Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/14/2016
10:30 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

5 Soft Skills Young Cybersecurity Professionals Need to Get Ahead

Today's employers aren't looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.

It’s no surprise that, among the myriad concentrations that fall under the banner of “IT careers,” cybersecurity looms large. According to CompTIA’s IT Industry Outlook report, information security analyst snagged the number-one spot for IT occupation growth in 2015. At the end of 2014, the number of information security analyst openings stood at around 17,500; a year later, it reached more than 25,000.

For Class of 2016 graduates seeking career paths in this burgeoning field, professional success starts with making sure your skills stand out among the competition. Mastering identity management and device encryption techniques are table stakes for landing a cybersecurity job today. Though technical chops are prerequisites, it’s the soft skills – including communication and a knack for problem-solving – that will differentiate candidates from the pack.

IT has evolved from a back-office function to the main artery that keeps an organization running smoothly. As a result, employers aren’t looking simply for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply their security expertise across the business in order to yield bottom-line results.

Here are five in-demand soft skills aspiring cybersecurity gurus need to get ahead:

Skill #1: Strong research and writing instincts: One of the most important tasks enterprise cybersecurity teams take on is policy creation and enforcement. According to recent CompTIA research, 45 percent of hiring managers admit having a key security skills gap around “policy development and implementation” in their organizations. Businesses of any size and industry need some type of security plan that includes end user guidelines, incident response protocol and governance structures. To establish sound policies, cybersecurity staff must be equipped to conduct exhaustive research into industry best practices and work with end users to understand how they use technology on a daily basis – then synthesize those insights into a thoughtful policy.

Skill #2: A teacher’s disposition: Along with crafting policies, cybersecurity pros must be able to educate their colleagues about safe technology habits, and instill an awareness about the risks of poor IT hygiene. A 2015 survey of full-time employees found that almost half don’t receive any sort of cybersecurity training at work – illustrating organizations’ persistent need for internal mentors. To demonstrate even more value to potential employers, cybersecurity job-seekers should highlight their ability to communicate dense, technical information in a palatable way.

Skill #3: Collaboration: In the U.S., 49 percent of business and IT executives rank teamwork as the top soft skill any IT professional should possess, according to CompTIA’s International Technology Adoption and Workforce Trends study. Knowing how to navigate projects and difficult conversations with anyone from the CIO to end users, and even vendors, is an essential trait for cybersecurity workers. More lines of businesses are getting involved in their organizations’ IT decision-making process, and cybersecurity teams must be able to partner with each of them effectively. An inclusive, patient, and open-minded attitude can go a long way when managing major IT security initiatives across teams or office locations.

Skill #4: Consultative thinking: In many ways, cybersecurity professionals (even those who work in-house) have to think like a consultant, whether they’re advising the IT department on a new investment, or helping the accounting team evaluate the security of a cloud-app they plan to adopt. Cybersecurity experts should be able to look at the big picture and ask the right questions of their colleagues and senior management in order to solve real business problems. Rather than operate at a purely tactical level, security staff should know how to layout project plans that their efforts can be executed and measured against (and understand how their work impacts the organization’s bottom-line.)

Skill #5: A passion for learning: To work in cybersecurity, you’ll need to be a lifelong student as much as a teacher. The IT threat landscape is constantly changing: today’s issues run the gamut from advanced persistent threats to phishing and inside vulnerabilities, but the scene could look vastly different months or years from now. As the playing field moves from traditional hardware and software to Internet-enabled devices and the cloud, the nature of cyberattacks against consumers and businesses will evolve. Employers want proactive cybersecurity experts who are always exploring, and finding ways to get ahead of, tomorrow’s biggest challenges.

There is tremendous opportunity for recent graduates who want to break into the cybersecurity space. Remember though: hiring managers will be inundated with resumes and applications overloaded with technical buzzwords. To grab their attention, strike a balance between showcasing your soft skills and your IT pedigree. 

Black Hat USA returns to the Mandalay Bay in Las Vegas July 30 - Aug. 4, 2016. Click for the conference schedule, including a two-day Cybersecurity Summit, and to register.

 

Related Content: 

 

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Todd Thibodeaux
50%
50%
Todd Thibodeaux,
User Rank: Apprentice
6/16/2016 | 12:57:05 PM
Re: Soft Skills
Thanks GonzSTL. The additional insight is apperciated. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
6/16/2016 | 11:36:04 AM
Soft Skills
Two things I always tell my students:

1. Companies like to hire geeks to keep their IT infrastructure running, but no one wants to hire a geek with the personality of a door knob.

2. Be prepared to communicate orally and in written form, to convey a message that addresses your audience appropriately. By all means, geek out when talking to your tech colleagues, but also know that when your message should be fit for executive consumption, craft that message accordingly.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4108
PUBLISHED: 2019-11-14
Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.
CVE-2018-12207
PUBLISHED: 2019-11-14
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
CVE-2019-0117
PUBLISHED: 2019-11-14
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics may allow a ...
CVE-2019-0123
PUBLISHED: 2019-11-14
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SGX, may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2019-0124
PUBLISHED: 2019-11-14
Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TXT, may allow a privileged user to potentially enable escalation of privilege via local access.