There are a lot of questions that come up when someone considers the skills they will need to enter the world of cybersecurity. Questions like: “How much will I have to talk with other people?”, “What technical skills will I need to know?”, and “Do I need to know how to code?” are all very common examples. In this post, I am going to outline the six skills that are expected of almost all cybersecurity positions, why they’re important, and what you can do to develop them.
So, what skills are needed to be successful in cybersecurity? The skills you need to be successful in cybersecurity are technical knowledge, logical thinking and troubleshooting, verbal and written communication, an ability to learn new technology, and an ability to work independently.
Let’s take a closer look at these skills, what they mean and how we can develop them.
Technical knowledge – Only part of your skill set
Skill #1: A strong technical knowledge base
Everyone immediately thinks of technical skills when they think of the skills needed to be successful in cybersecurity. Of course, like it or not, technical skills are only a piece of the puzzle, but they are the main piece and the basis for our ability to work and be successful in cybersecurity. Technical skills can be broken down into two subcategories.
First, we need practical, hands-on technical skills, where we are actually doing the job or completing the task. This is the “experience” part of the job listing that we always notice. This practical technical knowledge can include anything from the ability to configure a network to the ability to penetration test a system to the ability to install a firewall. The specific skills in this area vary greatly from job to job, and are growing in quantity as the number of security threats, software programs, and technology platforms included in cybersecurity continue to grow.
The best way to determine which practical technical skills are needed for you are to look at the actual job postings related to the area of cybersecurity that you are interested in and see the specific technologies they are listing. Again, keep in mind that the field of cybersecurity is very wide and that employers often list every skill they think they need, so the practical technical skills you as an individual may need just to get started may be fewer or less in depth than what you see on an intermediate or advanced job posting.
The second subcategory of technical knowledge is conceptual technical knowledge. This is the technical knowledge that supports your practical hands on experience and includes things like knowing the port numbers of various protocols, or the layers of the OSI model or the ability to subnet. This is the knowledge that helps you do your job but would bore just about anyone you tried to explain it to. It’s the dry, boring, but very important base of knowledge that we rely on when we are working in the field.
The best way to learn this conceptual, technical knowledge is to spend time every day reading or learning something related to your area of cybersecurity. These little pieces of conceptual knowledge almost always come from our educational efforts, whether that be self study and reading or information we pick up in a class.
Skill #2: Logical reasoning and troubleshooting
The ability to detect a problem and solve it through your troubleshooting ability is probably the technical skill employers covet the most and the one that is the hardest to find because it takes a lot of time and experience to develop. This is why, in addition to your technical knowledge from skill #1, your ability to think logically about a cybersecurity issue, troubleshoot a problem and apply a solution is the basis for your success in cybersecurity. To develop this logical reasoning and troubleshooting skill, you’ll need to get as much hands on practice as you can and work to apply solutions and steps logically when problems arise. And do all of this without causing further problems.
Skill #3: The ability to research and learn new information
A sense of resourcefulness and the ability to continually learn new information is critical to your success in cybersecurity. You must be in a state of the continual onboarding of knowledge. This of course is because cybersecurity evolves so quickly and technology falls out of favor so fast. Without a doubt, you’ll need to learn to keep up, and know where to turn to learn new information fast when you need it. One of my early mentors said it best when he said “I don’t know the answer, but I know where to find it.”
The best way to develop the skill of research and learning is to get in the habit of learning every day. Try to build the natural curiosity that when you see a problem or a new technology, you naturally go to find the answer. That curiosity and continual pursuit of knowledge will help you greatly along your cybersecurity career journey.
Soft Skills – The non-technical skills we also need
Skill #4: The ability to be a self starter and work independently
Most cybersecurity positions at the entry and intermediate levels don’t spend much time in meetings. And while you’ll be part of a team, most cybersecurity work is not group work. Your ability to work independently to solve problems and get the job done is what you’re really being paid for. And since this effort is often individual, being a self starter is key. The last thing a supervisor wants is an employee that needs a lot of hand-holding, so if you have the ability to work independently, be a self starter and be trusted while doing that, you’ll be in good shape.
Skill #5: Customer service skills and verbal communication
The work you do represents you and it represents your employer, and all employers have customers. And like it or not, at some point you’ll have to interact with someone. That may be a customer, a vendor, an executive, or a boss. Your ability to provide good customer service and communicate well, including the ability to communicate technical information to non-technical people, will play a big part in how far you can go in your career.
Many people I’ve talked to that want to get into cybersecurity hate the fact that they will have to talk to people as part of their work. Some of these people despise it, or are even fearful of it. If that sounds like you, there are a few things to keep in mind. First, don’t go into cybersecurity because you think you won’t have to talk to people. It’s just not true. Second, unless you’re the boss, you will rarely, if ever, be required to speak to a large group or audience. And third, when you have to communicate to others as part of your job, the topic of conversation is going to be cybersecurity. This means that in most cases, you’ll be talking to someone about a topic in which you know more than they do. This makes verbal communication much easier and a hurdle that nearly all of us can clear.
Skill #6: Written communication and documentation
In cybersecurity you’ll be required to write down and document what you’ve done. This is the primary way your co-workers will be able to know what you’ve done and you’ll be able to remember what you’ve done. It is also a way we can communicate with customers. Fortunately, you don’t need to be an English major to develop this skill. The best way to write is to write with clarity, directness and detail so that someone else can understand what you’ve done.
Skill #7: The ability to lead projects
At some point, your company will look to you to take the lead on some project, whether it be a system upgrade, serve as the lead for a specific customer, or later down the line, lead a penetration test or an incident response. Your ability to lead a project of some kind, and manage the resources that the project will require, will be an important skill for you to learn.
Is a clearance required to work in cybersecurity?
Many jobs will require that you are cleared or are clearable, however not all cybersecurity jobs require a clearance, and many in the private sector protecting private systems do not. You can read more about security clearances in our article here.
Do I have to get a college degree to get the skills I need?
No, but if you don’t attend college, you’ll need to find another way to acquire those skills and demonstrate them to an employer. And not having a degree may inhibit your cybersecurity career down the line. Here’s why you should consider earning a degree.