Faculty Forum: Top Three Skills a Cybersecurity Professional Should Have

The last few years have seen double-digit increases in malicious cyberattacks, including ransomware and phishing attacks, totaling between $9 trillion and $13 trillion annually in corporate losses and recovery costs globally. Considering this activity in light of the workforce gap between skilled cybersecurity professionals and available industry jobs (around three million worldwide), it is important to examine the top skills and requirements to enter the cybersecurity workforce in 2024.

October is Cybersecurity Awareness Month. Michael Nizich, Ph.D., director of the Entrepreneurship and Technology Innovation Center (ETIC), adjunct associate professor of computer science, and author of the new book The Cybersecurity Workforce of Tomorrow, shares insight on the most important knowledge, skills, and abilities that those looking to become cybersecurity professionals, or what he refers to as cyber heroes, should have in this environment.

Be a curious and critical thinker. (Be able to ask yourself what, how, and why something is happening?
Curiosity killed the cat, but in the case of the cybersecurity industry, it can lead to a promotion. Cybersecurity is a field based around sharp criminal minds thinking of new and nefarious ways of breaching perimeter security systems and tricking innocent users into granting access to their systems. This is no place for mundane thinkers. Technical skills are required, but if you do not know how and when to use them to identify an attack’s origins, then you will struggle.

Understand the difference between Information Technology (IT), cybersecurity, and cybercrime.
This is very important for new graduates, job transitioners, and even experienced technologists moving into the field. Having a solid grasp on the unique attributes of each concept and understanding where they lie in the bigger picture of secure systems and cybercrime is key to rapid advancement in the field.

• IT is what allows the existence of valuable digital data in the first place. It also enables the transfer of this data via telecommunications channels, which then places that data at risk of theft or damage by cybercriminals.
• Cybersecurity is an overarching concept of methods and frameworks to apply very specific information technologies that are focused on the protection and security of data.
• Cybercrime is the set of activities exhibited by criminals to illegally benefit from the theft or damage of digital data rightfully belonging to others.

Understanding the differences between these concepts and, more importantly, how they interact with each other, is often the first skill recognized by employers.

Enjoy making a difference in people’s lives and not just solving technical problems.
Put things into perspective. In cybersecurity, you are not fixing a slow computer for an employee as part of the IT staff. You are fixing a slow computer by identifying and mitigating malicious software on that computer that is attempting to lock your organization out of its own data and then forcing you to pay an exorbitant ransom to get access back to your own data. You need to find a bit of passion, and even wonder, in what you are doing every day. Cybersecurity is the magical place where you get to apply all of your hard-earned technology skills and your natural instincts to stop, and sometimes even catch, threat agents and attackers who are out to harm others.

There is a robust job market for skilled cybersecurity professionals, but those entering the workforce should be cognizant of these attributes of highly successful cyber heroes. They will remain the core values that will be recognized in the field for years to come and will guide you to do the right thing at the right time, leading to a very successful career in cybersecurity.

The Cybersecurity Workforce of Tomorrow is available through New York Tech’s library.