Current and aspiring cybersecurity professionals named cloud security, data analysis and coding/programming as the top three most important skills to possess if you’re looking to join the cyber workforce today.
Those findings came from a new survey-based research report from the International Information System Security Certification Consortium, or (ISC)². For its “Cybersecurity Career Pursuers Study,” the non-profit organization polled 1,024 cybersecurity pros across the U.S. and Canada, along with 1,010 cybersecurity jobseekers looking to land their first position. Twenty-five percent of the former group and 19% of the latter group said cloud security was one of the two most important technical skills or concepts to learn.
The study further validates cloud security as an imperative industry focus moving forward as organizations continue migrating business processes to third-party online services as a means to reduce cost and transfer risk.
"While prior to early 2020, migration to cloud environments was growing at a rapid clip, the pandemic really accelerated the need for robust cloud security skills that focus on entire cloud ecosystems as opposed to a singular cloud technology," said Clar Rosso, CEO of (ISC)².
Rounding out the top-five responses, after data analysis and coding/programming, were encryption and assessment/management.
“It’s a very encouraging sign to see both professionals and jobseekers have the same instincts on which cyber tasks are most important, and it shows a high level of awareness and engagement from those attempting to get started in the profession," Rosso told SC Media.
It is worth noting, however, that when the same respondents were asked to score technical skills from one to five in terms of importance, cloud security and data analysis still ranked up top, but threat assessment, malware analysis and intrusion detection ended up scoring considerably higher than coding/programming, which fell much lower on the list.
Current and aspiring professionals also had the same top-four answers when asked to name the most important soft skills needed succeed in the industry: problem solving, analytic thinking, critical thinking, the ability to work in a team.
"For many, there may be a perception that cybersecurity is a wholly technical job, but when you’re dealing with dynamic and abstract concepts like information management and data flows, risk assessment and tolerance, along with rapidly changing threat vectors, analytical and critical thinking combined with strong problem-solving skills are essential to supporting the effective execution of technical security protocols," said Rosso.
In terms of how to best break into the cyber industry and gain a leg up, the research report listed IT and cyber certifications, previous job experience, professional networking and self-training/learning as among the most commonly cited or highest ranked choices among respondents. Additionally, the survey data indicates that 55% of cyber pros had transitioned from previous IT jobs, making IT it the most common pathway to landing a cyber position. (By comparison, 21% of cyber pros pivoted from a non-IT career, 13% got into the field after receiving a cyber education and 8% independently exploited cyber before getting recruited into the industry.)
(ISC)² also asked professionals open-ended questions including what tasks or challenges they faced in the first three years of their career which contributed to their personal growth.
According to the report, several common themes emerged, including professionals remembering being “thrown into the deep end” and trying to survive a high-pressure fast-paced environment. The report warned that many candidates, “especially those without previous IT experience – but who may offer more diverse perspectives to the team – may become frustrated, lose interest or move on.”
On the other hand, professionals said that being able shadow or confide in more experienced senior team members or mentors helped them overcome some of the pitfalls they experienced in the early stages of their careers.