NSACE | network security management staff how to keep pace with The Times in 2021?
At present, many large or super large enterprises have begun to gradually establish their own professional security teams to deal with the daily threats and emergencies of network security faced by enterprises.
The demand of enterprises mainly focuses on security management, security operation and maintenance, R&D and testing, penetration testing and vulnerability mining, emergency response, chief security officer and other positions. Among them, security management positions are the most in demand, accounting for 27.1%, followed by security operation and maintenance positions of 19.1%.
Not only is there a shortage of qualified people to work in the field, but finding the required skills among the existing pool of security professionals is challenging, some cybersecurity leaders say. This is not surprising given the skills required today.
In fact, security professionals need not only certification, but also knowledge and experience in using some key tools.
As security jobs evolve into hybrid roles that span different disciplines, they increasingly need the right mix of multiple security skills with technical, business and interpersonal skills.
01. Risk identification and management
The best way to mitigate a threat is to understand the risk, so organizations need people who are proficient in governance and strategy who can identify the best security solution, either by adopting the right technology or finding the right external provider, or by building the right solution internally.
02. Technical acuity
Most companies view technology acumen as critical to security professionals, listing knowledge of “digital building blocks” as one of the three key areas of expertise (digital skills, business acumen, and social skills) needed for an effective security plan.
03. Data management and analysis
Security is one of the biggest generators of data in the enterprise, and in many companies it is also becoming one of the biggest users of data as it tries to use information to drive more effective protection strategies.
04, development security
More and more enterprises are moving from DevOps to DevSecOps, looking to add security during application design and development to make their applications more secure. This requires security personnel with development and operational knowledge and experience.
Cloud computing
The widespread adoption of cloud computing, especially the growing adoption of multi-cloud strategies by enterprises, has increased the need for security workers with extensive experience in cloud deployment and integration with enterprise security strategies.
06. Automation
Enterprise security can use automation to address the cybersecurity skills shortage.
Experts agree that automating repetitive tasks improves efficiency while diverting employees’ energy and time to complex tasks.
However, automating security functions requires network security personnel with skills in implementing automation solutions.
07. Threat search
Threat search is a relatively new security strategy, which is getting a lot of attention.
Threat hunting should be a primary security program designed to provide early detection and reduce risk.
The growing focus on and implementation of threat hunting practices is driving demand for the skill sets needed to do this job.
Cybersecurity professionals have analytical skills, an understanding of the MITER ATT&CK framework or other such approaches, an understanding of the enterprise technology stack, and a strong curiosity to find answers to questions.
Cyber security personnel must think like cyber attackers; They have to think, ‘How will a cyber attacker get around our defenses? ‘
08. Interpersonal skills
With the rise of digital economy, the role of network security is becoming more and more important and prominent. This makes security professionals more visible to executives, board members and employees. Therefore, they must be able to collaborate, communicate and negotiate with these different stakeholders to make this
Some skills and other interpersonal skills are hot commodities.
09. Business savvy
Most companies want cybersecurity employees who are best able to understand the business, communicate in business terms, and see themselves as businesspeople and technical experts who can help manage risk.
Security professionals must help their organizations balance security with cost, market needs, and other business metrics.
10. Agility
The pandemic has brought new scams, cyber attacks and ways of working. The pandemic has shown that we need cyber security personnel with the ability to adapt quickly.