One of the reasons companies can't find the cybersecurity savvy professionals they need: There just aren't many tech professionals who have acquired not only the necessary technical skills, but also the 'soft skills' (e.g. they are already employed (often with high salaries and benefits designed to keep them long-term).

With that in mind, if you want to dive into a career in cybersecurity (and there's no reason why you shouldn't, at least in terms of salary), here are some of the traits you'll need to display.

Skills Necessary for a Cyber Security Consultant

Solid work habits

First, you'll need some essential work habits, including the ability to work methodically (and detail-oriented). The following skills are also useful:

Impatience to delve into technical questions and examine them from all sides.

Enthusiasm and a high degree of adaptability.

Strong analytical and diagnostic skills.

A current understanding of common web vulnerabilities.

Maintain awareness and knowledge of contemporary standards, practices, procedures, and methods.

Transversal skills

This is in addition to the aforementioned soft skills; Remember, security professionals often need to communicate complicated topics to people who may not have very high technical training (such as C-suite executives). With this in mind, mastering the following is often a requirement for moving to more advanced positions on the cybersecurity ladder:

Excellent presentation and communication skills to communicate effectively with management and clients.

Ability to clearly articulate complex concepts (both written and verbal).

Skill, understanding and use of active listening skills (especially with clients!).

From a cybersecurity perspective, soft skills will also help identify examples and explain social engineering, which is a pervasive problem within the security community. You can implement all kinds of hardware and software security measures, but hackers can still use social engineering to persuade unsuspecting employees to give them passwords, credentials, and access to otherwise secure systems.

Technical skills

What technical skills do cybersecurity professionals need? This question is a bit more difficult to answer, as there are many sub-disciplines in the field of cybersecurity. That said, many of these jobs share a common technical foundation.

To get started, IT professionals need to understand the architecture, administration, and management of operating systems (various Linux distributions, Windows, etc.), networking, and virtualization software. In other words, learn and love things like firewalls and network load balancers. This is in addition to general software programming / development concepts and software analysis skills.

You should also understand the most common programming languages, including Java, C / C ++, disassemblers, assembly language, and scripting languages ​​(PHP, Python, Perl, or shell).

Many employers require certifications as a requirement for employment, and it's easy to see why. In a recent survey, the International Information Systems Security Certification Consortium (ISC) ² found that a degree and certifications were often an important factor in hiring. “Cybersecurity certifications are essential to demonstrate the level of knowledge of a cybersecurity professional. However, they should never be the only reference, "Joseph Carson, chief security scientist at security services provider Thycotic, told Dice in an email.

Potentially important certifications include the following:

CEH (certIfied ethical hacker)

OSCP (Certified Offensive Security Professional)

CISA (Certified Information Security Auditor)

GCIH (GIAC certified accident manager)

Certified Information Systems Security Professional (CISSP)

Information Systems Security Architecture Professional (CISSP-ISSAP)

Information Systems Security Engineering Professional (CISSP-ISSEP)

Information Systems Security Management Professional (CISSP-ISSMP)

While these types of certifications are helpful and show employers that the candidate is interested in continuing education, "the certifications need to be combined with solid industry experience to obtain the correct level of required skills," added Carson.

Ability to implement

Any good cybersecurity professional knows how to look at a company's security setup from a holistic perspective, including threat modeling, specification, implementation, testing, and vulnerability assessment. They also understand the security issues associated with virtualization software, networking, and operating systems.

But it's not just about understanding; it's also about implementation. They study the architecture of systems and networks, then use that information to identify the security controls in place and how they are used. The same is true of weaknesses in databases and application deployment.

Young cybersecurity professionals can use their programming skills to write tools that automate certain security tasks; Depending on the company's technology stack, there is often a selection of predefined tools available that also automate many functions.

Managerial skills

Meanwhile, senior cybersecurity professionals should organize and coordinate technical vulnerability assessments, including system and network vulnerability assessments, penetration testing, web application assessments, social engineering assessments, physical security, wireless security assessments, and implementation of secure infrastructure solutions.

They recommend and establish the technical direction for the management of security incidents and ensure the integrity of the resulting process and approach. In terms of using soft skills, they will have to explain to management (and show forensically) how an attack was carried out.

Understand the big picture

Professionals at all levels not only understand safety concepts and principles; they also know the most up-to-date regulations on security and privacy. For example, the California Consumer Privacy Act of 2018, which offers some modest penalties for privacy violations, will become law on January 1, 2020. Not surprisingly, many analysts regularly identify security and privacy. as the two biggest problems businesses face today: not keeping your data safe not only leaves your data open to hackers, but you can also risk fines from government agencies increasingly interested in how your data is handled. data.