Three employers discuss the most critical skills needed for infosec professionals as cybersecurity becomes more important than ever.
For well over a year, employers have had to adapt to a number of challenges arising from the Covid-19 pandemic, undertaking major digital transformation efforts and moving entire companies to remote working.
However, these shifts have also left organisations vulnerable to cyberattacks and, as such, a focus on strengthening security teams has become more important than ever.
But what are the most critical skills employers are looking for in their cybersecurity workers?
Diarmuid Curtin, cybersecurity director at KPMG, said the key skill for infosec workers this year will be the ability to adapt as digital transformation continues to accelerate.
“New threats will continue to emerge, and infosec workers need to adapt accordingly, while at the same time enhancing control maturity, meeting regulatory obligations and reducing the actual exposures against those new threats,” he said.
“Infosec workers, therefore, need to adapt and balance the prioritisation of controls, taking both a long-term strategic view, while simultaneously embedding the immediate tactical control uplift that may be required to prevent an immediate threat to the organisation.”
He also said these employees need to be able to adjust as the organisations they work for shift their operating models. “These immediate changes will result in infosec working closer with operational teams to enable the shift-left of security controls into both technology transformation and business-as-usual initiatives.”
Ability to prioritise
Pavel Minarik, CTO at Kemp Technologies, said being able to prioritise is a key skill for security professionals.
“The variety of different technologies they can deploy and security measures they can take is overwhelming. Proper prioritisation and plans to adopt security practices for their organisation is critical to success in all information security roles,” he said.
“First things first, it is pointless to adopt advanced security tools and practices when the company is not at a proper maturity level and principal weaknesses exist. Security professionals need to design the whole ecosystem to be secure by nature, expand from prevention to early detection, and minimise the impact of compromise that is inevitable.”
Minarik also said that there is a growing need for security professionals to be able to communicate and explain the importance of cybersecurity to other employees in the business.
“Securing your company’s digital infrastructure requires properly educated and trained users, which is usually a neglected aspect of cybersecurity.”
Orlagh Lynch, information security and compliance officer at Workhuman, said she specifically looks for great communication skills in infosec team members.
“The world has changed so much in the last 15 months but nowhere more so than in the world of information security. We have long anticipated the end of the security parameter, and the increase of ‘work from home’ has made it happen virtually overnight,” she said.
“It has been of great importance for me and my team to always be internal advocates for information security and educate our colleagues.”
Lynch said the growing concern about information security and awareness of high-profile incidents such as the HSE cyberattack has put cybersecurity at the top of executives’ minds.
“Across the whole organisation, this ‘spotlight’ opens up an opportunity for education and user awareness to provide them with a clear understanding and assure them that things are secure in our organisation,” she said.