To build a successful career in cyber security, the required competencies can broadly be divided in two main categories
Not only technical, but non-technical people with the right set of soft and transferable skills can also get into cyber security.
How do I get into Cyber Security?
Which path do I take?
Which courses or certifications do I need to have?
— These are some of the questions I get asked from someone who is trying to get into cyber security. However, there is no simple or a single answer to these questions.
You might be starting a career with a fresh college degree, going through an apprenticeship programme, or switching from another field having a few years of work experience under your belt, with the right set of soft and transferable skills, there is an appetite for anyone to start a career in cyber security. The career path you take may vary depending on your own skill sets.
To build a successful career in cyber security, the required competencies can broadly be divided in two main categories —
You might ask —
“Why having specific kind of soft skills are so important to make a good career in cyber security?”
The simple answer to that is —
It is important to understand the kind of soft skills you will require to build a successful career in cyber security, and I will cover these in this post.
#1 — Have a keen interest in technology
Having a keen interest in technology is key. Having an understanding and willingness to learn how computers work and interact with each other, such as, operating systems (Windows, Linux, MacOS), networking (LAN, WAN, Wi-fi networks, OSI model), along with one or more programming/scripting languages is important.
Learning about hacker mindsets, what motivates them, techniques that they employ to attack computer systems and how to protect against these are some of the first few steps that you can take to make a good start in cyber security.
#2 — Be a lifelong learner
You must have a drive and commitment to learn constantly. Cyber security moves at a fast pace and working in the field will turn you into a lifelong learner. If you don’t have a passion for the field or can’t keep up with your learning, your skills will erode before you’d even know about it. Hacking techniques evolve, and so does cyber security. Therefore, it's important to invest time and effort to learn constantly to keep your skills up to date at all times.
There are many resources that one can make use of — including classroom training, self-paced online training, reading books, white papers, articles, blogs, attending industry conferences, seminars, online webinars, creating a lab for practicing new technical skills, taking part in capture-the-flag (CTF) competitions, and the list goes on.
#3 — Good analytical and problem-solving skills
One exciting part of your job in cyber security is that no two days are the same. You are always working on solving new problems and challenges. You are either working to identify security gaps in systems that the hackers are trying to exploit, or working to identify solutions to plug these gaps. Both these require strong analytical and problem-solving skills.
Having good troubleshooting skills, along with the curiosity and ability to see how things work, what can go wrong and how to find a solution to fix problems are paramount skills to have for a successful career in cyber security.
#4 — Great collaboration skills
Generally, the movies give us the perception of a lone hacker hunched to a computer screen for hours in a dark room, however, the reality might be complete opposite for security professionals. Cyber security is a complex field and generally the organisations require a team of skilled security professionals working together to defend their own or their clients’ computer systems.
Depending on the size of your organisation, most of the time you will be working as part of a larger team.
Also, depending on which area of security you work in, you might be interacting with governance, risk management, compliance, architecture, networking, software development, internal or external auditors and at times with senior management in your organisation.
#5 — Strong communication skills
As stated above, as part of your job, you will be interacting with several technical and business stakeholders, therefore, having strong verbal and written communication skills, along with strong presentation skills is very important.
You need to be able to simplify complex technical topics and present these to other technical and business stakeholders in their language. An understanding of their requirements and adjusting your communication style accordingly will help take you further in your career.
As part of your job, you might also be spending a lot of time writing reports or creating documentation for other stakeholders in the business.
#6 — Ability to work under pressure
We always hear about skills shortage in cyber security, which means most of the time, the cyber security teams are under resourced.
Not only, that we are playing a cat-and-mouse game with hackers most of the time that can put the teams under pressure, there could be other factors, including resource constraints, budgetary constraints, or lack of motivation from the business to hire more security professionals in the organisation. All these factors could put existing teams under pressure. If you are not used to working in this kind of environment, it might cause stress and burnout after some time.
#7 — Effective time management and prioritisation skills
Having under resourced teams and working under pressure brings us to our next soft skill, which is, effective time management and prioritisation skills. Since you have limited time and sometimes may get overwhelmed with the amount of work that you have, you need to be able to prioritise your work based on its criticality to the business or the hard deadlines that you might need to meet to deliver your work.
Using effective time management techniques, such as, dividing your tasks into a time management matrix (such as urgent, important, not-urgent, and not-important) or creating daily/weekly task checklists will help you complete high-priority tasks before you work on anything else. Negotiating priorities with your manager will also help you decide which tasks need to be completed first.
Anyone having a combination of these soft skills with an attitude and aptitude to learning would make a great start as well as continue to do well in their career in cyber security.
You will develop role specific skills while working on the job or could even start working on these before starting a career in the field. I will cover various kinds of roles and what skills you might require to be successful in these roles in my forthcoming post. Stay tuned!
PS: This article is aimed at someone who might be new to the field or considering cyber security as their next career move. The general industry accepted terminology used for someone who is trying to attack or cause harm to computer systems is ‘attacker’ or ‘adversary’, however, I have used the term ‘hacker’ to maintain the simplicity of this article. Read this article on Wikipedia to see what the term ‘hacker’ may mean to different groups or categories of people.