Before we dig into the most in-demand cybersecurity skills, let’s first look at some additional context that will help us better understand the field.
Take the harm caused by cybercriminals’ exploitation of Equifax as an example. In 2019, hackers found and took advantage of a security vulnerability in an outdated platform that handled quests for consumer credit freezes, fraud alerts and credit reports. The Federal Trade Commission (FTC) estimates that millions of consumers had interacted with the at-risk site before the hack.
“The complaint outlines the specifics,” one FTC staff member wrote at the time, “but suffice it to say that for infocrooks looking for Social Security numbers, dates of birth, credit card numbers, expiration dates, and the like, the data on ACIS was Grade A primo stuff.”
The Equifax scandal was a bad look for the company, absolutely — and it was accompanied by equally as bad, if not worse, implications for consumers. The kind of information that the credit agency inadvertently made available had the potential to be exploited for identity fraud and posed an expensive toll on victims; according to a study published by Javelin Strategy & Research, annual out-of-pocket fraud costs topped $1.7 billion nationwide in 2018.
Why the Demand for Skilled Cybersecurity Professionals is Growing
These attacks demand countermeasures — and illustrate why cybersecurity professionals are so important. In recent years, demand for skilled cybersecurity professionals has skyrocketed, creating an ideal hiring landscape for tech-savvy professionals.
According to research recently published by nonprofit cybersecurity organization (ISC)2, 63 percent of surveyed businesses in North America say that they have a shortage of cybersecurity-savvy IT professionals. Similarly, 59 percent say that their organizations are “at moderate or extreme risk of cybersecurity attacks” because of that deficit.
This awareness has prompted action; (ISC)2 researchers report that 48 percent of respondents say that their businesses intend to increase cybersecurity staffing in the upcoming year. Researchers for Markets and Markets estimate that we will continue to see significant growth in the next few years, with the cybersecurity industry growing from $152.71 billion in 2018 to $248.6 billion by 2023.
Opportunity abounds for aspiring cybersecurity professionals — and so does the probability of building a rewarding career. The majority (68 percent) of those polled in the (ISC)2 study say that they are either “very” or “somewhat” satisfied in their current job. That level of job satisfaction is nothing to scoff at; in 2019 across all industries, 54 percent of U.S. employees reported feeling satisfied with their job.
If you’re interested in contributing professionally to this in-demand field, you can opt to get a college degree to prepare for your career, or you can look at alternative routes, like a cybersecurity boot camp, that offer a more specialized education within a shorter timeframe and at a lower cost than many conventional postsecondary degree programs.
Take the time to research your options and decide which educational track would work best for you. It’s important to note that many companies have specific mandates for cybersecurity positions, so looking into the most common requirements can help when you begin applying for jobs. No matter what path you choose to obtain your education in cybersecurity, you’ll need a few technical (and non-technical) skills to succeed.
Let’s look into a few of the most important, and most in-demand, skills you’ll need if you want to work in cybersecurity:
1. Risk Assessment
Cybersecurity professionals need to know how to perform a risk assessment for their organization. Why? Because the near-limitless methods a hacker can use to cause trouble make it virtually impossible to defend against every single possibility, even with a team of the most knowledgeable IT professionals.
Risk assessment is an integral part of a cybersecurity skill set because it allows you to identify and prioritize the vulnerabilities in a system’s defenses that are most likely to be attacked by a hacker. Having the ability to assess the greatest risks in a system and resolve them will allow you to be more effective and proactive when it comes to protecting that system.
2. Linux Server Administration
If you’re planning on building a career in the cybersecurity industry, you need to familiarize yourself with Linux. Linux is a transparent, versatile framework that can be adapted to allow users to scan networks and use system services in a way that most operating systems wouldn’t usually allow.
Perhaps most importantly, basic Linux is open-source software, which means its source code is free and can be modified. Because of this easy accessibility, a significant number of cybersecurity tools run on a Linux foundation. Take Kali Linux, for example, which was built specifically for penetration testing (see below) and digital forensics. Being able to navigate Kali or, at a minimum, basic Linux, is a necessary skill for cybersecurity professionals.
The odds are good that you’ve heard of Kerberos — just not this Kerberos. In Greek mythology, the name refers to a fearsome three-headed dog who guards the gates of Hades and, armed with a lion’s claws and a mane of serpents, prevents the dead from escaping the Underworld.
Clearly, the developers who designed the Kerberos cybersecurity protocol had high hopes for their work. This tool ensures that only approved users can access a secure server, even when using an insecure network connection. To understand Kerberos, it’s helpful to have a grasp on cryptography, the principle that underpins the tool.
To borrow a definition from Computing Concepts, cryptography “applies algorithms to shuffle the bits that represent data in such a way that only authorized users can unshuffle them to obtain the original data.” Kerberos uses cryptography to make sure that only approved clients have access to a secured server, then encrypts all communication between the two to guarantee data integrity and user privacy.
Splunk is a service that specializes in compiling security information and allowing its users to respond to cybersecurity threats. This software helps security teams gather data from a variety of access points and develop well-reasoned cybersecurity strategies suited to a business’s unique security needs and vulnerabilities. But Splunk’s usefulness extends beyond information alone; this tool can also conduct continuous monitoring activities, take proactive security measures and facilitate both risk assessments and security operations.
As you might be able to guess from the technicality and scope of the description, Splunk is one of the most useful information security skills you can learn as you look to grow your cybersecurity career.
5. Digital Forensics
When it comes to cybersecurity, many professionals work toward increasing digital security and preventing hacks from occurring in the first place. However, hacks do still occur, compromising sensitive information in the process. That’s where digital forensics comes into play. After an attack, digital forensics experts work to recover the lost data, identify the origins of the attack and work to improve cybersecurity defenses. While a foundational understanding of digital forensics is important for any cybersecurity professional, you can also opt to specialize in this field, especially if you are interested in the intersection of cybersecurity IT and the law.
6. Penetration Testing
If you’re going to be a cybersecurity specialist, you need to know your way around penetration testing. This method of improving your cybersecurity defenses involves staging a real, attempted hack on your servers. Organizations sometimes hire freelance hackers whose entire careers are spent working with companies to try to hack into their systems and steal information, with the company’s knowledge, to see where defenses could best be improved. For any company that stores sensitive data, regular penetration testing is a must.
Cybersecurity professionals who specialize in penetration testing are generally known as a “white hat,” or ethical hacker. Once a security system is in place for a server, these professionals will attempt to hack it. If successful, the carefully-documented hack provides the organization’s cybersecurity team with data that they can use to develop better protection strategies and resolve potential vulnerabilities before a real hacker comes knocking.
Want to try your hand at white-hat hacking? Metasploit is a penetration-testing framework that you can access at no cost. It’s also pre-installed into Kali Linux!
In the words of two cybersecurity writers for Just Security, “At the end of the day, cybersecurity is about human beings, not computers.”
They have a point. Humans hack; humans also create defenses. Humans are responsible for resolving vulnerabilities after a breach and following up to locate the perpetrators.
While it may seem easy to focus solely on numbers and code and data when working in cybersecurity, empathy is an essential addition to your cybersecurity skills list. If you can learn to be empathetic to victims of a hack, as well as those committing it, it helps you identify how best to defend against those attacks. Without empathy, you may find it challenging to address the emotional, as well as technical, aspects of your role.
Collaboration is another vital tool in your cybersecurity skills arsenal. While some organizations only employ one cybersecurity professional, many others — especially large companies like Microsoft or Experian, who have lots of sensitive information to protect — engage teams of professionals. Knowing how to work well in a group means you can better identify weaknesses in the system and create a strong defense plan. Open communication can lead to unique perspectives and dialogues that one person could not have arrived at on their own. With effective collaboration, everyone on a team can share and employ their hard-won expertise and industry knowledge to the entire team’s benefit.
Problem-solving ranks high on any employer’s list of must-have cybersecurity skills. At its root, cybersecurity is about identifying security issues and finding ways to solve or defend against them. Understanding how to effectively approach a problem and work toward discovering its solution will make you well-prepared for a career as a cybersecurity professional.
Whether you want to work on creating strong defenses to protect sensitive data, or you’re interested in digital forensics and post-hack work, there are a number of career paths available in the fast-growing cybersecurity field. As you start your journey into the profession, consider what educational path might work best for you; a cybersecurity boot camp can be an excellent way to build up your skill set, as they often take less time than a degree program and are hyper-focused on necessary skills. Only you can decide how you want to build the skills you’ll need to thrive in the cybersecurity sector!