The shortage of cyber security talents shows no signs of abating. According to the research of research institutions, 95% of respondents said that the shortage of network security skills and its related impacts had not improved in the past few years, and 44% said that this situation would only get worse.
In addition, more than half of the respondents (57%) said that the skills shortage was having a negative impact on their existing workforce, which was due to the increase in workload (62%), unfinished vacancy applications (38%) and high burnout of employees (38%).
The following are the technical skills and soft skills listed by security industry professionals, which are most important for building a successful career and keeping the enterprise in the best position to remain efficient.
Improve the top technical skills required by the enterprise’s network security career
- Application security development. Enterprises need security personnel who are proficient in DevSecOps concepts and can work closely with software development engineering teams. Communication skills are important here because engineering departments usually focus on bringing products to market or on their functionality and safety. Therefore, people interested in this field need more flexible skills, because application security development usually belongs to the business department outside the direct control of the security team.
(2) Cloud security. As more and more enterprises seek cloud computing infrastructure to store data and run applications, they need people who understand the underlying infrastructure and how to connect identity management and authentication with the safe running of basic SaaS applications. Many cloud vulnerabilities occur because false pages are set up where credentials are stolen. Enterprises need people who are familiar with these policies and can manage cloud security tools that monitor and identify such solutions. As enterprises adopt a multi cloud strategy, they also need people who understand how to use new tools designed to work across multiple public cloud platforms.
(3) Threat intelligence analysis. There are many threat intelligence tools on the market, but the demand for personnel who can correctly use these tools and make situational analysis of security threat trends is in short supply. It is often difficult for enterprises to find personnel with such talents, and it is even more difficult to train them. This work requires strong analytical ability, curiosity and the ability to deal with high-risk pressures. Threat intelligence experts are good at analyzing digital evidence. They usually have some programming skills, especially in Python. Security personnel interested in this field can accumulate experience in the event response team, and many of these skills can also play a role. This field also increasingly needs people who understand the threats that affect machine learning and artificial intelligence environments.
(4) Penetration test/red team. Personnel with penetration test/red team skills are experts in network attack security types. They can tell enterprises what is damaged and how to repair it. Doing this job well requires professional knowledge and rich experience, which is why it is difficult for enterprises to find these people. Good penetration testers believe they can crack anything. This requires a lot of confidence, but also a lot of skills acquired in the classroom, practical seminars and work. In addition, the demand of enterprises for blue team players or defenders is also increasing.
(5) Network security. Network security skills are the basic skills that everyone should have in the security field. Some excellent security personnel come from the background of network security. Many people believe that the best career path for security professionals is to start with computer support, then work as a network administrator, and gradually develop security skills on this basis. Vinchin offers solutions such as VMware backup for the world’s most popular virtual environments, XenServer backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, Oracle backup, etc.
(6) Identity and access management. The vast majority of vulnerabilities (more than 80%) are caused by data leakage, weak passwords and reused passwords. Communication skills are equally important. Enterprises need security professionals who can explain threats to people and teach them how to use Authy or other password free tools (fingerprints, facial IDs, retinal scans) to improve password practices in their daily work. Enterprises also need people who can manage identity and access management tools and know how to set network permissions and manage them correctly, so that enterprises can be alert to intruders. Experts in this field must be able to define the level of access to certain data sets and set permissions according to employee roles and responsibilities.
(7) Risk and compliance audits. The skills required in this field depend in part on the industry or part of the business people are engaged in. Enterprises focusing on e-commerce need people who know how to comply with PCIDSS regulations; On the other hand, all types of enterprises must deal with HIPAA compliance of sensitive medical data. Enterprises also need to be familiar with various data privacy regulations, whether based on the EU GDPR or California consumer privacy laws. Enterprises need people who can assess the risk of violations and understand what paperwork to submit and what security protocols to implement to comply with regulations.
(8) Mobile remote computing. Many people may think that this skill should rank higher in the list. Of course, during the COVID-19 epidemic in 2020, the security team of enterprises spent most of their time launching VPN or managing remote desktop protocol (RDP) servers, so that employees can access enterprise applications while working from home. Although more and more people are vaccinated and offices are gradually restored, most enterprises still support mixed work. Many enterprises find that the home remote working mode is very suitable for them, so the security team continues to need people who know how to manage VPN and RDP servers and segment the home network to improve security.