December 19, 2017 By Heather Ricciuto 3 min read

With the fall semester wrapping up here in North America and the recruiting season nearly behind us, I find myself reflecting on the single most common question students ask when we meet at campus career fairs, cybersecurity conferences and competitions: What skills are most wanted in cybersecurity?

Hands Down, It’s Hands-On

According to a recent ISACA report, 55 percent of security hiring managers ranked practical, hands-on experience as the most important qualification for a cybersecurity candidate. Why do hands-on cybersecurity skills trump book learning in terms of importance? Quite simply, the industry needs candidates who can hit the ground running from day one. While on-the-job training is a critical element of success in cybersecurity, we cannot afford for new hires to take months or even weeks to begin contributing to the team.

Looking for ways that students can obtain demonstrable hands-on skills such as penetration testing and security incident analysis and reporting? Encourage them to join cybersecurity clubs, take advantage of internship opportunities, participate in competitions such as CyberPatriot, the National Collegiate Cyber Defense Competition (NCCDC) and the Collegiate Penetration Testing Competition (CPTC), and attend industry conferences. When cybersecurity clubs don’t exist, encourage students to start one!

Students should also be encouraged to learn outside of the classroom. Read industry publications, listen to security podcasts and take advantage of online learning modules through sites such as Hacker Highschool. The most successful cybersecurity professionals regularly dedicate time to continuous learning, so encourage students to develop these habits early.

Continuous Learning Is Key to Success

It is no secret that we have a problematic talent shortage in the cybersecurity profession, with an estimated 1.8 million open and unfilled positions expected by 2022, according to Frost & Sullivan.

In response to this talent gap, you may have noticed that we at IBM have been talking about new collar skills over the past year. New collar jobs refer to positions that can be filled by people who do not necessarily have traditional university degrees, but who do have the skills and aptitude needed to execute certain roles. Of course, specific skill requirements vary by job role. However, there are some general recommendations worth noting.

In our executive report, “It’s Not Where You Start, It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” we laid out a number of desirable attributes and skills for a successful cybersecurity worker. The need for these attributes and skills applies not only to new collar workers, but also across the board, from entry-level security operations analysts to the C-suite. Having some or all of these skills can be a differentiating factor in the success and longevity of a cybersecurity career.

To get a clear picture, let’s take a look at this chart from our report:

Attributes: Think of these attributes as a set of personality traits and learned behaviors common to the most successful cybersecurity professionals.

Skills: Skills involve both technical and nontechnical workplace abilities that provide long-term career flexibility and a strong foundation for leadership positions.

Start Honing Your Cybersecurity Skills

Given my role as academic outreach leader for IBM Security, it will not surprise you that seeing “student” highlighted as one of the key cybersecurity professional attributes excites me most. I firmly believe that if we are not learning, we are not growing. Security professionals today are under continuous pressure to keep up with evolving technologies and the advanced threat landscape. Having that innate desire to constantly learn new things is critical to success in this industry.

Whether you are still in school, are an early professional, mid-career or near retirement, we encourage you to strive for continuous learning and growth. So, what are you waiting for? Take a leap and learn something new!

Read the complete IBM report: Addressing the Skills Gap with a New Collar Approach

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today