Hot IT Skills: Security
To an IT professional, security is a no brainer. Lock your computer when you walk away, keep sensitive data password protected, make sure your password isn’t "password123", and don’t upload company information to personal cloud services. However, the average employee at a company probably isn’t thinking this way, which means security will play a big part in your next -- or current -- information technology job.
Now that technology sits in the grasp of nearly every employee in a corporation, it’s become a huge task to manage data and ensure employees aren’t unintentionally (or intentionally) putting the company at risk. Joshua Cannell from Malwarebytes Labs points out that companies are looking for employees who can predict and adapt to changes in security. “Companies need individuals who are capable of creating solutions to tough security challenges we face today, as well as taking proactive measures for the threats of tomorrow.”
Importance of Security
Security is important at every level in a business, and the more security-savvy people a company can staff, the better protected they will be. Sarah Weinberger, CEP of Butterflyvista Corporation states, “What is not [always] understood is that hackers not only break into servers (the operating system), but break into the software running on them. Security matters at every level. All software, even that on a desktop is vulnerable. As such, having security credentials for a person in IT helps.”
Companies have come to realize that protecting data – whether its corporate or consumer – is increasingly important as technology invades every aspect of our lives. The bigger the company, the greater the need for security professionals. Which also means the more technology and employees at a company, the higher the risk for a security breach.
Lack of Talent
The need for security is quickly creating jobs as more companies face the reality of data breaches and security missteps. Big companies have made headlines, alerting consumers their data might have fallen into the hands of a hacker. Sometimes the security breach puts sensitive customer at risk or can cause a company to lose revenue as it scrambles to remedy any problems caused by hackers. The increase in demand for security pros has also resulted in a lack of talent in the market, and companies are eager to hire information technology pros who can help secure their businesses. For anyone with the right information technology skills, it's a great time to pursue a job in security.
“There is certainly an enormous demand for candidates with cyber security experience and expertise and very little supply. There is a massive labor shortage within this discipline," says Sherri Mitchell, co-founder of All About People and Hire Vision. Co-founder Charles Mitchell adds, “the demand for security skills related to an increasing number of businesses doing business on e-commerce platforms and using applications on mobile devices that need to be locked down.”
Most Common Skills
The most common security skills cited by those in the industry are incident management, response, and analysis. You will also want to be educated and skilled in proactive security and risk analytics, which will help you approach security in a comprehensive way. Rather than simply responding to attacks, you can evaluate the potential risk of attacks, and help protect data proactively.
Charles Mitchell notes the importance of security skills in protecting a business’ assets, “Skills in incident management, incident response, and security information and event management (SIEM) are also among the most sought after as companies see a significant increase in attacks that could cripple business, financial and consumer networks.”
On the job Training
If you already work in information technology, you can help elevate your career by getting training on the job to transition into cyber security. In fact, Caroline Wong, Security Initiative Director at Cigital suggests that some hiring managers are shifting to hire employees that are willing to learn, but might not have the background. This is good news for any well-seasoned IT pros that may have entered the workforce with different skill sets than their recently graduated counterparts. You can easily gain more training at your job in order to get ahead in your career.
“Consider applying for jobs in the field, even if you don't meet all of the qualifications up front,” states Wong, “Highlight skills and experience that you have which may be related or transferable, and in the interview process make sure to emphasize and demonstrate your passion for the field and capability to come up to speed quickly.”
Having experience in security is a key component in many information technology jobs, but sometimes you need to prove you have the background. If you can’t get on the job training, you will want to peruse other avenues to highlight your interest in security on your resume. One way to do this is by obtaining a certification in different security specialties.
Wong illustrates how certifications can help you highlight your experience in security. “If you're serious about wanting to understand the basics of cyber security, consider signing up for a course that will allow you to take an exam to get a certification in the field, such as ISC2's CISSP. You'll gain knowledge through your study and also have several letters to put after your name on a resume when you start applying for cyber-security roles.”
Reactive and Proactive
Skills in security include being reactive, as well as proactive. You will need to understand how to manage a threat once it appears, but also how to predict any potential threats. As technology grows, it creates more unique opportunities for hackers to gain access to data. Therefore, to keep your security skills sharp, you need to constantly evolve with technology and trends. Security has become more about understanding how attacks can happen, and figuring out the complex networks of systems that allow security breaches to occur.
“Traditional security has focused on the reactive processes of scanning and monitoring systems, but the implications of the recently reported breaches make clear that this approach to security isn't enough,” states Steve Hultquist of RedSeal Networks, “So, job seekers should focus on understanding the broad implications of automated network attacks, the complex interactions of network components' configurations, with the ultimate goal of understanding security zoning, automated auditing of that zoning, and various remediation strategies for findings.”
Monster wants to know: Does your tech job involve security and do you think its an important skill for IT pros? Let us know in the comments.