ISC-Squared On Most Sought-After Cybersecurity Skills
Though technology remains important to establishing and maintaining cybersecurity, organizational and project management/execution skills are looming large among the most desirable characteristics for cybersecurity professionals.
Plucked straight from the pages of a recent CompTIA SmartBrief (10/29/2015), a recent survey from (ISC)2 (the parent organization behind the always-popular CISSP and other cybersecurity certifications) reveals that an ability to set up, implement, and maintain company- or organization-wide security programs is emerging as a key set of skills, which today is in both short supply and high demand.
Here’s the abbreviated list that emerged from this survey, as reported on the CompTIA web site in an IT Career News blog post entitled “What Are the Most Sought After Security Skills?”:
- be able to set up a successful security program
- be able to implement programs company-wide
- be able to get the program set up and to manage it on a continual basis
- be able to audit the system to ensuring that it works
- be able to try and penetrate the system
- be able to respond to an attack immediately
Astute readers will recognize that this laundry list steps outside and beyond the mere acquisition of technical skills and knowledge, well into the professional management/project management realm, with a certain degree of organizational savvy and competence thrown in for good measure. Qualifiers like “successful,” “company-wide,” and “manage … on a continual basis” speak strongly to the need to be able to navigate within an organization, to understand its politics and ways of getting things done, as well as an understanding of information security tools, techniques, and technologies such as security audits, penetration testing, and incident response. In other words, high demand skills are as much about people and process management, and getting things done, as they are about the nuts-and-bolts issues inherent to information security.
By no coincidence whatsoever, these kinds of things are high among the list of topics that one must learn and master to earn the CISSP (Certified Information Systems Security Professional) credential from the selfsame reporting organization. Other potentially useful credentials to help prepare IT pros include some credentials from ISACA as well, including the CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CGEIT (Certified in the Governance of Enterprise IT), and CRISC (Certified in Risk and Information Systems Control).
Given the emphasis on people and project management, it also seems like the Project Management Institute’s Project Management Professional (PMP) cert would also score high in the area of learning more about such things and developing an important set of soft skills to augment the hard ones. While you’re at it, this appears to be the very kind of thing those who pursue a Master’s in Business Administration (MBA) might also be inclined to care about, so it’s probably worth pondering as well.
This comprises a pretty formidable list of possible certification and/or education attainments, one that will be years (probably three or four) in the making. But the good news is, with ongoing double-digit growth in opportunities for such jobs (the survey predicts growth around 40 percent in positions like this available by 2020), even if it takes a while to get there, you should still be able to capitalize quite nicely on the time, effort and expense involved by the time you get to the end of this personal and professional development path.