The demand for cyber security skills around the world has gone through and shattered the roof. The Bureau of Labor Statistics (BLS) in the U.S. estimates a cyber security job growth around 31% through 2029, that’s just over seven times faster than the national average job growth of 4%. The totality of unfilled cyber security positions in the U.S. is shooting up (expected to grow by 350 percent!), from 1 million positions in 2013 to 3.5 million in 2021. A graphical metaphor of open cyber security positions in 2021 can fill 50 NFL stadiums despite the industry’s best efforts at reducing the skills gap. Going by the CNBC Tech Council’s estimation of U.S. technology job openings at 700,000 to 1 million over the past 12 to 24 months - open cyber security positions likely made up around 32-45 percent of all U.S. tech job openings.
Clearly, this is the moment for cyber security professionals and students to capitalize on the unbelievable levels of demand. Managed cybersecurity services providers, such as Olmec Systems in New Jersey, can be a great place for more relevant info on cyber security skills and training.
Here is a list of our top seven crucial technical skills in-demand in cyber security:
- Application Security Development - The hottest cyber security skill for 2021 is clearly application development security, with a projected growth rate of 164 percent over the next five years. This is a career path wherein professionals need the proficiency to design security tools for testing the security of applications or systems. Whether you work as a Software Developer, Cybersecurity Engineer, System Engineer, DevOps Engineer, or Network Architect - Application Development Security is likely to be required in each of those career paths. Application security refers to the process of improving the security of any application by finding, fixing, and preventing its vulnerabilities. Moreover, testing and validation is required during the software development lifecycle (SDLC) so vulnerabilities are fixed before application deployment.
- Security Incident Handling & Response - A cyber security incident response (IR) is a critical series of processes for an organization to respond to a cyber attack. This requires queuing up the right hardware and software tools as well as the right planning, procedures, training, and support. This career path will lead a professional to become an Incident Responder – the first responder in case the organization faces any security threats. These cyber security professionals typically use a mix of computer forensic tools to develop a cyber security incident response plan. An Incident Response Analyst typically needs to be certified, and works in a team whose goal is to coordinate and align the key resources to minimize damage and restore business continuity as quickly as possible. Incident response plans typically incorporate three important protection parts: a business impact analysis plan (BIA), a business continuity plan (BCP) and a disaster recovery plan (DRP). The focus is on recovery time objective (RTO) for recovering data – a critical process in the event of a breach or a disaster.
- Penetration testing / Red teaming - Cyber security is a continuously evolving process and the rising incidence of cyber-attacks and the enhanced techniques of attackers (including attacks based on advanced AI and ML) is pushing a spike in demand for professionals equipped with the skills of penetration testing. The concept behind a penetration test, or pen test, as it is referred to in technical circles, is to probe all possible vulnerabilities in any system or network to try and penetrate its defenses. The objective is to spot the vulnerabilities in the system or network defenses before the real malicious actors and hackers get wind of the loopholes. Pen testers are often required to work on highly confidential and time-sensitive projects, and need to build a reputation for being trustworthy and composed in high-pressure environments. Among other things, pen testers play a crucial role since they often work on highly sensitive and confidential projects, and they must maintain their professionalism by remaining reliable and staying calm under pressure.
- IAM -Identity & Access Management - Identity & Access Management forms the baseline of security in all IT environments and basically involves managing access by permitting those you want to let in and keeping everyone else out. Identity & Access Management describes the processes by which different sets of users are granted data permissions and under what circumstances. Identity & Access Management professionals have the responsibility to ensure that only authorized programs, users and devices are allowed to connect to one another in a network. Managing user identities is a continuous process as users typically come and go in any organization.
- Reverse engineering - Reverse engineering is a basic skill utilized in nearly all forms of cyber security and is a critical skill involved in defending networks. This skill path enables you to identify malware types, characteristics and behaviors. Reverse engineering can help professionals detect, analyze and mitigate malware from the network. Reverse engineering is a required skill in professions, such as, forensic investigators, incident responders, security engineers, and IT administrators.
- IDS/IPS Skills/Firewall Administration - A security practitioner working in IDS/IPS Skills/Firewall Administration must use a firewall to filter network traffic and stop unauthorized access (including hackers) to the network. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) come in handy for security experts engaged in crafting firewalls and s/he should know how they relate to the firewall.
- Digital Forensics – With security incidents becoming the norm of everyday business, the need for post-mortems of security incidents also increase. Post-mortems of digital crimes typically require deep investigations of a range of computing devices, including mobile devices, software, and storage databases and devices, and more. This is why it’s critical for digital forensic professionals to have in-depth knowledge of as many systems as possible. Professionals in digital forensics analyze digital evidence and investigate computer security incidents to get valuable information on system/network vulnerability and risk mitigation. They are typically on the front lines in the fight against cybercrime and uncover critical info on attackers and attack patterns that can be used to prevent threats in the future.
Apart from strong technical skills, cyber security professionals also need strong non-technical skills, such as:
- Leadership / hard working / problem solving
- Passionate about learning
- Communication skills
- Strategy design skills
- Toolkit maintenance skills
Post courtesy: Chris Forte, President and CEO at Olmec Systems, providers of IT support and cybersecurity services in New Jersey, New York City and the Atlanta metro area.
You may also be interested in the below articles:
- A Day in the Life of a Penetration Tester
- Soft Skills to Advance your Cyber Security Career
- The Basics of Cyber Security