Effective Cybersecurity: A Combination of Hard and Soft Skills

Cybersecurity is a hot topic. It’s an even hotter career choice for individuals interested in helping organizations put up the necessary forcefield against ever determined and expert cybercriminals. Cybersecurity professionals not only need to see the big picture of threats to an organization’s data, they also need to continually adapt to the changing nature of these threats.  

A combination of hard and soft skills is needed. Technical skills, along with the ability to effectively communicate cybersecurity issues, mitigation efforts, and impacts up and down the organization have the makings of a never dull and lucrative career path. 

The 2021 Cybersecurity Workforce Study found that while the gap between additional professionals needed by organizations to defend critical assets is slowly closing, an additional 2.72 million professionals are still needed worldwide. The study also suggests that the global cybersecurity workforce needs to grow by 65 percent to adequately meet the requirements of the world’s organizations. 

“When we want to fill cybersecurity positions, we look for someone with curiosity and passion,” said Bob Erdman, Director of Development, Fortra. “Are you the type of person that will dig into a problem and figure out a root cause and a resolution? Are you tinkering in a home lab and building your skills or trying out new concepts? And do you love what you do or is it just a ‘job’ for now?” 

Technical, or Hard Skills Needed for Cybersecurity 

A demonstrated interest in, breadth, and fluidity of technical or hard skills makes a cybersecurity professional attractive to employers.  

Job seekers can enjoy the fact that there is no singular path to a cybersecurity career, as there are a variety of avenues aspiring professionals can go down – from networking to social media, to cloud-based initiatives – and more. 

While entry-level candidates in cybersecurity generally spend some time in pen testing, vulnerability management, or threat research, mid-career or senior-level cybersecurity professionals tend to specialize more and may work in fields like Business Email Compromise (BEC), reverse engineering, and malware analysis.  

Cybersecurity Technical Skill Specifics 

Some formal education is expected by most employers to prove the essential breadth of knowledge needed in the field. This can be secured by individual learning and practice; by obtaining a two- or four-year program in Computer Science, Information Systems, or Cybersecurity; or by completing a combination of cybersecurity-focused certifications. 

Any of these ultimate pathways should include a working understanding of networking, operating systems, and cloud computing, as well as proficiency in programming languages. An ability to build and evaluate network architecture and a firm grasp of firewall breach detection and prevention, antivirus mitigation, VPNs, and security audits are also highly desirable resume credentials. 

In general, cybersecurity skills should include an understanding of how an organization’s network infrastructure is set up and managed so professionals can work to ensure it cannot be misused or breached. In other words, a cybersecurity professional is often a hacker working in reverse. 

Erdman added, “Some level of programming experience is also preferred. You can create useful tools to increase your effectiveness and execute more complex activities that require enhanced skill levels. We like to see a working knowledge of Windows, Linux and basic networking too.”

Learn More: Visit the Cybersecurity Library

A solid technical base should include education and/or experience in the following: 

• Networking: The technical aspects of data transmission
• System administration: How computer systems are configured and maintained
• Network security control: How network security tools, like firewalls, VPNs, and intrusion detection mechanisms work to detect malicious activity
• Operating systems: Comfort in any environment, like Windows, Linux, and Mac OS
• Coding: Useful cybersecurity languages include Python at the most basic level but interested cybersecurity professionals should also “speak” any combination of C/C++, Go, Rust, PHP, JavaScript, SQL, HTML.
• Cloud security: Cloud platforms such as Azure and AWS, along with the policies and procedures that are specific to the growing popularity of cloud-based systems, are also a good area of concentration.  

Outside of specific IT-related degrees, the following certificates could land a resume at the top of a recruiter’s pile:  

• OSCP (Offensive Security Certified Professional)
• CISSP (Certified Information Systems Security Professional)
• CEH (Certified Ethical Hacker) 

Additional certifications to consider: CISA (Certified Information Security Auditor), CISSP-ISSAP (Information Systems Security Architecture Professional), CISSP-ISSEP (Information Systems Security Engineering Professional), and CISSP-ISSMP (Information Systems Security Management Professional). 

Cybersecurity Soft Skills Take Technical Know-How Further  

So, once that resume’s studded with a few certificates or degrees, and some time is logged digging into all things technical, what else is needed for a cybersecurity career? Soft skills – the less quantifiable, but just as important, skills that help you translate all of that data security knowledge to the broader organization for effective cybersecurity. 

Curiosity and an eagerness to learn can help move a cybersecurity career along. But professionals looking to stick around awhile should also be flexible and adaptable to the new technologies and threats that continue to arise. This mindset can help ensure that cybersecurity continues to be a top organizational concern, and that new vulnerabilities can be swiftly addressed.  

Whether hiring or looking to be hired, “Communications is critical,” noted Erdman. “You need to be able to express your thoughts and findings to management, customers, and to the community at large. Both verbal and written skills are important. For example, if you are performing a penetration test there will be an expectation of a thorough report at the end, with both executive-level summaries and technical details included.” 

Cybersecurity impacts the entire organization at some point, so a strong cybersecurity professional should be able to: 

• Articulate complicated subjects clearly so that the average, non-technical person, including those in the C-suite can understand the goal, process, or procedures being talked about.
• Present cybersecurity matters effectively to a wide range of internal customers
• Listen for understanding using active listening skills
• Play well with others, whether with an eye on a future leadership role or to mesh well as a member of a larger cybersecurity team. 
• Continually learn new skills and technologies. Cybersecurity is a field that changes often and rapidly. A continual learning path will help professionals keep pace.  

Cybersecurity Jobs are in Demand 

“There has been a lack of cybersecurity professionals available to fill open positions for some time now,” noted Erdman. “And the problem is expected to continue. Recruiting and encouraging more people to join the field will better prepare our workforce for the future.”