If you saw the movie “The Imitation Game,” you’ll remember that
when Alan Turing was finding recruits for his Enigma codebreaking effort, he
had them all take the same test: solving the Daily Telegraph’s crossword puzzle
in 12 minutes or less. He believed that anyone who could accomplish this feat
had the right analytical and pattern-matching skills required to be a
codebreaker, regardless of academic or professional background.
Seventy-seven years later, and the cybersecurity industry is following in Alan’s footsteps.
Though the number of colleges and universities that now offer cybersecurity
majors and minors continues to increase (which is a tremendous step forward in advancing
cybersecurity awareness and associated career possibilities), cybersecurity
companies are increasingly favoring innate skills over cyber degrees when hiring
This means that the cybersecurity industry has created a career training opportunity
that hasn’t been available since the good old days of the “junior executive
programs” in the 1970s—that is, companies are hiring waves of new grads who
possess the qualities and skills they’re looking for, and training them
themselves versus relying solely on college majors, co-ops and internships to
deliver them pre-trained.
With more than 300,000 cybersecurity job openings in the U.S. and nearly 2 million
worldwide, cybersecurity is incredibly fertile ground for new careers, but many
college grads will incorrectly assume they need a technical background to enter
the field. I’m here to tell you that this is not always the case.
Cybersecurity requires a foundational skillset that you often can’t learn in school or from
an internship. You are born with many of these foundational skills, which are
nurtured in youth. They can then be refined with the right mix of coaching,
experience and self-growth, and used as the right base on which to build
cybersecurity-specific skills. Here are three that I personally look for when
interviewing entry-level candidates.
By definition, soft skills are “personal attributes that enable someone to
interact effectively and harmoniously with other people.” In the world of
cybersecurity, soft skills are critical for several reasons:
First, you are constantly working across
company lines, interacting with IT and security professionals, Legal and HR,
and C-level executives and board members. Cybersecurity pros must be
comfortable speaking to employees at all levels and working in teams.
Second, cybersecurity professionals must
be confident enough to stand in front of a group and act as the expert—even if
they are sometimes the least-business-experienced person in the room.
Third, but certainly not least,
cybersecurity professionals need to be able to delicately, but effectively,
communicate difficult news in difficult situations, such as if a data breach
occurs or if network vulnerabilities are discovered that could be exploited.
These conversations are not easy, but they need to be had. With the right soft
skills, they can be positioned in a way that commands action and response,
rather than provoking fear and doubt.
Curiosity is essential to succeed in the world of cybersecurity. Regardless of your
background (technical, business-focused or strategic) or what side of the
business you’re on (Threat, Risk, etc.), having natural curiosity is a key
element of career success. Good cybersecurity professionals have an innate
desire to know how things work. They want to learn what happens when risks aren’t
mitigated or understood. They want to understand how security factors in when
they’re interacting with their apps and phones every day. They want to find
holes in corporate networks and see how lateral those vulnerabilities will
allow them to go. They want to learn about the risks created from an “always on,”
And they want to know what the latest tactics, techniques and procedures are that cyber-criminals
are using. Above all, they want to understand topics they are not already
familiar with, and they won’t wait patiently for somebody to teach them those
things. In short, they possess the curiosity to learn and grow, and the hunger
to push themselves every day to go farther than they thought possible.
We’ve all heard the expression: “There’s no ‘I’ in team.” And this is true in
cybersecurity (OK, there is an “I” in cybersecurity, but I digress!). Cybersecurity
professionals must be team players not only within their organizations, but
within their cyber communities as well. They must be willing to share their
knowledge as they learn new things by blogging, writing white papers, speaking
at conferences, going to industry meet ups, etc.
This is so important because staying one step ahead of cybercriminals requires
collaboration and communication among security vendors, threat researchers,
consultants and the industry in general. We shouldn’t be here only for the fame
or glory that can come with something like discovering a new zero day. We’re
here to share our knowledge and experience with the community so that everyone
can benefit from it, and, collectively, we can take a cohesive step forward in
defeating the bad guys.
At this point, you may be asking yourself: How can I demonstrate these traits if I don’t have any cybersecurity experience? The truth is, characteristics such as soft skills, curiosity and being a team player are innate traits applied in many aspects of life beyond cybersecurity, and we can recognize those traits within candidates throughout the interview process. As long as candidates arrive with these foundational qualities, we can coach and mentor them as employees to further develop these traits and apply them throughout their career in cybersecurity.
With Cybersecurity, It’s All About People
The cybersecurity skills shortage is a problem that isn’t going away anytime soon. The
cybersecurity industry needs to continue to focus on building the next wave of
professionals—and seeking candidates with the right skillset, regardless of
their academic or professional background, is a step in the right direction.
If identifying the right people with the right foundational skills is the first
piece to the puzzle, retaining these professionals is a key second. Retention
requires us to invest in them, help them grow personally and professionally,
and, above all, care about them as people first and teammates second. This is
the real answer to ending the cybersecurity skills shortage and the most
impactful way we can develop the next generation of cybersecurity professionals
to successfully rise up over their cyber-adversaries and keep our world safe
from future cyber-attacks.
Bryan Wiese is GM of Global Advisory Services at Optiv Security. Bryan’s role is to run and coordinate all aspects of the global Optiv Advisory Services business with a focus on people leadership, customer advocacy and relationship management, and operational execution with quality.
The post Cybersecurity Careers: Innate Skills Can Outweigh Your Background appeared first on Dice Insights.