Hays’ James Milligan spoke to four cybersecurity recruitment experts to find out what infosec professionals need to know to succeed.
What technical and soft skills do cybersecurity professionals need right now? How can you develop and learn the relevant skills to boost your employability? How can you future-proof your career?
I recently spoke to some of our cybersecurity recruitment experts from around the world to find out the answers to these questions, and many more.
What has driven the huge increase in demand for cybersecurity professionals?
James Walsh, cybersecurity business director of Hays UK and Ireland, said there are a multitude of factors as to why the demand has increased.
“For example, the rise in digitalisation among organisations and the ever-increasing security threat. This threat was already growing pre-pandemic but is now an even greater risk due to widespread remote working,” he said.
“I think the key driver of this increase in demand is the rise in cyber criminality. Other avenues of criminal activity have dropped, with Covid-19 restrictions forcing people to stay at home. And as a result, the adoption of cyber criminality and its usage has increased exponentially. Therefore, security professionals are hugely in demand right now.”
Robert Beckley, Hays Technology regional director for Australia and New Zealand, agreed, saying it has been the perfect storm.
“Cyberattacks are increasing in number and sophistication every year. The potential damage to businesses has grown, along with the size of fines for non-compliance in many sectors. And then you add the impact of Covid-19 to the mix! As businesses were forced to work remotely and shift business models online, cybercriminals sought to make the most of the crisis.”
Meanwhile in mainland China, regional director for Hays Shanghai and Suzhou, Edmond Pang, said the increase in demand has also been driven by the government stepping up on personal data protection over the last two years.
“Companies have been increasing their cybersecurity capabilities to meet these regulations – hence driving more demand for those professionals,” he said.
What are the most in-demand jobs and skills in cybersecurity right now?
In the UK and Ireland, Walsh said the demand is for operational security (SOC and SIEM) and cloud security professionals. “Also people with SecDevOps and penetration testing skills are in high demand, and there is increased recognition for the CompTIA Security+ certification.”
According to Pang, cybersecurity roles in the areas of governance, risk and compliance as well as security operations roles are in high demand in Asia.
“However, with the constant emerging technologies, there has been an increase in security engineers to cover cloud security, application security, security architecture and threat intelligence,” he said.
Beckley said robust identity policies and practices have been made a priority now that lockdowns are easing in Australia and New Zealand and hybrid working is becoming the new norm.
“We have seen a big increase in staff and customer identity specialist jobs to meet this demand. As organisations also look to diversify their cloud portfolios, we have seen an ongoing demand for cloud security engineers with Azure and Google Cloud Platform experience.”
In the US, cybersecurity lead for Hays North America, Miguel Duran, said he is seeing high demand for application security, cloud security, security operations centre professionals and digital forensics and incident response professionals.
What soft skills are needed to work in cybersecurity?
While specific skills vary from role to role, Beckley said the merging of business and tech roles means communication skills and the ability to influence are becoming increasingly important.
“Human error is a major contributing cause to breaches, therefore cybersecurity professionals will always need the ability to influence and engage with staff and non-security personnel.”
Duran also said collaborating regularly with non-tech stakeholders is becoming increasingly important. “It’s no longer a case of hands-on-keyboard; you need to be working with various business owners and groups,” he said.
“So, the importance of cross-functional team integration, and being able to influence and build relationships with those teams, is becoming more and more apparent.
Pang said enthusiasm and an ability to think outside the box is particularly important at junior levels. “You will need to be analytical and have the interest to explore any abnormal activities, as well as countering any threats,” he said.
Walsh agreed that the main thing an employer is looking for in a graduate is someone that is enthusiastic and willing to learn. “Then, as you move up the seniority ladder, the importance of your soft skills increases. At this stage, influencing skills are essential, rather than the ability to understand code,” he said.
You need to be able to articulate risk to a board of non-technology specialists; decrypting what is often complex technical processes into something simple to understand.”
On the other hand, what technical skills are needed to work in cybersecurity?
Duran said a foundational level of IT experience and knowledge is always going to be required in cybersecurity.
“If you’re working on the technical side (such as in engineering, security operations, identity and access management, or security architecture), you need to know about network and servers. With the digitalisation push, you need a good understanding of web and business applications too – as these are the types of things you’re protecting,” he said.
“If you work on the functional side of the business (such as compliance, risk and governance), you need a foundational knowledge of various levels of compliance, frameworks and controls.”
How can cybersecurity professionals future-proof their careers?
Pang said professionals should continue to learn about upcoming technologies, trends, products and tools. “You need to know what is available out there [that] you can utilise and implement to protect against threats, as well as what is available out there for hackers to attack, so you can do as much preparation to prevent attacks.”
Walsh agreed that continuous upskilling is essential. “Look out for which tool or technique is most popular right now – or being tweeted about the most,” he said. “Learn all about them and how to use them. There are all kinds of sources for finding this information, whether that’s Twitter, events and meet-ups, news from associations like OWASP and advisory boards.”
James Milligan is the global head of technology at Hays. A version of this article originally appeared on the Hays Technology blog.