With the fall semester wrapping up here in North America and the recruiting season nearly behind us, I find myself reflecting on the single most common question students ask when we meet at campus career fairs, cybersecurity conferences and competitions: What skills are most wanted in cybersecurity?

Hands Down, It’s Hands-On

According to a recent ISACA report, 55 percent of security hiring managers ranked practical, hands-on experience as the most important qualification for a cybersecurity candidate. Why do hands-on cybersecurity skills trump book learning in terms of importance? Quite simply, the industry needs candidates who can hit the ground running from day one. While on-the-job training is a critical element of success in cybersecurity, we cannot afford for new hires to take months or even weeks to begin contributing to the team.

Looking for ways that students can obtain demonstrable hands-on skills such as penetration testing and security incident analysis and reporting? Encourage them to join cybersecurity clubs, take advantage of internship opportunities, participate in competitions such as CyberPatriot, the National Collegiate Cyber Defense Competition (NCCDC) and the Collegiate Penetration Testing Competition (CPTC), and attend industry conferences. When cybersecurity clubs don’t exist, encourage students to start one!

Students should also be encouraged to learn outside of the classroom. Read industry publications, listen to security podcasts and take advantage of online learning modules through sites such as Hacker Highschool. The most successful cybersecurity professionals regularly dedicate time to continuous learning, so encourage students to develop these habits early.

Continuous Learning Is Key to Success

It is no secret that we have a problematic talent shortage in the cybersecurity profession, with an estimated 1.8 million open and unfilled positions expected by 2022, according to Frost & Sullivan.

In response to this talent gap, you may have noticed that we at IBM have been talking about new collar skills over the past year. New collar jobs refer to positions that can be filled by people who do not necessarily have traditional university degrees, but who do have the skills and aptitude needed to execute certain roles. Of course, specific skill requirements vary by job role. However, there are some general recommendations worth noting.

In our executive report, “It’s Not Where You Start, It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” we laid out a number of desirable attributes and skills for a successful cybersecurity worker. The need for these attributes and skills applies not only to new collar workers, but also across the board, from entry-level security operations analysts to the C-suite. Having some or all of these skills can be a differentiating factor in the success and longevity of a cybersecurity career.

To get a clear picture, let’s take a look at this chart from our report:

Attributes: Think of these attributes as a set of personality traits and learned behaviors common to the most successful cybersecurity professionals.

Skills: Skills involve both technical and nontechnical workplace abilities that provide long-term career flexibility and a strong foundation for leadership positions.

Start Honing Your Cybersecurity Skills

Given my role as academic outreach leader for IBM Security, it will not surprise you that seeing “student” highlighted as one of the key cybersecurity professional attributes excites me most. I firmly believe that if we are not learning, we are not growing. Security professionals today are under continuous pressure to keep up with evolving technologies and the advanced threat landscape. Having that innate desire to constantly learn new things is critical to success in this industry.

Whether you are still in school, are an early professional, mid-career or near retirement, we encourage you to strive for continuous learning and growth. So, what are you waiting for? Take a leap and learn something new!

Read the complete IBM report: Addressing the Skills Gap with a New Collar Approach

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read