Cipher Podcast: Top Cybersecurity Skills in Demand
Cybersecurity is an attractive career path. The demand for talented practitioners is strong. The work is interesting. How can someone join the field? Beyond credentials and certifications, there are some core soft skills and technical know-how that it takes to get into the industry and succeed. Cipher Director of Marketing Bill Bowman joined the guys to discuss what companies look for when hiring.
Visit the podcast page for all episodes or listen on the platforms below. Subscribe and lookout for a future podcast diving deeper into the certifications and education recommended.
Podcast Episode Transcript
Pete: Welcome everyone, my name is Peter Hackett. I am the Global Program Director for Cipher. For today’s Podcast we are going to discuss the top cybersecurity technical skill sets that are currently in demand on the market. I am joined by my colleague Scott Croskey, the Global Chief Information Security Officer for Cipher. We are pleased to have with us Bill Bowman who is the Director of Marketing for North America. Bill joins us today from our headquarters in Miami.
Bill, how are you?
Bill: I am going great, Pete. Great to be here.
Pete: Cyber security careers are one of the hottest and most in-demand fields for IT professionals. As a cybersecurity service provider, we Cipher interacts with businesses of all shapes and sizes in providing access to our talent pool of cyber experts. Based on current demands and reviewing job position openings, it’s clear there is a list of skillsets that are in demand, more so than others. This is what we aim to talk about today.
I’m sure our listeners are aware of the statistics that have been used over the years. There is a shortage of cybersecurity professionals. Some predictions expected over 2 million jobs openings globally that require a cybersecurity expert that go unfilled. Even during today’s situation with the coronavirus pandemic, there is still a demand for some of the core cyber skillsets.
Bill, we have a blog post on our website that discusses this topic. Before we explore the technical skillsets, can you summarize some of the soft skillsets that are in demand for cyber professionals?
Bill: Sure thing. I get calls and emails all the time asking about how to get started in cybersecurity. Just this morning, someone called in asking if we are looking for any pentesters.
Soft skills are important in all sorts of jobs and cyber security is no different. For people starting out in Cybersecurity, these are important.
You’re Passionate About Learning: Security experts have to continually learn the latest trends, technologies, and security challenges within the business environment.
You’re Determined: Cyber security practitioners have to be persistent with an ever-changing threat landscape but also handle very difficult jobs to start. Persistence is key.
You’re Analytical, Inquisitive and Insightful: A skilled cyber security practitioner is analytical regarding an understanding how incidents occur, the attack surfaces prone to exploitation, and how to minimize cyber attacks.
And finally, You Can Think Hyper Critically: An analytical and insightful security practitioner anticipates how hackers will exploit the network and its applications. In a way, the cyber security expert thinks like a hacker and identifies the vulnerabilities ahead of time.
Pete: I’ve been in the cybersecurity field now for a number of years and totally agree with you. Now eventually, people want to get promoted and move up the ladder. What are a few areas that someone would need for a leadership role in Cybersecurity?
Bill: You’re Collaborative: Cyber security is a shared responsibility across the organization. Therefore, all-star cyber security practitioners are collaborative and work at all levels of the organization to instill a culture of cybersecurity.
You’re a Project Manager: As a cyber security leader, you will need to put together comprehensive security solutions to prevent, detect, and respond to cyber-attacks. Being organized is key here.
And finally, You’re a True Leader: Security experts show leadership through their credibility, responsiveness, and ethics. A security expert earns trust from senior management, peers, and subordinates with excellent communication skills and leading by example.
Pete: Thanks Bill. Scott, let’s focus now on the top skillsets in demand today. In our recent blog, Cipher identified the top 12 hard skillsets in demand for cyber experts. If you had to categorize these top 12 skillsets into 3 general categories, what would they be and why?
Scott: Good question Pete. I would align the three general categories to the NIST Cybersecurity Framework. I chose NIST because it is an internationally recognized framework that organizes an organization’s cyber strategy and assesses its maturity level. While there are 5 categories in the NIST Cybersecurity Framework, there are three that see the highest demand of talent. So, let’s talk about those three categories. The first category would be Prevention. These are the skillsets that operate technologies and implement policies that harden a network environment from attack. The second category would be Detection. These are the skillsets that operate technologies and implement policies that detect security risks to an organization. And finally, the third category of skillsets would be Response. These are the skillsets that respond to threats and cyberattacks.
Pete: Great, so let’s explore each of those in more depth. What are some of the top skillsets required for Prevention activities?
Scott: When we look at skillsets that enable an organization to mitigate risk and Prevent cyber-attacks, there are 7 of the 12 skillsets in high demand.
- Audit & Compliance
- Firewall & IPS Skills
- Application Security Development
- Advanced Malware Prevention Toolsets
- Mobile Device Management
- Data Management Protection
- Identity and Access Management
Pete: So what does someone with Audit & Compliance need to know?
Scott: This is a security practitioner with a set of skills that is able to conduct a thorough review of the organization’s adherence to regulation guidelines, such as HIPAA, FISMA, SOX, PCI DSS, GDPR, ISO 27001 and 20000, and COBIT. Security audit and compliance knowledge is very important because any missed area of regulatory compliance could lead to significant fines and penalties for the organization.
Pete: What about a Firewall and IPS Expert?
Scott: This is a security practitioner that is able to leverage a firewall to filter network traffic and prevent unauthorized access onto the network. In addition, the security expert must have a knowledge of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) and know how they relate to the firewall.
Pete: And an Application Security Developer needs to know what?
Scott: This is a security practitioner with a set of skills that is able to improve the security of any application by finding, fixing, and preventing its vulnerabilities. In addition, the expert must test and validate during the software development lifecycle (SDLC) so that vulnerabilities are addressed before an application is deployed.
Pete: You also mentioned someone needing to know Advanced Malware Prevention skills. What is that encompass?
Scott: This is a security practitioner that can leverage advanced threat protection software to prevent, detect, and identify Advanced Persistent Threats (APTs) that might circumvent traditional security solutions like anti-virus, firewalls, and IPS/IDS.
Pete: Scott, what kind of technologies would someone in this area of expertise use?
Scott: There is a wide array of advanced malware software on the market today. Some of the leaders in this space include but not limited to: FireEye HX, Carbon Black, TrendMicro, Palo Alto, Cisco AMP, Endgame, Symantec, Microsoft and Cybereason. Of course, this is not a complete list. Each vendor has their strengths and drawbacks. Cipher has relationships with all of these vendors and frequently uses them as we deliver our managed security services, so we can provide specific guidance here on each vendor capabilities.
Pete: Alright, that covers 4 of the 7. What about the last three?
Scott: Mobile Device Management: This is a security practitioner that can work with the IT department to secure and deploy smartphones, tablets, and laptops as well as understand data loss prevention strategies. Again, there are lots of vendor technologies on the market that conduct MDM activities. But they all have the same core components.
Data Management Protection: This is a security practitioner that is able to handle, analyze, and securely store all types of data. There are typically two types of data storage techniques. Structured and unstructured. Structured data is data that is stored in an environment that is indexed and quickly queried. This is typically within databases. Then there is unstructured data and given the name, you can probably guess what it means. It’s data that isn’t easily queried. Think of data spread out across emails, word and excel documents, etc. This security practitioner should be versed on both structured and unstructured data sets.
Identity & Access Management: This is security practitioner that can understand the best practices for Identity and Access Management (IAM) and ensure that the security policy demonstrates an acceptable use for various roles and responsibilities within the organization. We’ve spoken in the past about IAM activities. This deals with how we identify users of systems and allow them access to different resources on systems.
Bill: So Scott, Prevention seems to be the majority of our top 12 skillsets. In fact, as Pete mentioned, it comprises 7 of the Top 12 Skillsets. Great! So then, what about Detection skillsets?
Scott: Well Bill, when we look at skillsets that enable an organization to detect cyber-attacks, we see 3 of the 12 skillsets in high demand fall into this category.
- SIEM Management
- Analytics & Intelligence
- Intrusion Detection
- This is a security practitioner that is able to manage and analyze the security information and event management (SIEM) tools and services. You will need to be able to create automation with the SIEM and take the real-time analysis produced from alerts and translate that into incident response plans.
Pete: Scott, in my time at Cipher, it seems we have experts that can cover a large number of SIEM technologies. What are the main ones on the market today?
Scott: When it comes to SIEM technologies, there are a handful of strong vendors. They include LogRhythm, ArcSight, AlienVault, Q-Radar, Splunk and new to the field is ElasticSIEM. Of course, this is not a complete list. And again, as with endpoint protection tools, these vendor has their strengths and drawbacks. Cipher has relationships with all of these vendors and frequently uses them as we deliver our managed security services, so we can provide specific guidance here on each vendor capabilities.
Pete: And then the other two skillsets, what about those? Analytics & Intelligence, and Intrusion Detection.
Scott: Analytics & Intelligence: This is a security practitioner that can leverage analytics and intelligence gathering to identify and detect attacks as quickly as possible. Using analytics and intelligence allows these security practitioners to aggregate network and application data to prevent attacks from occurring in the future.
Intrusion Detection: This is a security practitioner that is able to operate various IDS and then identify any suspicious traffic on the network as well as any security policy violations.
Pete: So that leaves us 2 remaining skillets for Response activities. What are those Scott?
Scott: When we look at skillsets that enable an organization to respond cyber-attacks, we have two main ones:
- Security Incident Handling & Response
- Digital Forensics
Security Incident Handling & Response actually is the highest sought after skillset on the market today because of how critical it is to an organization. The quicker you can respond to an incident, the faster you can minimize damage and impact to your brand and reputation. This coupled with the fact that Incident Responders are few and far between to find, this is why this ranks #1.
Security practitioners of this skillets must be able to handle any imminent threat of current violation of an organization’s security policies or standard security practices. These security incidents could include malware, ransomware, phishing, Advanced Persistent Threats, Distributed Denial of Service (DDoS) attacks, and more.
And finally, we come to digital forensics. These are security practitioners that are able to understand and utilize forensic tools and investigative methods used to find data, anomalies, and malicious activity on the network, in files, or other areas of the business.
Pete: Thank you Scott for that excellent review of skillsets that are in demand today.
We know that most organizations can’t cover all of these areas. They may not have a budget for it, or they may have trouble finding the right talent to hire. This is where a third party service provider comes into play. Bill, can you highlight some of Cipher’s service capabilities and how they help deliver these much needed cyber skills?
Bill: We have talked about the skills a person looking to get into Cyber should try to build upon. From the perspective of a company, finding people with these skills is the challenge.
That is where outside providers play a role. You can start working with a team of people who has the skills and knowledge on-demand.
Cipher is a global cybersecurity company that delivers a wide range of services:
- Managed Security Services
- Managed Detection and Response
- Cyber Intelligence Services
- Red Team Services
- Governance, Risk and Compliance
- Cybersecurity Technology Integration
These services are supported by the Cipher Labs, an elite threat and cyber intelligence research and development lab, as well as through our six Security Operations Centers . These centers are staffed with individuals who specialize in one or more of these skillsets. The quality of service has led Cipher to win many awards and distinctions from industry leading research companies such as Gartner, Frost & Sullivan and Forrester.
In the vast majority of service agreements, each SOC is regionally focused and delivers services to customers in their particular region.
Our SOCs are Computer Emergency Response Team (CERT) certified and are capable of exchanging information regarding Information Security Incidents with other official CERTs. These arrangements are based on the regional requirements.
Pete: Thank you for your time today Bill and Scott, I hope this podcast was useful for our listeners. For any of our listeners who are interested in our services, please reach out to us via our marketing department, which can be reached at: [email protected]. Also, if you liked today’s podcast, please subscribe so that you can be automatically notified when we publish our next episode.