Insights > Blog

Cipher Podcast: Top Cybersecurity Skills in Demand

Cybersecurity is an attractive career path. The demand for talented practitioners is strong. The work is interesting. How can someone join the field? Beyond credentials and certifications, there are some core soft skills and technical know-how that it takes to get into the industry and succeed. Cipher Director of Marketing Bill Bowman joined the guys to discuss what companies look for when hiring.

Read our blog post on the same topic to learn more. If you are interested in a position at Cipher, follow up on LinkedIn to see new postings.

Visit the podcast page for all episodes or listen on the platforms below. Subscribe and lookout for a future podcast diving deeper into the certifications and education recommended.

Podcast Episode Transcript

Pete: Welcome everyone, my name is Peter Hackett. I am the Global Program Director for Cipher. For today’s Podcast we are going to discuss the top cybersecurity technical skill sets that are currently in demand on the market. I am joined by my colleague Scott Croskey, the Global Chief Information Security Officer for Cipher. We are pleased to have with us Bill Bowman who is the Director of Marketing for North America. Bill joins us today from our headquarters in Miami.

Bill, how are you?

Bill: I am going great, Pete. Great to be here.

Pete: Cyber security careers are one of the hottest and most in-demand fields for IT professionals. As a cybersecurity service provider, we Cipher interacts with businesses of all shapes and sizes in providing access to our talent pool of cyber experts. Based on current demands and reviewing job position openings, it’s clear there is a list of skillsets that are in demand, more so than others. This is what we aim to talk about today.

I’m sure our listeners are aware of the statistics that have been used over the years. There is a shortage of cybersecurity professionals. Some predictions expected over 2 million jobs openings globally that require a cybersecurity expert that go unfilled. Even during today’s situation with the coronavirus pandemic, there is still a demand for some of the core cyber skillsets.

Bill, we have a blog post on our website that discusses this topic. Before we explore the technical skillsets, can you summarize some of the soft skillsets that are in demand for cyber professionals?

Bill: Sure thing. I get calls and emails all the time asking about how to get started in cybersecurity. Just this morning, someone called in asking if we are looking for any pentesters.

Soft skills are important in all sorts of jobs and cyber security is no different. For people starting out in Cybersecurity, these are important.

You’re Passionate About Learning: Security experts have to continually learn the latest trends, technologies, and security challenges within the business environment.

You’re Determined: Cyber security practitioners have to be persistent with an ever-changing threat landscape but also handle very difficult jobs to start. Persistence is key.

You’re Analytical, Inquisitive and Insightful: A skilled cyber security practitioner is analytical regarding an understanding how incidents occur, the attack surfaces prone to exploitation, and how to minimize cyber attacks.

And finally, You Can Think Hyper Critically: An analytical and insightful security practitioner anticipates how hackers will exploit the network and its applications. In a way, the cyber security expert thinks like a hacker and identifies the vulnerabilities ahead of time.

Pete: I’ve been in the cybersecurity field now for a number of years and totally agree with you. Now eventually, people want to get promoted and move up the ladder. What are a few areas that someone would need for a leadership role in Cybersecurity?

Bill: You’re Collaborative: Cyber security is a shared responsibility across the organization. Therefore, all-star cyber security practitioners are collaborative and work at all levels of the organization to instill a culture of cybersecurity.

You’re a Project Manager: As a cyber security leader, you will need to put together comprehensive security solutions to prevent, detect, and respond to cyber-attacks. Being organized is key here.

And finally, You’re a True Leader: Security experts show leadership through their credibility, responsiveness, and ethics. A security expert earns trust from senior management, peers, and subordinates with excellent communication skills and leading by example.

Pete: Thanks Bill. Scott, let’s focus now on the top skillsets in demand today. In our recent blog, Cipher identified the top 12 hard skillsets in demand for cyber experts. If you had to categorize these top 12 skillsets into 3 general categories, what would they be and why?

Scott: Good question Pete. I would align the three general categories to the NIST Cybersecurity Framework. I chose NIST because it is an internationally recognized framework that organizes an organization’s cyber strategy and assesses its maturity level. While there are 5 categories in the NIST Cybersecurity Framework, there are three that see the highest demand of talent. So, let’s talk about those three categories. The first category would be Prevention. These are the skillsets that operate technologies and implement policies that harden a network environment from attack. The second category would be Detection. These are the skillsets that operate technologies and implement policies that detect security risks to an organization. And finally, the third category of skillsets would be Response. These are the skillsets that respond to threats and cyberattacks.

Pete: Great, so let’s explore each of those in more depth. What are some of the top skillsets required for Prevention activities?

Scott: When we look at skillsets that enable an organization to mitigate risk and Prevent cyber-attacks, there are 7 of the 12 skillsets in high demand.

Audit & Compliance
Firewall & IPS Skills
Application Security Development
Advanced Malware Prevention Toolsets
Mobile Device Management
Data Management Protection
Identity and Access Management

Pete: So what does someone with Audit & Compliance need to know?

Scott: This is a security practitioner with a set of skills that is able to conduct a thorough review of the organization’s adherence to regulation guidelines, such as HIPAA, FISMA, SOX, PCI DSS, GDPR, ISO 27001 and 20000, and COBIT. Security audit and compliance knowledge is very important because any missed area of regulatory compliance could lead to significant fines and penalties for the organization.

Pete: What about a Firewall and IPS Expert?

Scott: This is a security practitioner that is able to leverage a firewall to filter network traffic and prevent unauthorized access onto the network. In addition, the security expert must have a knowledge of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) and know how they relate to the firewall.

Pete: And an Application Security Developer needs to know what?

Scott: This is a security practitioner with a set of skills that is able to improve the security of any application by finding, fixing, and preventing its vulnerabilities. In addition, the expert must test and validate during the software development lifecycle (SDLC) so that vulnerabilities are addressed before an application is deployed.

Pete: You also mentioned someone needing to know Advanced Malware Prevention skills. What is that encompass?

Scott: This is a security practitioner that can leverage advanced threat protection software to prevent, detect, and identify Advanced Persistent Threats (APTs) that might circumvent traditional security solutions like anti-virus, firewalls, and IPS/IDS.

Pete: Scott, what kind of technologies would someone in this area of expertise use?

Scott: There is a wide array of advanced malware software on the market today. Some of the leaders in this space include but not limited to: FireEye HX, Carbon Black, TrendMicro, Palo Alto, Cisco AMP, Endgame, Symantec, Microsoft and Cybereason. Of course, this is not a complete list. Each vendor has their strengths and drawbacks. Cipher has relationships with all of these vendors and frequently uses them as we deliver our managed security services, so we can provide specific guidance here on each vendor capabilities.

Pete: Alright, that covers 4 of the 7. What about the last three?

Scott: Mobile Device Management: This is a security practitioner that can work with the IT department to secure and deploy smartphones, tablets, and laptops as well as understand data loss prevention strategies. Again, there are lots of vendor technologies on the market that conduct MDM activities. But they all have the same core components.

Data Management Protection: This is a security practitioner that is able to handle, analyze, and securely store all types of data. There are typically two types of data storage techniques. Structured and unstructured. Structured data is data that is stored in an environment that is indexed and quickly queried. This is typically within databases. Then there is unstructured data and given the name, you can probably guess what it means. It’s data that isn’t easily queried. Think of data spread out across emails, word and excel documents, etc. This security practitioner should be versed on both structured and unstructured data sets.

Identity & Access Management: This is security practitioner that can understand the best practices for Identity and Access Management (IAM) and ensure that the security policy demonstrates an acceptable use for various roles and responsibilities within the organization. We’ve spoken in the past about IAM activities. This deals with how we identify users of systems and allow them access to different resources on systems.

Bill: So Scott, Prevention seems to be the majority of our top 12 skillsets. In fact, as Pete mentioned, it comprises 7 of the Top 12 Skillsets. Great! So then, what about Detection skillsets?

Scott: Well Bill, when we look at skillsets that enable an organization to detect cyber-attacks, we see 3 of the 12 skillsets in high demand fall into this category.

SIEM Management
Analytics & Intelligence
Intrusion Detection

SIEM Management

This is a security practitioner that is able to manage and analyze the security information and event management (SIEM) tools and services. You will need to be able to create automation with the SIEM and take the real-time analysis produced from alerts and translate that into incident response plans.

Pete: Scott, in my time at Cipher, it seems we have experts that can cover a large number of SIEM technologies. What are the main ones on the market today?

Scott: When it comes to SIEM technologies, there are a handful of strong vendors. They include LogRhythm, ArcSight, AlienVault, Q-Radar, Splunk and new to the field is ElasticSIEM. Of course, this is not a complete list. And again, as with endpoint protection tools, these vendor has their strengths and drawbacks. Cipher has relationships with all of these vendors and frequently uses them as we deliver our managed security services, so we can provide specific guidance here on each vendor capabilities.

Pete: And then the other two skillsets, what about those? Analytics & Intelligence, and Intrusion Detection.

Scott: Analytics & Intelligence: This is a security practitioner that can leverage analytics and intelligence gathering to identify and detect attacks as quickly as possible. Using analytics and intelligence allows these security practitioners to aggregate network and application data to prevent attacks from occurring in the future.

Intrusion Detection: This is a security practitioner that is able to operate various IDS and then identify any suspicious traffic on the network as well as any security policy violations.

Pete: So that leaves us 2 remaining skillets for Response activities. What are those Scott?

Scott: When we look at skillsets that enable an organization to respond cyber-attacks, we have two main ones:

Security Incident Handling & Response
Digital Forensics

Security Incident Handling & Response actually is the highest sought after skillset on the market today because of how critical it is to an organization. The quicker you can respond to an incident, the faster you can minimize damage and impact to your brand and reputation. This coupled with the fact that Incident Responders are few and far between to find, this is why this ranks #1.

Security practitioners of this skillets must be able to handle any imminent threat of current violation of an organization’s security policies or standard security practices. These security incidents could include malware, ransomware, phishing, Advanced Persistent Threats, Distributed Denial of Service (DDoS) attacks, and more.

And finally, we come to digital forensics. These are security practitioners that are able to understand and utilize forensic tools and investigative methods used to find data, anomalies, and malicious activity on the network, in files, or other areas of the business.

Pete: Thank you Scott for that excellent review of skillsets that are in demand today.

We know that most organizations can’t cover all of these areas. They may not have a budget for it, or they may have trouble finding the right talent to hire. This is where a third party service provider comes into play. Bill, can you highlight some of Cipher’s service capabilities and how they help deliver these much needed cyber skills?

Bill: We have talked about the skills a person looking to get into Cyber should try to build upon. From the perspective of a company, finding people with these skills is the challenge.

That is where outside providers play a role. You can start working with a team of people who has the skills and knowledge on-demand.

Cipher is a global cybersecurity company that delivers a wide range of services:

Managed Security Services
Managed Detection and Response
Cyber Intelligence Services
Red Team Services
Governance, Risk and Compliance
Cybersecurity Technology Integration

These services are supported by the Cipher Labs, an elite threat and cyber intelligence research and development lab, as well as through our six Security Operations Centers . These centers are staffed with individuals who specialize in one or more of these skillsets. The quality of service has led Cipher to win many awards and distinctions from industry leading research companies such as Gartner, Frost & Sullivan and Forrester.

In the vast majority of service agreements, each SOC is regionally focused and delivers services to customers in their particular region.

Our SOCs are Computer Emergency Response Team (CERT) certified and are capable of exchanging information regarding Information Security Incidents with other official CERTs. These arrangements are based on the regional requirements.

Pete: Thank you for your time today Bill and Scott, I hope this podcast was useful for our listeners. For any of our listeners who are interested in our services, please reach out to us via our marketing department, which can be reached at: [email protected]. Also, if you liked today’s podcast, please subscribe so that you can be automatically notified when we publish our next episode.

Did you enjoy this blog article? Comment below with your feedback.

0 Comments

Submit a Comment Cancel reply

GET EMAIL UPDATES

Information Security Maturity Self-Assessment Survey

Learn More

• Whitepapers
• E-books
• Checklists
• Self-Assessments
• Webcasts
• Infographics

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_86671402_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 3 months 14 days 7 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	No description
debug	never	No description available.
drift_aid	2 years	No description
drift_campaign_refresh	30 minutes	No description available.
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Insights > Blog

Cipher Podcast: Top Cybersecurity Skills in Demand

Podcast Episode Transcript

Did you enjoy this blog article? Comment below with your feedback.

0 Comments

Submit a Comment Cancel reply

GET EMAIL UPDATES

Information Security Maturity Self-Assessment Survey

Learn More

Social Media

LinkedIn

Powered by Juicer

View on LinkedIn

Social Media

Twitter

Twitter feed is not available at the moment.

Social Media

Facebook

Insights

Whitepaper

Dig into the details of cybersecurity and regulations by reading our exclusive white papers. Each paper is written by an expert at Cipher and full of insight and advice.

Learn more