The 16 most coveted cybersecurity skills of the future

Numerous studies across the globe show that the quantum, scale, and sophistication of cybersecurity threats have been on a vertical trajectory for the last few years. The threats have escalated further in the Covid era as the work from anywhere model proliferates globally across sectors. However, companies are still not equipped to detect and thwart these threats simply because they face a paucity of cybersecurity professionals. According to the (ISC)² Cybersecurity Workforce Study 2020, worldwide, the cybersecurity gap narrowed from four million worldwide in 2019 to 3.1 million in 2020. Although the gap is reducing, there continues to be a massive shortage of skilled security professionals.

Today, companies need a pre-emptive approach to factor in the skills they would soon require as a new landscape is evolving encompassing data, cloud, mobile, network, IoT, critical infrastructure and application security. The top security skills that will be in demand:

1. Data security – This entails the protection of data from illegal or unauthorized access and corruption across its entire lifecycle. The knowledge of tools and processes for tokenization, encryption and hashing to secure data generated from applications and platforms is vital.

2. Cloud security – It comprises a deep understanding of processes, controls, tools and policies for safeguarding cloud-based data, systems, and infrastructure across various clouds and vendors.

3. Security and IT risk management – A combination of technical skills with business acumen is necessary to help companies with analysis and risk assessments. The knowledge of the General Data Protection Regulation (GDPR) and other data privacy regimes is a must.

4. Security strategy and governance – With corporate security policy being at the center of building the company’s IT systems to help achieve its security goals. Skills such as managing security governance, assessing risks, and helping achieve compliance across cloud environments are imperative.

5. Development, security, and operations (DevSecOps) – This skill helps automate the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery.

6. Identity and access management – The practice can help companies protect the identities of employees, third-party contractors, privileged users, and consumers.

7. Threat hunting – This skill along with standard IT security controls and monitoring systems can help improve a company’s ability to detect and respond to threats proactively.

8. Security Orchestration Automation and Response (SOAR) – Companies are now building Security Operations Centers (SOCs) powered by artificial intelligence (AI), machine learning and SOAR skills to help security teams manage and respond to threats quickly through orchestration and automation.

9. Security Operations centers (SOC) analyst – The SOC analyst must effectively monitor network activity and detect pertinent threats and possess strong collaboration and communication skills.

10. Technical writer – It demands a deep understanding of the domain combined with strong communication and writing skills to help translate complex technical concepts into clearly understandable actions.

11. Security awareness trainer – These skills are required to train employees and customers on cybersecurity basics and recommended practices. As educators, they must translate complex and sometimes scary cyber information into actions that users can easily remember and implement.

12. Mobile security – Given the hybrid working models, skills for securing smartphones, tablets, and laptops from wireless computing threats are now sought-after.

13. Network security – The skills to detect and foil denial-of-service attacks and unauthorized access of resources would be in demand soon.

14. Internet of things (IoT) security – The explosion of IoT devices will lead to a requirement of skills for shielding interconnected devices on wireless networks. IoT security skills would involve open and collaborative innovation, systems thinking, and a Zero Trust security approach to design secure IoT ecosystems.

15. Critical infrastructure and application security – The new skill landscape will include critical infrastructure (highways, airports, power plants) and application security spanning monitoring and remediation of software and hardware security vulnerabilities.

16. Privacy and GDPR security – Cybersecurity skill requirements for companies operating globally are coming to the fore owing to data regimes such as the GDPR that seek to regulate the use of the personal data of customers by companies.

Besides the pre-emptive approach, companies must look at the inclusion of diverse backgrounds and skills. Bringing more women into the cybersecurity industry is a way they can address the growing demand-supply gap. The security industry needs people from all backgrounds, people with creative problem-solving and collaboration skills who can challenge traditional mindsets. Companies can also consider a new-collar approach that focuses on skills, experience, and aptitude rather than mere degrees. To achieve this, they need a robust support program for new hires comprising mentorship opportunities, rotational assignments, and shadowing of senior cybersecurity leaders within the organization.

To conclude, security skills are vital to strengthening the security posture of companies and protecting their customers and business amid an ever-evolving threat landscape. Companies need to re-examine their workforce strategies, develop a local cybersecurity ecosystem, and chart a course for building and accessing future skills. After all, cyberattacks are the biggest threats to every company in the world.

END OF ARTICLE

Source link

Tagged with: coveted • cybersecurity • future • Prashant Bhatkal blog • skills • Tech blog • Voices blog