When cybersecurity isn't all cyber: What does it really take to work in cybersecurity?

When cybersecurity isn’t all cyber: What does it really take to work in cybersecurity?

With the multitude of breaches and outbreaks already witnessed in 2017, it’s become clear that industries across all verticals are challenged by cybersecurity. This is a serious business problem that needs to be addressed ASAP. As much talk as there is about organizations getting hacked, scores of customers getting affected, and companies struggling to get back on their feet after a breach, so is there about a global skills shortage in cybersecurity.

But is the cybersecurity skills gap real, or is it just a myth? Multitudes of organizations, including those within the industry, seem to think so. Others don’t share this line of thought. Regardless of where you stand, what we can all agree on is that businesses of all sizes know that they have cybersecurity issues, and they need help addressing them.

It’s no surprise that some firms have turned to universities to bridge this gap. After all, they’re responsible for teaching and training professionals of the future. However, questions have been raised when we merely put the burden on schools. Can universities deliver and maintain a high level of training? Do they have the resources they need to provide a high level of cybersecurity training? Are companies willing to wait that long before their issues can be resolved?

Some companies, on the other hand, are turning to automation as a means to close the skills shortage. This means using artificial intelligence (AI), machine learning, and other automation tools and technologies rather than relying on manual processes. A logical alternative, if not a bit pricey, but let’s be honest: automation isn’t the panacea that one would hope for in cybersecurity. People are still the most critical part of a business’s security process.

When it comes to people, organizations likely have an idea about what they’re looking for in a cybersecurity candidate: Coding, networking, analysis, and management skills are indispensable. Ideally, the more hard skills boxes are ticked, the better. Yet let’s not forget that as valuable as these skills are, so too are soft skills—and other hard skills, actually—that don’t necessarily require technical and cyber know-how. With that in mind, here are the most important skills a potential cybersecurity candidate (and business looking to hire) should focus on:

Read: How to create an intentional culture of security

‘Know thyself’

Those looking into getting a career in security must have at least three of these soft skills to succeed:

  • Communication. The ability to impart information tailored in a way that is understood by the audience; and in working in security, you’ll find that you’ll be dealing with many different kinds of audiences, from highly technical analysts to customers bordering on luddite.
  • Critical thinking. The ability to make an objective evaluation of an issue to form a judgment. This goes hand-in-hand with perceptiveness and the ability to solve problems. Being able to look at a problem with a critical eye and handle it with calm and levelheadedness are attributes worth hiring for.
  • Collaboration. The essence of teamwork. Whether one engages with members of the team in-house, across departments, or across continents, it’s vital to have interpersonal sensitivity to know, at the moment, when to be a leader and when to be a listener.
  • Self-awareness. Knowing your tasks and how to do them is one thing, but being aware when one has succeeded or made a mistake is another. Accepting responsibility for errors demonstrates a healthy dose of humility and a willingness to learn from it. Self-awareness also means knowing when to ask for help.
  • Open-minded. Often, problems don’t have just one solution. Being receptive to new ideas and approaches to problem-solving, and taking advantage of diverse opinions (to name a few) are hallmarks of leadership. Open-mindedness goes hand-in-hand with creativity, innovation, and yes, even patience.
  • Flexible. There’s no denying that the tech and cybersecurity industries grow at a fast pace. As such, one must have the willingness to accept challenging tasks and be ready to be trained for new hard skills.

Other cybersecurity jobs

The field of cybersecurity is vast and continually growing—new roles are often created within businesses depending on their needs.

Earlier, we mentioned other hard skills that, should you have them, you can leverage if you decide to make a career in cybersecurity. In the paper, It’s not where you start—it’s how you finish, the IBM Institute for Business Value has encouraged businesses to follow “the new collar” approach, wherein skills are the focus and not degrees earned. They advocate this to attract candidates from diverse, nontechnical backgrounds. They have also identified alternative cybersecurity-related roles, listed below, that organizations can consider opening positions for.

  • Technical writer. The ability to research, write, and publish different types of information in various formats (e.g., manuals, online help, FAQ pages, Knowledge Base, white papers) isn’t something anyone can just do. One has to understand what they’re writing about and do it in a clear and concise manner. If tech writers aren’t writing, they often proofread and edit works of technical professionals.
  • Trainer. With the number of SMBs worldwide that wants to get serious about cybersecurity, Security Awareness Trainers can help get them started. Their contribution could create and foster a stronger and more effective security culture in the workplace.
  • Tester. For companies looking to expand and develop security hardware and software products, hiring testers to ensure they’re functioning as designed (even during misuse) pre-release can save a lot of headaches later. Some testers are also there to make sure that devices and systems are compliant with regulations and policies.
  • Helpdesk/Support engineer. Providing available phone, email, or chat support for clients when they experience a security incident, such as being locked out of their computer due to ransomware, is highly valuable to both the company and client, especially when they are able to address the concern.

Do you have what it takes?

Cybersecurity isn’t all cyber, as one would typically expect it to be. Realize that as more and more businesses gather, store, and use important data; are required to adhere to new policies; and want to take advantage of emerging technologies, such as the Internet of Things (IoT) and cloud computing, expect that more security-related jobs like the above will be available. Realize, too, that the right skills and aptitude can help usher you to a new career in cybersecurity.

Good luck! And for those who finally made it: Welcome!


Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.