December 19, 2017 By Heather Ricciuto 3 min read

With the fall semester wrapping up here in North America and the recruiting season nearly behind us, I find myself reflecting on the single most common question students ask when we meet at campus career fairs, cybersecurity conferences and competitions: What skills are most wanted in cybersecurity?

Hands Down, It’s Hands-On

According to a recent ISACA report, 55 percent of security hiring managers ranked practical, hands-on experience as the most important qualification for a cybersecurity candidate. Why do hands-on cybersecurity skills trump book learning in terms of importance? Quite simply, the industry needs candidates who can hit the ground running from day one. While on-the-job training is a critical element of success in cybersecurity, we cannot afford for new hires to take months or even weeks to begin contributing to the team.

Looking for ways that students can obtain demonstrable hands-on skills such as penetration testing and security incident analysis and reporting? Encourage them to join cybersecurity clubs, take advantage of internship opportunities, participate in competitions such as CyberPatriot, the National Collegiate Cyber Defense Competition (NCCDC) and the Collegiate Penetration Testing Competition (CPTC), and attend industry conferences. When cybersecurity clubs don’t exist, encourage students to start one!

Students should also be encouraged to learn outside of the classroom. Read industry publications, listen to security podcasts and take advantage of online learning modules through sites such as Hacker Highschool. The most successful cybersecurity professionals regularly dedicate time to continuous learning, so encourage students to develop these habits early.

Continuous Learning Is Key to Success

It is no secret that we have a problematic talent shortage in the cybersecurity profession, with an estimated 1.8 million open and unfilled positions expected by 2022, according to Frost & Sullivan.

In response to this talent gap, you may have noticed that we at IBM have been talking about new collar skills over the past year. New collar jobs refer to positions that can be filled by people who do not necessarily have traditional university degrees, but who do have the skills and aptitude needed to execute certain roles. Of course, specific skill requirements vary by job role. However, there are some general recommendations worth noting.

In our executive report, “It’s Not Where You Start, It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” we laid out a number of desirable attributes and skills for a successful cybersecurity worker. The need for these attributes and skills applies not only to new collar workers, but also across the board, from entry-level security operations analysts to the C-suite. Having some or all of these skills can be a differentiating factor in the success and longevity of a cybersecurity career.

To get a clear picture, let’s take a look at this chart from our report:

Attributes: Think of these attributes as a set of personality traits and learned behaviors common to the most successful cybersecurity professionals.

Skills: Skills involve both technical and nontechnical workplace abilities that provide long-term career flexibility and a strong foundation for leadership positions.

Start Honing Your Cybersecurity Skills

Given my role as academic outreach leader for IBM Security, it will not surprise you that seeing “student” highlighted as one of the key cybersecurity professional attributes excites me most. I firmly believe that if we are not learning, we are not growing. Security professionals today are under continuous pressure to keep up with evolving technologies and the advanced threat landscape. Having that innate desire to constantly learn new things is critical to success in this industry.

Whether you are still in school, are an early professional, mid-career or near retirement, we encourage you to strive for continuous learning and growth. So, what are you waiting for? Take a leap and learn something new!

Read the complete IBM report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today