For years we’ve talked about the dearth of skilled cybersecurity professionals which ISACA reports is now estimated to reach two million by 2019. Encouraging more individuals to pursue technical and engineering degrees can help address the shortage. But we can also expand the talent pool by thinking more broadly about cybersecurity and what it takes to be an expert.
There is no one definition of a cybersecurity professional and no one path to get there. Success requires certain core strengths, the right course of academic study, real world experience and mentorship. Further, as the field has matured we’ve seen that many domains must come together to perform security well – infrastructure security, application security, data science and business risk. Only with talent across these domains can we develop, deploy and manage secure solutions that can mitigate risk effectively as threats continue to evolve. Let’s take a brief look at these four core domains and a few of the “must have” skills for success.
Infrastructure Security – Because a myriad of components, such as network connections, servers, databases, middleware and various endpoints all work together to protect an organization’s infrastructure, a well-rounded security professional with a strong foundation across an array of technologies has the opportunity to truly excel. With a multidimensional skillset, he or she will be able to architect, build, and manage a highly effective threat defense. For example, to properly segment an infrastructure, knowledge of networking, server operating systems, identity and access management, and databases is required. Experts in these areas can dive deep as needed, but a security professional with a breadth of knowledge can not only provide strategic recommendations to the business on how to use segmentation to strengthen defenses, but also lead and manage the efforts to do so.