With the fall semester wrapping up here in North America and the recruiting season nearly behind us, I find myself reflecting on the single most common question students ask when we meet at campus career fairs, cybersecurity conferences and competitions: What skills are most wanted in cybersecurity?
Hands Down, It’s Hands-On
According to a recent ISACA report, 55 percent of security hiring managers ranked practical, hands-on experience as the most important qualification for a cybersecurity candidate. Why do hands-on cybersecurity skills trump book learning in terms of importance? Quite simply, the industry needs candidates who can hit the ground running from day one. While on-the-job training is a critical element of success in cybersecurity, we cannot afford for new hires to take months or even weeks to begin contributing to the team.
Looking for ways that students can obtain demonstrable hands-on skills such as penetration testing and security incident analysis and reporting? Encourage them to join cybersecurity clubs, take advantage of internship opportunities, participate in competitions such as CyberPatriot, the National Collegiate Cyber Defense Competition (NCCDC) and the Collegiate Penetration Testing Competition (CPTC), and attend industry conferences. When cybersecurity clubs don’t exist, encourage students to start one!
Students should also be encouraged to learn outside of the classroom. Read industry publications, listen to security podcasts and take advantage of online learning modules through sites such as Hacker Highschool. The most successful cybersecurity professionals regularly dedicate time to continuous learning, so encourage students to develop these habits early.
Continuous Learning Is Key to Success
It is no secret that we have a problematic talent shortage in the cybersecurity profession, with an estimated 1.8 million open and unfilled positions expected by 2022, according to Frost & Sullivan.
In response to this talent gap, you may have noticed that we at IBM have been talking about new collar skills over the past year. New collar jobs refer to positions that can be filled by people who do not necessarily have traditional university degrees, but who do have the skills and aptitude needed to execute certain roles. Of course, specific skill requirements vary by job role. However, there are some general recommendations worth noting.
In our executive report, “It’s Not Where You Start, It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” we laid out a number of desirable attributes and skills for a successful cybersecurity worker. The need for these attributes and skills applies not only to new collar workers, but also across the board, from entry-level security operations analysts to the C-suite. Having some or all of these skills can be a differentiating factor in the success and longevity of a cybersecurity career.
To get a clear picture, let’s take a look at this chart from our report:
Attributes: Think of these attributes as a set of personality traits and learned behaviors common to the most successful cybersecurity professionals.
Skills: Skills involve both technical and nontechnical workplace abilities that provide long-term career flexibility and a strong foundation for leadership positions.
Start Honing Your Cybersecurity Skills
Given my role as academic outreach leader for IBM Security, it will not surprise you that seeing “student” highlighted as one of the key cybersecurity professional attributes excites me most. I firmly believe that if we are not learning, we are not growing. Security professionals today are under continuous pressure to keep up with evolving technologies and the advanced threat landscape. Having that innate desire to constantly learn new things is critical to success in this industry.
Whether you are still in school, are an early professional, mid-career or near retirement, we encourage you to strive for continuous learning and growth. So, what are you waiting for? Take a leap and learn something new!