Amid growing concern about the vulnerability of computer systems to attacks, the demand for talented cybersecurity professionals has never been stronger. CareerBuilder.com lists more than 20,000 information security jobs across the country, with more than 150 in Minneapolis.
In fact, our clients are telling us that in many cases they have more jobs than they can fill, in part because so many candidates lack the necessary skills to navigate successfully in a business environment.
In many cases, the problem isn't a lack of technical skills but an ability to fully understand and explain the nature of various threats and to take the appropriate steps to mitigate the risks to the organization.
Here are the top five skills that hiring managers, consulting firms and cybersecurity agencies are seeking:
Communication
You have the ability to diagnose complex cyberissues. But can you translate those nuanced technical discussions into clear and precise business needs?
When C-Suite executives and board members receive a presentation laden with technical jargon, the urgency of the message is often lost. The ability to take a cyberissue within the business and translate that back into how it might negatively affect the business' reputation, customers, vendors and stakeholders is critically important.
Risk management
Do you understand the makeup of different attacks and the length of time it will take to mitigate the risks in a cyberattack? Do you have a fundamental understanding of how the business operates so that when a cyberincident happens, you can organize a systematic plan of attack to minimize its scale? Risk management is essentially a prioritization of how a cyber team will shore up a business' cyberarchitecture during a breach or after a breach.
There is no way to eliminate all cyberrisks and every cyberattack is different, so there is no one-size-fits-all approach. A good analyst/manager will assess the situation, recognize and neutralize the immediate vulnerabilities while keeping an eye on smaller issues.
Technical understanding
As attacks are deployed using a number of different technologies, a good cybersecurity analyst/manager will need to be well versed in many technologies. If you are a mobile expert and the attack on your company comes through the mainframe, and you know nothing about mainframes, you won't be able to devise a strong strategy to fix the problem.
But by having an understanding of multiple technologies, including coding, systems architecture, mainframes, mobile, etc., you'll be in a great position to provide real value in the event of a cyberattack.
Consensus building
Not everybody outside of IT will fully understand the importance of cybersecurity; however, their opinion will weigh in on IT's budget, size of staff and available resources. As you will be interacting to these positions, it's paramount that you comprehend their positions and challenges within your organization. This way you can engage in productive conversation with everybody from finance to marketing on how cyberissues will affect their business unit.
Program management
Cybersecurity isn't a project with an end date. It is a living organism that is constantly evolving and needs to be redeveloped and reinforced over time.
With this ever-changing landscape, cyberprofessionals need to be vigilant and drivers of constant change and updated information to their organization. Cyberprofessionals need to learn new techniques, stay up-to-date on all reported cyberattacks and adjust accordingly to make sure your program is forward-thinking and not behind the times.
