This post was originally published here by (ISC)² Management .
The 2018 Cybersecurity Workforce Study, recently released by (ISC)2, reveals that 63% of organizations currently don’t have enough cybersecurity staff. The number is hardly surprising considering the worldwide cybersecurity workforce shortage is nearly 3 million.
Employers have an acute need to build their cyber teams with the requisite skills and experience. Their priorities in looking for candidates include:
- relevant work experience – 49%
- understanding of advanced cybersecurity concepts – 47%
- cybersecurity certifications – 43%
- extensive cybersecurity work experience – 40%
- strong non-technical/soft skills – 39%
If you’re seeking employment in a cybersecurity role, keep these priorities in mind. They provide a baseline for the skills and qualifications you need to demonstrate when applying for a cybersecurity job.
You also must be ready to demonstrate you can apply your skills and experience to an employer’s specific needs. This is what Tony Vizza, CISSP, (ISC)²’s Director of Cybersecurity Advocacy for Asia-Pacific, calls “having the ability to take concepts and ideas related to cybersecurity and contextualize them in meanings that are relevant to the organisation and its decision makers.”
Cybersecurity Certifications
Holding cybersecurity certifications, whether on specific vendors’ solutions or cybersecurity industry standards, makes jobseekers more attractive. Employers have become more attuned to the value of certifications, which help determine whether you as a candidate have the knowledge they need.
However, lacking certifications shouldn’t preclude you from applying for cyber positions. “Just because a candidate doesn’t have a certification, or a degree doesn’t make them unsuitable for a role,” says Vizza. “The wider the scope of the role, the more important certifications are, but for roles that have a narrow focus, a vendor cert or even extensive experience in that role could be useful.”
Young Comers Welcome
Despite the emphasis on experience by employers when recruiting cybersecurity professionals, the reality is that employers may struggle to find candidates with all the qualifications touted in the job description. We wouldn’t be facing a 3 million shortage of professionals otherwise.
The emphasis on experience shouldn’t discourage younger candidates, says Vizza. “Cybersecurity has a place for both the young and those at the twilight of their careers. There is no substitute for experience, and no industry needs enthusiastic and wide-eyed youngsters more than cybersecurity does. What we can do better is get the two demographics to work together – the veterans to mentor the youth and teach them life skills and experience related to their careers.”
Strong “Soft” Skills
Non-technical or “soft” skills have regularly made the top list of what employers are looking for when building their security teams. Hiring managers are looking for team members who can work well with others, have solid communication skills and can demonstrate critical thinking and leadership. Your past experience speaking at a conference or being a member of a meetup group speaks volumes about more than just your knowledge of cybersecurity principles, but also about your ability to engage with others and build relationships.
The Right Attitude
Regardless of age and experience, having the right attitude is a major plus. “It sounds like a cliché, but in this industry it’s an absolute fact,” Vizza says. But what does that mean exactly? Vizza says it means understanding that cybersecurity evolves constantly and, as such, it requires staying attuned to events, news and new vulnerabilities and threats. And perhaps most importantly, it requires a commitment by cybersecurity professionals to self-improvement at all times.
Photo:War on the Rocks