Given the onslaught of evolving threats to organizations around the world, there’s a great need for cybersecurity professionals.
By some estimates, there are currently about 3.5 million unfilled cybersecurity jobs globally, including an estimated 750,000 in the United States.
That doesn’t mean just anyone should be hired to run cybersecurity at your organization.
While the general roles and responsibilities couldn’t be any more different for the variety of cybersecurity jobs out there, here are seven qualities that just about every cybersecurity professional should have before you hire them.
There is no shortage of threats, both known and unknown. Every cybersecurity professional—whether you’re an information security analyst or security architect—who works in the field needs to have the ability to think critically and make informed decisions about the information they’re presented on a daily basis. It goes beyond the ability to analyze huge quantities of data. Cybersecurity professionals need to identify patterns, evaluate risks, and often make proactive or reactive decisions, sometimes under immense pressure.
If you’re on the technical side of things, you’ll need critical thinking for threat analysis and detection, as well as security incident handling and remediation. If there is an incident, how serious is it? What are the immediate and most pressing risks? What vulnerabilities are they exploiting? How should we prioritize and remediate security incidents? What security protocols do we need? What are the impacts?
Almost all cybersecurity positions have an element of risk management to them, even if you aren’t a risk specialist. Cybersecurity professionals have to assess the likelihood and impact of potential cyber threats, prioritize risks, and allocate resources accordingly. They have considered various factors, such as the value of the assets at risk, the potential consequences of a breach, and the feasibility of implementing mitigation measures.
You also have to stay on top of your game and learn to think both like an employee and like a hacker. 60% of cyber incidents are caused by internal parties, either inadvertently or maliciously. You have to think about the ways malicious actors will manipulate their way into the company and how you can proactively take steps to prevent them from accessing the information they want. Critical thinking and strong analytical skills are the basic cybersecurity skills every professional should have, regardless of the role.
Cybersecurity is not an area where you can succeed through a decades-long career after completing one cybersecurity bootcamp. For those filling even entry level cybersecurity jobs, it’s important to understand that threats, methods, and technologies are all changing so rapidly that what was once true today could be completely irrelevant tomorrow.
The sharp rise in AI is a good example of how things can quickly change. Ten years ago, the idea of easy-to-access deepfake software would’ve been a threat for social engineering attacks. Now, it’s commonplace.
Likewise, even just five years ago, the attack surface of a company’s endpoints were fairly concentrated within office spaces. The pandemic upended that, and now endpoints are spread out across the world with the move to remote work.
A good cybersecurity professional needs to understand the industry demands the ability to learn and grow as things shift and change.
Cultural fit is another important quality to look for when attempting to fill a cybersecurity job. It’s not just about meshing with the team and the company. It’s about making the organization stronger overall.
For instance, when people from different cultures work together, they learn to communicate and collaborate more effectively. This is essential in cybersecurity, where teams need to be able to share information quickly and efficiently in order to respond to cybersecurity threats.
This is a big one, because, depending on your organization, you may not likely know a lot about cybersecurity. Whether you’re hiring a new team manager, an individual contributor, or an outside company to run your cybersecurity operation, you need to be able to trust them.
And not just trust that they’re doing right by protecting your endpoints or network security and, thereby, business. But whoever is acting as the point person for your cybersecurity must be to be counted on when something goes wrong, because in those moments, time is completely of the essence. If alerts start sounding in the middle of the night, for instance, you must be able to rely on them to take action immediately and not let things sit until the next day.
You don’t always need a technical background to work in cybersecurity, but you will require a solid understanding of existing and emerging technologies, network security, and security threats…whether you work in Marketing, HR, or any other role.
If you’re getting hands-on with cybersecurity at an organization, like a information security analyst, some of the skills required for cybersecurity include:
Aside from the technical skills required for a role in the field, a general interest in emerging technology and the world around you also helps. Ours is a rapidly evolving environment, and continuous learning is a requirement in the cybersecurity sector. If you want to hone your cybersecurity skills, stay curious.
Having a genuine passion for what you do doesn’t fall easily into the category of hard or soft skills you can learn, but it is one of the main characteristics to look for in cybersecurity professionals.
It’s been proven you’re generally better at your job if you care about what you’re doing, and cybersecurity is no different.
Plus, remembering that there are human beings behind every data set and livelihoods, families, and an economy behind every client account matters.
Communication skills are often dismissed as “soft skills,” but it’s as important as any other aspect of the job. In fact, it’s one of the most important security skills you need to have to succeed in this field.
If you’re in a hands-on role, you may be working with customers as well as security teams. This means you’ll need the ability to explain complex security concepts in a clear and concise way to non-technical users. Concepts around information security and network security aren’t always things most people encounter in their day-to-day activities, so it’s important to be able to convey the importance in protecting these areas in a way that hits home.
That’s because whatever cloud security or network security protocols and systems you put into place are often only as good as the non-technical people responsible for adhering to them. You need to explain exactly why technical concepts like access management or implementing a defensive cybersecurity framework are so important. A little security awareness training for non-technical people can go a long way, and stressing the importance of that also takes good communication skills.
Then there’s your team. Cybersecurity is a group effort, and effective communication is essential for collaboration among different teams and departments. This includes sharing information quickly about threats, vulnerabilities, and security incidents, as well as coordinating responses and solutions to prevent the disruption of your client’s business operations. This all goes double for implementing a cybersecurity framework as a preventative strategy; everyone must be able to speak a common language.
When a security incident occurs, clear and timely communication is essential for managing the situation and minimizing the impact. This includes communicating with affected employees, customers, and stakeholders, as well as providing updates on the situation and the steps being taken to remediate the incident. Not all communication will be verbal.
Maintaining accurate records and reports is part of the job; everyone needs to learn from incidents. Technical writing is used to document security policies, procedures, and guidelines, which help to ensure that all employees are aware of and understand the organization’s security requirements.
You’ll also need to develop communication plans, which outline how the client or the company will communicate with employees, customers, and partners in the event of a security incident.
Cybersecurity jobs require a variety of technical and non-technical skills, and if you’re looking to fill a role, these are just some of the qualities to take into account. As we’ve stressed in this article, the importance of strong cybersecurity is only increasing, and organizations are only as protected as the people they put in place to manage those safeguards.