Employee awareness is the most important factor in reducing the likelihood of a data breach, according to the Ponemon Institute. And while malicious attacks account for almost 50 percentof data breaches, according to IBM, almost three-quarters of companies studied faced a breach due to human error during 2015.
It is critical then that organizations know what skills their IT teams should have, particularly when it comes to security. Individual skills, when combined with those of the rest of the IT team, should include awareness of the latest technologies, infrastructure, and data systems and environments. Here are the top 10 skills companies should ensure they have among their IT professionals.
1. Security Tools Expertise
IT tools are a boon when placed in the right hands. In the wrong hands, they can wreak havoc. Employees require knowledge and experience with IT solutions in order to apply them in the appropriate contexts. Often, companies rely on information and event management (SIEM) tools, set them to default, and consider the job done. The problem with this is that the valuable granular information they gather is lost. IT staff need the expertise to interpret the data these solutions generate.
For example, penetration testing is a way to find the weak spots in IT infrastructure and eliminate them before hackers encroach. The process should be carried out by skilled IT staff on an ongoing basis as technology is constantly changing. The testing involves manual or automated processes that assess servers, applications, networks, and user devices to create a compliance report. Identifying and fixing faults is a preventive measure that saves downtime and security breach costs.
But using the existing expertise of staff is not enough. Their know-how should be scaled along with technology by investing in ongoing, extensive training. This makes any investment in solutions worthwhile because staff can then use them to their best advantage rather than as a replacement for substandard or out-of-date skills.
2. Security Analysis
Just as cyber threats are increasing exponentially, the demand for security analysts to thwart them is rocketing. According to the Bureau of Labor Statistics, the change in employment for security analysts from 2016 to 2026 is expected to be 28 percent while the average change expected for all occupations is 7 percent.
Experienced analysts know what data to tap and what data to ignore to reduce complexities. They know how to interpret that data and identify the conditions where an attack could occur and minimize the detrimental effects.
3. Project Management
Security projects are diverse, and finding IT security managers with proven success under their belts will become more difficult in the future. The demand for information systems security managers is expected to grow by 20 percent over the coming decade, according to Monster. Mondo recruiting also predicts that security project managers with vertical experience in IT, finance, and healthcare will be in high demand soon.
IT project managers are earning their keep, however, because the role of a typical systems or network administrator has evolved into a much more complex one requiring long-term strategic security planning. Solutions must be integrated with existing infrastructure, and users must receive continuous training to keep up.
4. Incident Response
The quicker a threat is identified, the better. Incident response is a vital skills area. Because it is difficult to find resources to keep up with evolving threats, companies often contract with external security specialists who perform analyses. Most companies, though, would like to bring this in-house.
Employees that understand the SaaS model and the private, public, and hybrid cloud environment are crucial. They will be charged with determining which are the right services and integrating those with existing infrastructure. Only with a solid overall understanding of the IT security ecosystem can incident response mitigate the effects of any breach.
5. Automation
The best strategic decisions are made based on business intelligence and data analytics. According to the IT recruiting firm IT Robert Half Technology, 26 percent of IT recruiters were seeking these skills in 2017.
The rapid rate at which threats evolve make it increasingly difficult for traditional security teams to keep up. Automated solutions use machine learning and AI to identify and shut down attacks before overwhelming damage is done. Supporting follow-up work can then be performed by IT staff. The skills required by IT security professionals are the ability to parse the information gathered from business intelligence and make appropriate decisions with that knowledge.
6. Data Science and Analytics
Employees with analytics experience, particularly with algorithms, machine learning, and AI, are equipped to leverage the big data environment. These skills are particularly relevant for the e-commerce and payments sectors where customer behavior is monitored, and machine learning predicts the effects of any marketing or IT solutions. Extracting what’s pertinent from the noise requires honed data analytical skills.
Ensuring secure networks from the outset saves money in the long run. That means designing infrastructure that protects data, information, and users in the correct way. A security analyst must understand the new designs and have experience testing systems’ security. They should have a deep understanding of all the business systems in the company and know what data is critical to an organization and what data cannot be lost.
7. Scripting
With scripting, IT professionals integrate numerous elements and replicate repetitive tasks saving time and resources. Python and Perl are examples of scripting languages that interface with messaging platforms.
Scripting helps with the understanding of programming logic basics, which is important for security professionals who must manage networks and systems. Scripters and developers must solve complex problems, particularly for security purposes.
8. Soft Skills
Soft skills for IT security experts are not so much communication skills as psychology skills. IT security professionals who can think like cyber criminals and understand their motivations and methods are more likely to be successful in anticipating, identifying, and mitigating attacks such as sphear fishing.
Network intrusion detection system (NIDS) can flag suspicious behavior, but experience and knowledge are required to deal with it. Also, the ability to be calm under pressure and to know how to react with the right protocols can be crucial in stemming the flow of any compromised data and mitigating the cost of a security breach.
9. Post-mortem Deep Forensics
A security team needs to know how to create and update a safety framework when network components change or new threats emerge. The framework also lays out the process for managing the breach and the subsequent steps to take in the event of a breach.
When a security incident occurs, it is an opportunity to learn from experience. The ability to perform a forensics and malware analysis following an event can mean better management of an ongoing incident and the prevention of a future one.
10. Passion
Security solutions are effective only if those who are responsible have a passion for their work. An IT security professional needs the drive to constantly learn about security technology advances and the evolving threat environment. Recognizing the right path for an organization in terms of IT solutions requires knowledge of new programming languages, networking with other IT specialists, and leveraging AI, VR, and big data.
