Just as the security landscape is ever changing, so are the skills that security professionals need to keep up. In a study conducted by Sungard Availability Services, IT decision makers revealed the security skills that are lacking in many organizations, including:
• Experience developing security infrastructure and setting up security policy management, monitoring and alerting systems
• Ability to identify incoming security threats
• Background in security systems including the network layer, system layer and application layer
• Familiarity with implementing security controls around enterprise data and experience with enterprise security, identity management and federation systems
Sungard AS’ Global CSO Shawn Burke added, “While it depends on the organization the security resource will work for, people with application/software development skills are in high demand throughout the industry.”
Here are seven other security skills needed in IT departments, some of which may surprise you.
7 Top Skills for Security Pros
Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you.
Understanding of PaaS/IaaS Security Systems
One of the hottest IT security skill sets right now is having deep, applied expertise in key components of a PaaS / IaaS security program, according to Chris Chang, developer advocate at mLab. “As more workloads move to the public cloud, it’s become an absolute must-have for a growing swath of businesses to have someone (or a team of someones) that brings strategic and tactical expertise in security,” Chang said. “Security professionals should have experience developing and implementing key components of a PaaS / IaaS security program, such as intrusion detection, malware detection, vulnerability management and data loss prevention. One look at the news demonstrates why these are critical security skills to have on hand.”
Internet of Things (IoT) Device Security Architecture
The IoT is in desperate need of better built-in security, making it a focus in the security industry today, and this is why Nathan Wenzler, principal security architect at AsTech Consulting, thinks there is a need for security professionals with skills around understanding the various IoT operating systems, platforms and related applications. Those who understand how they are secured will be in high demand as more and more organizations utilize these kinds of devices.
Social Engineering and Behavior Skills
“More and more, we see technical attacks that are used to gather information that is, in turn, used to perform a social engineering attack against an organization to get employees to inadvertently give up credentials or otherwise provide access to the attacker,” said Wenzler. As ransomware, phishing emails, false login sites and more continue to be used more frequently, there is a need for security professionals who understand the human side of these exploits. Wenzler added that the ability to recognize behavior patterns in social engineering will be needed by organizations in order to create stronger training programs, better policies and procedures for staff to follow, and ways to empower their staff to perform their day-to-day tasks in a more secure manner.
Expertise in setting up robust logging infrastructure is a big skills gap in the security profession, explained Chris Stouff, head of threat resistance with Armor, a managed cloud security provider. “Logging of security events and ensuring the proper data enrichment is added, underpins everything that happens in security operations to detect, correlate and respond to threat activity,” Stouff said. “Unfortunately, there are very few professionals in the market who really understand how to manage logs correctly and at scale. But even fewer have the skills or systems in place to properly audit and review the data that is present in their logs. Getting this right makes the difference between security as a check in the box, and actually putting forth an effort to stem the tide of attacks.”
“In today’s business environment where both the frequency and sophistication of attacks is rapidly increasing, there’s an urgent need for IT security awareness and incident response skills,” said Vinay Anand, VP of ClearPass Security at Aruba, a Hewlett Packard Enterprise company. “With the number of disparate security solutions deployed in a typical enterprise growing in response to the number of threats, security analysts are inundated with information and are having a hard time tightly managing the security posture of their network. It’s not enough to depend on automated responses from these solutions, which is why it’s incredibly important to develop the skill sets to chase after needles in haystacks and accurately identify the real threats to an organization.”
Audio Security Skills
Are voice passwords the way of the future? Yes, said David Dewey, director of research at Pindrop, which is why there will be a need for security professionals with voice biometrics and voice authentication skills. This will include creating authentication technology to stop hackers from that attempting to synthesize or clone someone’s voice.
Even security professionals need to have the ability to write in a clear and concise form. They may be writing reports that are read by a Vice President or C-Level exec, said Tom DeSot, chief information officer of Digital Defense. “Sadly, you have no idea how many writing samples we’ve seen that ended up making us opt for a different candidate,” he said.