What technical and soft skills do cyber security professionals need right now? How can you future-proof your career?
We spoke to Miguel Duran, Hays North America Cyber Security Lead to find out the answers that will help you achieve Cyber Security career success.
I’d say that the required soft skills are already changing in security – especially for those in senior positions. In the last year or so we’ve seen a much greater emphasis on those roles being business-facing, collaborating regularly with non-tech stakeholders. It’s no longer a case of hands-on-keyboard; you need to be working with various business owners and groups.
That means if you’re working on the risk side of security, you’re not just working with your risk team, but also with HR, Legal, IT application and infrastructure. You will need to be aware of what these teams are working on, and the projects coming into the business, so you can ‘police’ that activity. Even in engineering roles now, as programs mature, you could be creating policies and processes, but having to work with and delegate configuration to another team.
So, the importance of cross-functional team integration, and being able to influence and build relationships with those teams, is becoming more and more apparent.
Overall, there are two different paths you can take in cyber security – which fit both personality A and B types. But as you move up into a more business-facing role, whether that’s as a CISO or BISO (Business Information Security Officer), your core role is managing the business’s understanding and knowledge of security.
I agree, in every aspect of senior positions there will be stakeholder engagement and management. Security touches all aspects of your business, so the more senior you become, the higher the expectation will be for you to work, engage and influence other key leaders around you when implementing new processes and policies across the business.
A foundational level of IT experience and knowledge is always going to be required to work in cyber. If you’re working on the technical side (such as in engineering, security operations, identity and access management, or security architecture), you need to know about network and servers. And with the digitalization push, you need a good understanding of web and business applications too – as these are the types of things you’re protecting.
If you work on the functional side of the business (such as compliance, risk, and governance), you need a foundational knowledge of various levels of compliance, frameworks, and controls. Even in a compliance or risk role, you need a high-level understanding of information systems – but you won’t need in-depth technical knowledge, like writing a command in Windows server, for example.
Keep up and adopt the new; don’t let yourself get left behind. It’s the same with any other tech sector – there’s always something new, whether that’s a new product, process, vendor, or concept, so don’t get stuck in one avenue. Keep on top of things and you’ll never get left behind.
Find your next Cyber role
Search and apply for jobs now