Six Skills You Need to Succeed in Cybersecurity

Secret Service Agent

One reason companies can’t find the cybersecurity professionals they need is that there just aren’t many true experts. If you want to be one, here’s the kind of skills and personal traits you need.


33 Responses to “Six Skills You Need to Succeed in Cybersecurity”

  1. John Zavgren

    Excellent article. I agree with the author’s attitude about certification. I’ve taught courses (cryptography, Internet security, defensive coding practices, etc.) that have enabled my students to pass the CISSP examination. But, I’ve never seriously considered taking it, because it costs too much and the certification isn’t sufficient for professional competence.

    I’ve seen a lot of job postings over the years that emphasize certification. I’m not sure that the potential employers really understand anything about security. One telecommunications company, who’s recruiter (a friend of mine) contacted me, merely wanted to fill a position for the lowest possible salary. The recruiter leveled with me: the executives of the company merely wanted someone to point to when the issue of security came up. “Look guys, we’re doing the best job with the best people”. I see all too much of this.

  2. Latrese

    I would like to become marketable for employment in the wireless security sector. What type of education/certifications should I persue. I have Cisco CCNA and experience in LAN/WLAN Networking and Mobile Platforms

  3. John Doe The 1337

    I have just started my Cyber Security degree, and it’s no joke. It’s my first year, and I just don’t get coding, it’s frustrating me specifically coding in .bash (Perl, C, C++, Python). Is it something that I will eventually get through just making simple scripts or shall I rethink my degree choice? I understand networking and VPN’s, hardware and software (linux OS’s, MS, Apple).

    Thank you sir(s) and ma’am(s),

    • Andrew

      well John, you don’t sound like you enjoy your current field too much. you should look at another field, like something more along the lines of networking, or setting up and administering the network, instead of protecting it. if you do enjoy your field, by all means, continue. you should still do your best to become proficient in coding regardless what IT job you choose, because most will use some form of coding. making scripts will help you, especially when you add or build off them. if you have trouble, python is in my opinion the easiest, and it is taught first in schools because it has similarities to many other languages. if you still have trouble, there are many websites out there that may help you through, with learning courses to brush you up on your skills, or improve them. it may also help to keep a log or list to refer to for every code you use, so you can just look back on the list instead of struggling, or searching for the code online. coding is by no means simple whatever, and i struggle too. i am still a student, and currently taking my Microsoft Technology Associates Security fundamentals certification. i hope i was able to help a little. keep at it, you’ll do fine in any career you choose with practice.


  4. Many areas to cover… remember how to eat an elephant, one bite at a time!! I’m working on my Bachelor’s in Cybersecurity, and its a great challenge, my professor stresses generalism, knowledge of many things. But I wouldn’t trade it for anything, the greatest challenge in the world.

  5. John,

    I just recently completed my CyberSecurity degree
    and I experienced those same frustrations you are describing.

    In short, it is imperative that an InfoSec (information security/cyber security) professional have the ability to *detect* and mitigate threats, risks and vulneralbilities in informational resources.

    A popular technique of cyber criminals is hacking informational resources via loop holes/back doors in computer programs. Furthermore, an InfoSec professional can mitigate/respond to /eliminate *some* incidents/threats/risks via writing code.

    That being said, to be an effective cybersecurity professional, understanding computer programming and the associated risks and vulnerabilities is very important. Your professors should have explained this if he/she is “any good”

    Good Luck and hang in there!

  6. If anyone needs training, offers a bunch of training courses for free. They have CISSP, Cisco CCNA, PMP, Ethical Hacking, CompTIA Security+, and a bunch of other stuff that might help you with advancing your career in Cyber Security.

    There’s also Code academy for programming – Just depends on what you’re looking for.

  7. hi guys. i am a computer science engineer from Tunisia. i’m searching for a subject for my thesis in smart cyber-security so if can anyone have an idea or can help me. we don’t have many researches in this domain in my country. thnx

    • Andrew

      Chetan, i know this is most likely WAY later than you need this, but yes, you need to know at least a little code(but hopefully become proficient in said code). all fields use code of some sort. you should definitely see what code your chosen field uses (probably many) and try to learn them. it won’t be easy, but you can do it. i suggest starting with python, because many languages are similar to it.


  8. Hashtag Realtalk

    [John Doe The 1337 said: Greetings, I have just started my Cyber Security degree, and it’s no joke. It’s my first year, and I just don’t get coding, it’s frustrating me specifically coding in .bash (Perl, C, C++, Python). Is it something that I will eventually get through just making simple scripts or shall I rethink my degree choice? I understand networking and VPN’s, hardware and software (linux OS’s, MS, Apple).] Well, what happened? Did you rethink? I think you should have re-thought if coding “frustrates” you. Lots of cattle ranches need workers.

  9. Simon Dean

    Just to say a word to all frustrated InfoSec candidates: “Don’t proceed if you can’t enjoy it.”

    The security industry is embarassed enough from people who join the field with no special interest to the topic and this is hurting the industry as a whole.

    If you don’t like coding, pick a domain that doesn’t involve coding, for instance, network security. Coding is mainly for programmers who specialize later in the app security domain.

    Security is not a specialization as a whole and you can’t never master it. However, you can specialize in one or two of its domains.

  10. Erin West

    I finished my Master’s in Info Sec last Dec-Management track and although I had 6 general classes that covered the domains for the CISSP, I did get to pick a few classes that interested me like Risk Management, Forensics, etc. I have no interest in writing programs myself, but have interest and experience in 3 of the domains. Your degree may be broad, but you as long as you know the principles, you will be fine.

  11. Cliff Randolph

    This was a good article. It has a lot of good advice. However, as an IT Security Professional, how do you protect against the following:

    -100 % of PC component manufacturing happening in China? (I have been shopping around for PC components that are not made in China. They are simply not available. Go down to Fry’s Electronics, search online, check out Best Buy, check out CDW and others if you don’t believe me.) How do you know that that device doesn’t have malware in it? Oh, the Chinese Government would never put malware in their products… yah right…

    -How do companies protect themselves against offshore software development? Their vendors use them, they often use them, partners use them. It only takes one script to create a backdoor. And how many lines of code are in an organization or company?

    -How does a company protect itself against devices that you aren’t the administrator of? BYOD is major problem, IMO.

    -After reading the comments above, how does someone that wants to learn IT Security get the training he or she needs? Companies have outsourced a lot of their IT Development outside our borders so a lot of the expertise is elsewhere. And a lot of things change after 2-3 years… Organizations like EDD/Worknet aren’t providing this training. (I just checked into it and they provided a bunch of redtape and side talk. Fill out these forms, go online and fill out those forms, register with this site…. Guess what, I already did that and received zero responses….It’s frustrating, I know. And these agencies advertise training programs, but who’s getting the training? Is the money for these programs sitting in a pool somewhere?

    -And finally why isn’t there a “Driver’s License” for Developers. Every time code is created, modern technology should stamp the creator of the code’s ‘drivers license’ on the code itself. This way the people creating malware could be caught and held accountable. And if they refuse to get a driver’s license, then their code won’t work. Technology companies would have to enforce this within their technologies. Let me say that I’m not a fan of this kind of Big Brother envolvement but there is so much hacking happening today that something has to be done… And if you are a Security Professional that says you haven’t been hacked, I would say that you just haven’t learned enough to detect it.

    • Why isn’t there more stuff manufactured in the United States? There are lots of excuses. I find the lack of security in America terrifying. I don’t understand the reason that I need to put my money, time, and life at risk to use computers and the internet. There is too much importance placed on marketing and not enough on security.

    • Ghostie

      The reason you can have confidence that you aren’t going to have malware on your computer from China or something of that nature is that malware is basically software, so it’s going to reside where software is stored (the hard drive). Drives ship unformatted, meaning there’s no possible way for any information to be on the drive, and when the drive gets formatted, everything gets erased anyways.

    • When you say “drivers license” for a code, I’m assuming you are referring to code signed by a digital signature. I agree that digital signatures could be leveraged more and the general public could be educated adequately of their importance

  12. Here is my take. I started out with a bachelor’s in It. I started work for a fortune 500 in the e-discovery and forensics side of things… this lead to me learning a lot about the legal side of things and various other things revolving around litigation.

    A few months ago I was approaches by a director and offered a lateral move into FAIRY more specifically the Incident Response side. I thought forensics required a lot of attention to detail, but putting together detailed cases on the security side is much more involved, but with the right tools you can put together the whole story.

    That being said cyber security seems to be much harder to get into, but once you do… your value increases drastically and you get the benefit of being experienced and proven in a field with a 0% unemployment rate.

  13. This is not an answer but a question, I am currently studying in middle school and I choose my subjects 2 years ago and I choose ICT as a subject instead of computer science and now I can’t change it, so the question is that can I do cyber security with ICT?

  14. Dilmi DeSilva

    i have started my degree.And this is my second year i have to choose my specializing area. and i am really interested in cyber security. i am scared of doing coding. and im not much good in coding. and CS is hard i think. but i like to do CS.. still i dont have any knowledge about CS. can i do cyber security.? do we need perfect coding skills for CS..? help me please.