Most Sought-After (Pre-)Cybersecurity Skills
Brian Krebs writes that people considering careers in cybersecurity frequently reach out to him, asking which specialization or certification he would recommend, but rarely do they ask, "which practical skills they should seek to make themselves more appealing candidates for a future job." A recent SANS survey asked more than 500 people who work in cybersecurity which skills they consider most valuable in job candidates, and which are most often missing. (Read the comments for more insights.)
Perhaps surprisingly, some people already employed as cybersecurity analysts lack these same critical underlying skills. One of the larger federal cybersecurity contractors tested the beta version of a new course SANS developed for its undergraduate college students to ensure they have mastered the key foundational cybersecurity skills, hands-on, before diving into the challenging SANS courses required for their degree. The contractor's technical director called us last week and said he wanted to "start by having 100" of their existing cybersecurity employees take the foundations course and "the number will likely grow from there."
Hands-on experience with information systems, knowing how they operate, as well as system and service lifecycle are important skills in cybersecurity. And often people wishing to enter the field are unable to do so as they don't have needed experience. Internship programs are not only great ways to get this experience, but also provide a low-risk opportunity for an employer to discover and grow talent that can become a long-term employee.
We just completed a targeted survey on cybersecurity hiring needs and issues, separate from the one quoted in this piece. Among the results: (1) there is more of a skills gap than a headcount gap; and (2) the highest demand for entry level employees is for those who have experience using popular open source and commercial tools. One major finding: attrition rates in SOC teams are lower than IT industry average. Qualitative interviews gave anecdotal evidence that teams with more hands-on tool use and enhancement had the lowest attrition rates with managers saying it allowed staff to feel more creative and help fight alert burnout. Webinar on the results is on Wednesday - info at https://www.sans.org/webcasts/closing-critical-skills-gap-modern-effective-security-operations-centers-socs-survey-results-113485
Read more in
KrebsOnSecurity: Thinking of a Cybersecurity Career? Read This