7 Cyber-Security Skills In High Demand - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
8/8/2016
07:06 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

7 Cyber-Security Skills In High Demand

Businesses around the world report a shortage in cyber-security talent. Here are the skills IT managers should be seeking to keep their data secure.
Previous
1 of 8
Next

(Image: Vm/iStockphoto)

(Image: Vm/iStockphoto)

Organizations across industries are challenged to address a cyber-security skills shortage leaving their networks open to attacks.

There will be 1 million to 2 million unfilled cyber-security jobs worldwide by 2019, according to a recent report released by Intel Security called "Hacking the Skills Shortage." The report includes the results of a survey of 775 IT decision-makers involved with security, 82% of whom reported a lack of cyber-security skills within their business.

The lack of security talent is both dangerous and expensive, especially as businesses face growing threats from external internet cyberattacks. Most organizations don't know how to detect or mitigate attacks that leverage digital channels such as social media and mobile.

Most respondents in the Intel study (82%) reported a lack of security talent within their organizations. One in three said this makes them hacking targets, and one in four claimed they have suffered reputational damage and proprietary data loss as a direct result of the skills shortage.

[Read: What can IT professionals learn from the DNC hack?]

Part of the problem is a lack of adequate cyber-security training for IT professionals. About half of survey respondents said they prefer entry-level candidates to have a bachelor's degree, but hands-on experience and professional certifications are typically more useful for developing the skills in greatest demand.

High-value technical skills are especially scarce. Skills such as secure software development, intrusion detection, and attack mitigation are in greater demand than comparatively "soft" skills, such as communication and collaboration, according to the study.

More than half of respondents (55%) believe cyber-security technologies will evolve to help close the skills gap within five years. Some also plan to outsource, but only for skills easily automated -- for example, threat detection through network monitoring.

Here, we take a close look at some of the cyber-security skills in greatest demand. This list can give IT managers a better idea of what to seek as they build a robust security workforce.

Do you look for these skills in members of your IT team? Are there any skills not listed that you value in your team? Feel free to share your thoughts in the comments section below.

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Ludivina
50%
50%
Ludivina,
User Rank: Apprentice
4/7/2017 | 8:19:13 PM
Instagram followers
Yea, it is just wonderful to see how the security changes can make a huge impact on the cyber-net.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/17/2016 | 2:41:45 PM
Re: efekt synergiczny gdańsk
I am glad that you shared this helpful information with us.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/12/2016 | 9:54:04 AM
Re: pisanie tekstów dodatkowy zarobek
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/3/2016 | 9:18:56 AM
Re: Quotes : Happy Birthday

It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us.
DonT183
50%
50%
DonT183,
User Rank: Apprentice
9/7/2016 | 1:06:51 AM
Re: Just be the point of reference
Except Social Engineering is exactly how we defeated multi-factor authentication at Banks and Classified Engineering facilities.  How else will the smoker let you in the badge access door if your hands are not busy?  How else will the nice lady put her thumb on the biometric sensor to let us in to meet the CISO?  Who else would assume because you cannot get throught the door without a badge that it is OK if the screen saver lockout does not engage?  Two factor as a mitigation for Social Engineering?  That really is funny.

Now turning our antics into training video for staff on what not to do when a stranger penetrates the building security -- that is both lesson learned and enjoyed.  A whole firm got video clips, popcorn and fun jokes and never forgot it.  The picture of my InfoSec team member in an Electrician's suit who has no idea what half the tools in his belt are for is a priceless picture.  
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/16/2016 | 8:17:27 PM
Re: Just be the point of reference

@Markjfowler    Thank you for your advice and insight.   I appreciate your examples of carrying out Two Factor authentication, something I will experiment with in the future. 

And I agree, company backing is paramount, since there has to be some sort of repercussion for careless practice.

Markjfowler
50%
50%
Markjfowler,
User Rank: Apprentice
8/16/2016 | 11:42:42 AM
Re: Just be the point of reference
The social engineering threat can be mitigated by Two Factor authentication.  These can be device identity certs or better would be RSA Tokens (either from a dongle or a smart-phone app.)  Combine that with standard login security and a corporate policy that includes termination for passing off the security token.  If you don't protect all parts of the 2-factor, it becomes useless.  If somebody leaves their token plugged into their computer and then lets another person log in, that could be termination or at the least a Human Resources file memorandum.  There has to be a stick to smack fingers with, or two-factor is another expensive speedbump with a hole in the middle.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
8/15/2016 | 6:48:51 PM
Re: Just be the point of reference

@vnewman2     That is great that everyone gets to get their hand in the Security Pie.   And I like your message to endusers.   As a sys admin ( and the only IT ) for an SMB, I feel weighed down by security even though I understand it's importance of course.

I just recently had a security audit on my network, so I am interested in learning the results thereof, I am relatively confident that structurally our security is fine, however I have a social engineering threat alive and well within the company and I am trying to patiently coach them, even though I would think anything I am conveying is actually common sense.  

Oh Well, not everyone thinks about this stuff.

umutarcn
50%
50%
umutarcn,
User Rank: Apprentice
8/12/2016 | 7:39:47 PM
Quotes : Happy Birthday
Merely having someone who's job it is to be on top of that stuff is more than most organisations seem to do right now, so it's a good starting point.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
8/12/2016 | 5:19:13 PM
Re: Just be the point of reference
@Technocrati - Agree and think there will always be some sort of human intervention needed but obviously the level of involvement will change.  I work for a global company our "security team" is a hodge podge of network engineers, enterprise architechts, data comm, various admins, the Exchange team, etc.  Actually we tell all of our IT people that we are on the "security team."  When we've done presentations to the masses, we tell them as an end-user, they are too (to the degree that they can not do anything to inadvertantly set up an attack.)
Page 1 / 2   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll