Cybersecurity Skills Update for 2020
For those gaining skills to work in the industry for the first time, the challenge remains to hit the ground running with a position and, better, with a career path. Yet no career path in this industry will sidestep an ongoing foothold in the classroom — onsite or virtual.
January 30, 2020 at 07:00 AM
8 minute read
(Photo: Credit: Gorodenkoff/Shutterstock.com)
This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
As the New Year quickly tumbles into our laps, schools and other educational programs begin to offer new programs, classes, certifications, and degrees for January enrollments. Many seem to claim a guarantee that they can offer a new or enhanced career.
For those who seek to upgrade their skills or acquire new ones, it has become difficult to differentiate among programs with similar names offered at different institutions — in class settings and online — at not inconsequential prices. Will certification achieve your goals? Will it address the needs of your next employer? Decisions about career enhancement in Information Security is tough, not just for the student or professional, but for the employer and recruiter as well.
It is familiar to people working in the information security industry that the demand for capable skilled professionals and team players is increasing. For those gaining skills to work in the industry for the first time, the challenge remains to hit the ground running with a position and, better, with a career path. Yet no career path in this industry will sidestep an ongoing foothold in the classroom — onsite or virtual. And while employers and recruiters spin within the chaos of job titles and descriptions, they must assume a discrete understanding of the nuances of each role as performed or required to be performed in each independent workplace.
This year, Cisco reports that those in greatest demand must bridge the divide between networking and software development. Almost contradicting themselves, they suggest that security professionals will need broader skills but also more specialization. Recruiters also will need to become quick studies to evaluate the varied backgrounds and levels of experience of security personnel available, especially if they are going to manage a search for leadership in the industry. At one and the same time, CEOs recognize they don't have the skills within their companies to enable a defensive posture, and professionals say they lack the necessary skills for current — much less future — jobs. Trying to prepare for jobs we only anticipate can be disheartening to the point of disabling. Executives want employees trained and fully equipped, so training has become a regular and routine part of doing the job.
The role of Information Security Analyst appears to be very basic. But this is a good place to start unlocking the high level of skills necessary to work in this industry. At the same time, skills of the superior analyst must include training others. They must have a polished management style, the ability to read and understand the workforce and new demands in the space of many related professionals. Cisco aptly noted that the complexity of the IT enterprise is disrupting the workplace.
At Balance Careers, Alison Doyle writes that to be an Information Security Analyst, a bachelor's degree in computer science, programming, or engineering is a minimal requirement, while many companies require a master's degree and many years' network experience.
Information security analysts work with various members of an organization and must be able to communicate security measures and threats to people from a wide variety of technical and non-technical backgrounds. In addition to the technical networking and software development tools that must fire up on the job, the list of other skills includes desirable character traits and work habits that are developed over time.
Some skills understood as soft skills are those difficult to define or become defined differently depending on the workplace. Time management is an important skill, but time management is easily thwarted when a firm is subjected to a security infraction or responses to emergencies must be made in systems attacks. Evaluating claims that an individual has reached the proper level of achievement in a skill of this soft type is very difficult. Perhaps they have mastered time management software. That may or may not be enough. Customer service and leadership skills are very much the same. It might be a good idea to study job descriptions to see how many of them get to the true nature of the role and a tangible definition of the skills required. It is much easier to identify with a piece of equipment or software than to assess the corporate culture that gave rise to an individual's time management experience.
In Dark Reading, Curtis Franklin, Jr. writes about the top non-technical degrees for entry into cybersecurity. He adds that a computer science degree is not necessarily a requirement; that requirements may hang on the soft skills often described as the employment gap between available skilled personnel and existing demand for skilled workers, now cited as more than four million people. That's a huge demand for the training organizations as well as the placement industry.
The big question Curtis asks is, what degree programs are worthy of consideration? Having looked at many of these programs myself, I also wonder where the lines are drawn between serious programs and those that skirt the edges of the requirements. Many of us faced these questions in our own education. What criteria should we use? One agreement is that the industry needs individuals with diverse experience in observing risk and handling the threat environment. Curtis's list focuses on diversity of experience and problem-solving skills, which are probably essential, but it is hard to assess where one can readily acquire these deeper learning traits.
For the latest training information reflecting the IT job market and, in this case, news on the demand for talent in the information security industry, the latest certifications offered with CompTIA can be informative. Their training is pointed, no-nonsense, task-oriented and favorably priced for ordinary people who do not have a lot of time to sacrifice to any specific program when training is an essential part of their job description. The certificate also counts.
CompTIA is largely critical of the contemporary approach to education and teaching to the test. Too little attention is paid to critical thinking, problem-solving, and initiative. Even after an employee is hired, the fast pace of technological innovation makes it difficult for employees to keep up with the changes. Employers naturally struggle to provide the continuing education and professional development that their employees require. CompTIA has sought to fill this gap for both the employer and the employee or job seeker. Its Creating IT Futures program works to invent a better route to IT careers, then look for the best way to collaborate to identify the best outcomes on a national scale based upon their program content.
CompTIA explains the importance of including training in the soft skills. Holding an advanced degree before training for a technical specialty helps ensure successful application of new skills in the currently demanding environment. Before the introduction of IT-Ready, the workforce development program incorporated a mainly online education model. They say that while appropriate for some individuals who were able to springboard into their first paid IT role, that program failed to lead to IT work for most participants. The online program lacked coaching in job-seeking skills and was missing an employer component. Creating IT Futures was more successful when coaching in the soft skills was introduced.
While it may be easy to summarize that the future of the information security industry is growing and remains brighter than ever, the future of training in information security is scattered, chaotic, and likely to experience pressure as security professionals and those preparing for careers from other IT sectors try to sort out a direction for healthy career growth.
Many employers in the field, such as Cisco, and many other industry leaders have in-house programs in line with their own career paths. Other certifications come from corporate or government agencies or professional organizations providing certification. Still others provide training offered by outsourcing certification programs to a firm such as CompTIA. They can design a custom program or adapt a program to meet an employer's needs. And where training has become part of the job description, it is possible to imagine an employer who distributes training vouchers as a routine employee benefit. So much the better. In the meantime, we should look for more uniformity among programs and more cooperation among course providers to reduce chaos. But in this piece of the industry, we are always playing chess with grand schemers from the hacking universe. They thrive on chaos.
Nina Cunningham, Ph.D., is a member of the Board of Editors of Cybersecurity Law & Strategy, an affiliate of Altman Weil, Inc., and president and CEO of Quidlibet Research Inc., a global strategic planning and cost management firm founded in 1983.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 2Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 3NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 4A Meta DIG and Its Nvidia Implications
- 5Deception or Coercion? California Supreme Court Grants Review in Jailhouse Confession Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
