With the fall semester wrapping up here in North America and the recruiting season nearly behind us, I find myself reflecting on the single most common question students ask when we meet at campus career fairs, cybersecurity conferences and competitions: What skills are most wanted in cybersecurity?

Hands Down, It’s Hands-On

According to a recent ISACA report, 55 percent of security hiring managers ranked practical, hands-on experience as the most important qualification for a cybersecurity candidate. Why do hands-on cybersecurity skills trump book learning in terms of importance? Quite simply, the industry needs candidates who can hit the ground running from day one. While on-the-job training is a critical element of success in cybersecurity, we cannot afford for new hires to take months or even weeks to begin contributing to the team.

Looking for ways that students can obtain demonstrable hands-on skills such as penetration testing and security incident analysis and reporting? Encourage them to join cybersecurity clubs, take advantage of internship opportunities, participate in competitions such as CyberPatriot, the National Collegiate Cyber Defense Competition (NCCDC) and the Collegiate Penetration Testing Competition (CPTC), and attend industry conferences. When cybersecurity clubs don’t exist, encourage students to start one!

Students should also be encouraged to learn outside of the classroom. Read industry publications, listen to security podcasts and take advantage of online learning modules through sites such as Hacker Highschool. The most successful cybersecurity professionals regularly dedicate time to continuous learning, so encourage students to develop these habits early.

Continuous Learning Is Key to Success

It is no secret that we have a problematic talent shortage in the cybersecurity profession, with an estimated 1.8 million open and unfilled positions expected by 2022, according to Frost & Sullivan.

In response to this talent gap, you may have noticed that we at IBM have been talking about new collar skills over the past year. New collar jobs refer to positions that can be filled by people who do not necessarily have traditional university degrees, but who do have the skills and aptitude needed to execute certain roles. Of course, specific skill requirements vary by job role. However, there are some general recommendations worth noting.

In our executive report, “It’s Not Where You Start, It’s How You Finish: Addressing the Cybersecurity Skills Gap With a New Collar Approach,” we laid out a number of desirable attributes and skills for a successful cybersecurity worker. The need for these attributes and skills applies not only to new collar workers, but also across the board, from entry-level security operations analysts to the C-suite. Having some or all of these skills can be a differentiating factor in the success and longevity of a cybersecurity career.

To get a clear picture, let’s take a look at this chart from our report:

Attributes: Think of these attributes as a set of personality traits and learned behaviors common to the most successful cybersecurity professionals.

Skills: Skills involve both technical and nontechnical workplace abilities that provide long-term career flexibility and a strong foundation for leadership positions.

Start Honing Your Cybersecurity Skills

Given my role as academic outreach leader for IBM Security, it will not surprise you that seeing “student” highlighted as one of the key cybersecurity professional attributes excites me most. I firmly believe that if we are not learning, we are not growing. Security professionals today are under continuous pressure to keep up with evolving technologies and the advanced threat landscape. Having that innate desire to constantly learn new things is critical to success in this industry.

Whether you are still in school, are an early professional, mid-career or near retirement, we encourage you to strive for continuous learning and growth. So, what are you waiting for? Take a leap and learn something new!

Read the complete IBM report: Addressing the Skills Gap with a New Collar Approach

More from CISO

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the Cybersecurity and Infrastructure Security Agency (CISA). These new requirements will change how CISOs handle cyber incidents for the foreseeable future. As a result, CISOs must…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…