This is a final post in a series of three supporting our new eBook which seeks to understand what makes the people of InfoSec tick. We asked everyone from CISOs and researchers to front-line teams and thought leaders their opinions on the skills and mental attributes required to do the job.
As well as the C-suite and those doing the job on the front lines, this industry is also driven by community, policy and collaboration. We sought to tap the opinions of the thought leaders who are helping to foster these attributes by asking their opinions on the behaviors, skills and personalities of people in the industry.
Jen Ellis, board member at organizations including the Center for Cybersecurity Policy and Law, the Global Cyber Alliance and The CyberPeace Institute, as well as VP of Community and Public Affairs at Rapid7, credited the work done by Chris Krebs on election security.
She said he is “an inspiration to many during a difficult time, who provides an important reminder that security is not niche”, summarizing that we “cannot afford to casually sacrifice security at the altar of other concerns”.
Ellis also cited those who gave their time to help in the response to COVID-19, such as members of the CTI League and Cyber Threat Coalition, and other incredibly worthy non-profit efforts, such as the Innocent Lives Foundation.
This side of the industry is also particularly adept at identifying the shortages when it comes to skills and where we are missing capabilities.
Dominic Vogel, chief security strategist at Cyber.SC, said empathy was an important skill for InfoSec people to develop, saying too many viewed cybersecurity as a ‘problem to solve’. “There is a real lack of empathetic leadership among cybersecurity people. The greatest leaders have tremendous emotional intelligence and empathy, but they aren’t necessarily the most ‘technical’ people”.
Asked which skills will be most in demand at the end of this year, and in the next three years, Lisa Ventura, CEO of the UK Cyber Security Association, said the demand for security analysts and security architects seems to be rising, and it is likely to be those skills which are most in demand by the end of 2021.
“I think for the end of 2024 any skills involving artificial intelligence will be in high demand,” she said. “People in InfoSec need a strong support network and access to the right skills and training to help them do their jobs better.”
Ellis summarized by saying that whilst the skills we need today – the ability to understand the business and translate technical complexity and need to others, as well as empathy, open-mindedness and collaboration – will never stop being critical, she believes that AI and machine learning is where things seem to be heading.
For more opinions from CISOs, analysts, researchers and more, download the eBook here.
Dan Raywood
Information security journalist, moderator, speaker
@DanRaywood