The demand for dedicated cyber security talent is higher than ever before, and it's unlikely to decelerate any time soon. Many companies are feeling the pressure from an ever-growing threat landscape, and are compelled to seek out professionals who can help protect the organization from harm. According to a study conducted by the Center for Cyber Safety and Education and (ISC)², the workforce shortage in the cyber security industry is projected to hit 1.8 million by 2022. There's no better time for professionals in the cyber security field to hone and expand their skill set, becoming a valuable asset in the process.
When it comes to developing these skills, it helps to view them in the context of cyber security specialties. While job roles and day-to-day responsibilities often overlap, and professionals must adapt to new knowledge all the time, these specialties can still help an aspiring cyber security professional focus on a group of skills that are most appropriate for them.
The following are in-demand cyber security specialties and the skills you need to excel in each one:
As in any field, the cyber security professional needs a foundation on which to stand. These skills are the minimum baseline that employers look for and that all industry members, regardless of specialty, should possess.
As a frontline cyber security practitioner, you may not see the value in having competency in risk management, but risk is the driving force behind all security operations. In other words, you do some security task to, one way or another, respond to a risk that your company faces. When you can demonstrate that risk forms the underpinning of all your cyber security efforts, you communicate to employers that you truly understand your own worth to the business, and not as some isolated worker who lives in a vacuum.
The company network forms the backbone of its computing environments, and without adequate knowledge of basic networking principles, your security operations will rarely get off the ground. A skill set that includes both theoretical and practical knowledge of TCP/IP is a must-have according to employers.
It’s no secret that threats, vulnerabilities — and attackers themselves — are constantly evolving. No matter what a professional specializes in, they’ll need to be able to keep current with the latest trends in cyber security. Situational awareness ensures that prospective employees can understand their work in the context of time and inevitable changes, rather than remaining stuck in the past.
Whether it’s software or hardware, all cyber security pros will need to maintain a toolkit that they use every day. Keeping these tools updated and understanding their limitations are crucial skills. It’s also important for a security professional to quickly get up to speed on a company’s specialized tools.
The CompTIA Security+ certification is the industry standard for validating the essential cyber security skills described above. Those interested in learning more about this certification can find the latest exam requirements and information at https://certification.comptia.org/certifications/security.
The security analyst monitors the company’s network and computing environments for vulnerabilities and helps identify any active threats. They may also offer support to architects and testers when needed.
This skill focuses on researching and maintaining awareness of known threats, as well as identification of a threat’s characteristics. Where does a threat come from? What vectors does it take? What is it capable of doing? These questions and more are vital to the security analyst position.
It’s not enough for the company to seek out active threats. Organizations must also look inward and identify how exactly they are leaving themselves open to attack. A security analyst conducts vulnerability assessments to pinpoint where in the infrastructure security is at its weakest, and will likewise offer suggestions to fix those vulnerabilities.
Logs are undoubtedly a primary source of analysis for most assets. Analysts need to be able to separate the signal from the noise when collecting logs. They must avoid collecting too much or too little, as both can render the logs useless for analysis. Other than finely tuning your collection process, as an analyst, you also need to be able to manipulate the log data so that the most useful information about an event can quickly and easily be revealed.
Not all useful data comes from logs, however. Data can come from a variety of sources, like your customers or fellow employees. It can also come from certain situational indicators, like a phishing attempt that follows a certain pattern, suggesting a greater compromise than usual. An analyst who can do more than just review logs will be an asset to any company.
The incident responder handles everything from minor intrusions to large-scale disasters that affect the company. Their primary goal is to mitigate the event’s effects and restore operations to normal.
Communication is, of course, not a skill unique to incident responders. But a responder often has a responsibility beyond other security professionals to routinely inform different stakeholders about an incident in multiple ways. They’ll also need to be adept at communicating with other responders, keeping a level head in times of crisis.
For large-scale risks that become a reality, the incident responder will need to be able to ensure the continuity of business operations. This may mean shifting key systems to alternate sites or restoring data from backups quickly and effectively.
The incident responder may not be directly responsible for performing a forensic investigation, but they will likely need to anticipate the needs of the investigation. In many cases, the responder will need to identify and eliminate an issue, while at the same time ensuring that the integrity of digital evidence is preserved. They must understand the key ideas behind digital forensics and apply them to their recovery efforts whenever the situation demands it.
The Logical Operations CyberSec First Responder (CFR) certification is an industry-respected, DoD-approved certification for validating the security analyst and incident responder skills described above. Those interested in learning more about this certification can find the latest exam requirements and information at http://cfrcertified.com.
Penetration testers attempt to expose the weak points in a company so they can be remediated before attackers can exploit them. Pen testers use active testing methods to simulate real-world intrusions and other attacks. This provides the company with a valuable perspective that won’t come from passive analysis alone.
Depending on the type of test you’re tasked with carrying out, you’ll likely be responsible for gathering intelligence on your targets. Technical reconnaissance like port scanning and fingerprinting of systems is a part of the job, but you should also become skilled at mining data from public and open-source intelligence resources. The amount of actionable intelligence you can glean through something like a Google search — like information about key personnel to use in a social engineering simulation — can have a significant impact on the effectiveness of your pen tests.
Persistence, in this case, refers to the post-attack phase where an attacker will try to maintain some covert foothold within the company after the main attack phase has concluded. Advanced persistent threats (APTs) are often missed during incident response, and they can have devastating and long-lasting effects. It’s a valuable skill for a pen tester to try and persist within the network after conducting the main portion of their simulated attack.
Penetration testers hold a lot of power and responsibility in the company, especially since their goal is to accurately reproduce the attack process. Managers will set a scope to limit the potential damage a pen test can cause, and they expect their professionals to follow that scope. There may be times when you’ll have the ability to press forward, but the scope of the test will tell you not to. Showing restraint demonstrates to an employer that you care more about helping the company than exercising power over it.
The GIAC Penetration Tester (GPEN) certification is ideal for validating the penetration tester skills described above. Those interested in learning more about this certification can learn more at https://www.giac.org/certifications/pen-testing.
Security architects fulfill a preventative role in the company’s cyber security program. They develop and maintain the security controls that are put in place to stop an attack before it happens, or to slow an attack down and minimize its effects.
IAM is a huge component of the company’s security architecture, as it applies the concepts of authentication and authorization to systems, people, and other assets. A security architect must become familiar with access control methods and user account management principles. Above all, you must adhere to and apply the principle of least privilege to all of your IAM efforts. This will protect the company against unauthorized access, and likewise, prevent availability issues with authorized users who aren’t being given the level of access they need to do their jobs.
A significant portion of the architect’s job is to ensure that the network infrastructure is designed with security at the forefront. To accomplish this, you’ll need to develop your skills in networking topics like subnets, VLANs, and other segmentation and isolation tactics. Being able to construct rules for application-layer firewalls and intrusion detection systems (IDSs) are also skills that employers look for in a prospective security architect.
Beyond the network itself, the security architect must harden the security of hosts on the network. You’ll need to know how to develop baselines to use as a standard for configuring workstations, file servers, databases, web servers, and many other systems. You should also be familiar with patch and change management processes so that systems can undergo changes without sacrificing their hardened state.
The (ISC)² CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP) certification is excellent for validating the security architect skills outlined above. Those interested in learning more about this credential can find the latest info at https://www.isc2.org/Certifications/CISSP-Concentrations.
Secure software developers design applications and write code that adhere to best practices for security. They also ensure that any software developed in-house meets the company’s unique security standards as defined by policy.
Every software developer must be able to work within an SDLC, and security-focused developers are no exception. SDLCs provide a framework for a development project and guide the project from early design phases to eventual release. For the secure developer, knowing how to integrate security into each phase of an SDLC is a crucial skill to have, as it minimizes the risk a business takes on when it creates its own applications.
Testing software is a very involved and often complex process, but it is vital to ensuring the security of a finished product. Businesses will seek out developers who can conduct a variety of different test types, like input validation, stress testing, and user acceptance testing. Applying a suite of testing methods to a software product will ensure that it meets the security requirements set at the beginning of the SDLC. You should also gain experience using tools like fuzzers and app vulnerability scanners to round out your skill set.
Career opportunities in the cyber security industry will continue to expand for some time. Professionals need to get caught up with the latest tools, technologies, and techniques to stay marketable. As threats increase in volume and become more complex, the business world will call on those who can demonstrate an advanced cyber security skill set that enables them to protect these businesses.