By Michael Nizich, PhD, CISSP
The last few years have been quite notable from a technological perspective with the rapid advancement of remote and mobile workforce technologies. This was primarily driven and fueled by a pandemically motivated need for workers of all kinds to be highly productive at a distance. This led to astronomically high rates of employees working from home and even staying remote in a post pandemic world. It has also, unfortunately, been a period of double digit increases in malicious cyber-attacks including ransomware and phishing attacks costing anywhere between 9 and 13 trillion U.S. dollars globally each year in corporate losses and recovery costs. Couple this with an expanding global workforce gap between skilled cybersecurity professionals and available cybersecurity jobs (around 3 million), it would be interesting to look at what the top skills and requirements are to enter the cybersecurity workforce in 2024. There are many skillsets, or as they are referred to in the cybersecurity industry, KSA’s or knowledge, skills and abilities that apply to the field of cybersecurity. To narrow them down, I will discuss what I consider to be the three most important attributes of what I refer to as the Cyber Hero, or the individual who is going to excel in the industry. Let’s take a look at just those three for now.
- Be a curious and critical thinker – Be able to ask yourself what, how and why something is happening?
Curiosity killed the cat, but in the case of the cybersecurity industry, it usually leads to your first promotion. Cybersecurity is a field based around really sharp criminal minds thinking of new and nefarious ways of breaching perimeter security systems and tricking innocent users into letting them access their system. This is no place for mundane thinkers. Technical skills are great, and obviously required, but if you do not know how to use them and when to use them because you lack the insight to identify the origins of the attack, then you will struggle. Attain, improve and maintain your technical skills but if you don’t know when, or in what capacity, to use them you will be looking for your next gig very quickly.
- Understand the difference between Information Technology, Cybersecurity and Cybercrime
This is so important to understand for new graduates entering the field, job transitioners and even experienced technologists moving into the field. A good Cybersecurity professional knows these differences well and they apply it every day. Having a solid grasp on the unique attributes of each concept and understanding where they lie in the bigger picture of secure systems and cybercrime is key to your rapid advancement in the field. The difference is that Information Technology is what allows the existence of valuable digital data in the first place. It also enables the transfer of this data via telecommunications channels which then places that data at risk of theft or damage by cybercriminals. Cybersecurity is an overarching concept of methods and frameworks to apply very specific information technologies that are focused on the protection and security of data. Cybercrime then is the set of activities exhibited by criminals to illegally and immorally benefit from the theft or damage of digital data rightfully belonging to others. The understanding of differences between these concepts, and more importantly how they interact with each other, is many times the first skill recognized by employers that may either get you your first promotion or send you back to the job sites.
- Enjoy making a difference in people’s lives and not just solving technical problems
Put things into perspective. In cybersecurity, keep in mind that you are not fixing a slow computer for an employee as part of the IT staff. You are fixing a slow computer by identifying and mitigating malicious software on that computer that is attempting to lock your organization out of its own data and then forcing you to pay an exorbitant ransom payment just to get access back to your own data. You don’t have to love it, but you do need to find a bit of passion, and even wonder, in what you are doing every day. If you do not find the everyday effort of thwarting criminal attempts to damage or steal your organization’s data somewhat rewarding, then you may want to find another career path. Cybersecurity is the magical place where you get to apply all of your hard-earned technology skills and your natural instincts to stop, and sometimes even catch, threat agents and attackers who were out to harm others. If you lose this wonder along that way that’s Ok but make sure you find it again quickly because it’s blaringly evident to your employers that you have lost the edge.
In summary, there is a robust job market for skilled cybersecurity professionals if you are adequately qualified, but this is not a guarantee and those entering the workforce should be cognizant of these 3 attributes of highly successful cybersecurity professionals that will take you through your career. Specific KSA’s will come and go as the industry needs and job market change, but these three attributes of Cyber Heros, from the cybersecurity analyst position all the way through the apex Chief Information Security Officer (CISO), will always remain, in my opinion, the core values that will be recognized in the field for years to come. These core tenets, if naturally occurring in an individual or are attainable through training, will always guide you to do the right thing at the right time and lead to a very successful career in cybersecurity.
Dr. Michael Nizich is an Adjunct Associate Professor of Computer Science and Cybersecurity at New York Institute of Technology and is the author of the new book, The Cybersecurity Workforce of Tomorrow released July 31.