’t receive any sort of cybersecurity training at work – illustrating organizations’ persistent need for internal mentors. To demonstrate even more value to potential employers, cybersecurity job-seekers should highlight their ability to communicate dense, technical information in a palatable way.

Skill #3: Collaboration: In the U.S., 49 percent of business and IT executives rank teamwork as the top soft skill any IT professional should possess, according to CompTIA’s International Technology Adoption and Workforce Trends study. Knowing how to navigate projects and difficult conversations with anyone from the CIO to end users, and even vendors, is an essential trait for cybersecurity workers. More lines of businesses are getting involved in their organizations’ IT decision-making process, and cybersecurity teams must be able to partner with each of them effectively. An inclusive, patient, and open-minded attitude can go a long way when managing major IT security initiatives across teams or office locations.

Skill #4: Consultative thinking: In many ways, cybersecurity professionals (even those who work in-house) have to think like a consultant, whether they’re advising the IT department on a new investment, or helping the accounting team evaluate the security of a cloud-app they plan to adopt. Cybersecurity experts should be able to look at the big picture and ask the right questions of their colleagues and senior management in order to solve real business problems. Rather than operate at a purely tactical level, security staff should know how to layout project plans that their efforts can be executed and measured against (and understand how their work impacts the organization’s bottom-line.)

Skill #5: A passion for learning: To work in cybersecurity, you’ll need to be a lifelong student as much as a teacher. The IT threat landscape is constantly changing: today’s issues run the gamut from advanced persistent threats to phishing and inside vulnerabilities, but the scene could look vastly different months or years from now. As the playing field moves from traditional hardware and software to Internet-enabled devices and the cloud, the nature of cyberattacks against consumers and businesses will evolve. Employers want proactive cybersecurity experts who are always exploring, and finding ways to get ahead of, tomorrow’s biggest challenges.

There is tremendous opportunity for recent graduates who want to break into the cybersecurity space. Remember though: hiring managers will be inundated with resumes and applications overloaded with technical buzzwords. To grab their attention, strike a balance between showcasing your soft skills and your IT pedigree. 

Black Hat USA returns to the Mandalay Bay in Las Vegas July 30 - Aug. 4, 2016. Click for the conference schedule, including a two-day Cybersecurity Summit, and to register.

 

Related Content: 

 

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Todd Thibodeaux
50%
50%
Todd Thibodeaux,
User Rank: Apprentice
6/16/2016 | 12:57:05 PM
Re: Soft Skills
Thanks GonzSTL. The additional insight is apperciated. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
6/16/2016 | 11:36:04 AM
Soft Skills
Two things I always tell my students:

1. Companies like to hire geeks to keep their IT infrastructure running, but no one wants to hire a geek with the personality of a door knob.

2. Be prepared to communicate orally and in written form, to convey a message that addresses your audience appropriately. By all means, geek out when talking to your tech colleagues, but also know that when your message should be fit for executive consumption, craft that message accordingly.
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7747
PUBLISHED: 2020-10-20
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
CVE-2020-7748
PUBLISHED: 2020-10-20
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVE-2020-7749
PUBLISHED: 2020-10-20
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page wh...
CVE-2020-5640
PUBLISHED: 2020-10-20
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.
CVE-2020-15256
PUBLISHED: 2020-10-19
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin...