7 Qualities Employers Are Seeking in a Cyber Security Professional
By Brianna Flavin on 02/10/2020
You know cyber security is important—the urgency of having a cyber security professional watching over an organization’s everything seems to rise by the day. You also know cyber security is a pretty technical profession. These defenders of digital space need more than just their good intentions when they get to work.
But it’s hard to imagine yourself in a career when the skills and qualifications you read about in job postings are often chock full of jargon and terminology you haven’t quite figured out yet. If you aren’t already working in or studying information security, you’re probably wondering what, outside of the technical know-how you’ll plan on learning, makes for a great cyber security professional
To help with that, we asked hiring managers and cyber security experts to share some of the soft skills and traits that matter most in a cyber security professional.
The traits you’ll need to be successful in cyber security
There are certain qualities that many successful cyber security professionals share. Keep reading to find out if you share any of those same traits.
1. An eye for attention
Cyber security involves lots of fine-tooth combing and a close attention to the specifics, tasks not everyone has the patience for. “It's impossible to survive in cyber security without an eye for attention,” says Abdul Rehman, senior technical editor at VPN Ranks.
“Cyber security is constantly growing and expanding. You read about new threats, hacks and updates every day.” Rehman says it’s critical to look closely at these threats and hunt down loopholes and vulnerabilities.
2. Listening ability
“Very few people learn how to truly listen,” says Dr. JT Kostman, CEO and founder of ProtectedBy.AI. Kostman explains that while certain professionals train in this art (e.g.: psychologists, intelligence agents, clergy) most people never practice listening, let alone putting work into the skill. “Paradoxically, as a cyber security professional, you'll find this to be among the most important tools in your arsenal.”
“From diagnosing problems to understanding what it is your executives really want... I can guarantee that you will find that listening, and listening well, will prove to be far more essential even than an ability to retain esoteric technical knowledge,” Kostman says. “Technology changes. Kali, Linux and Wireshark will eventually be replaced with new tools. Listening well will give you a permanent edge.”
3. A hunger to learn
Speaking of changing technology, many of our experts highlighted learning as the most important soft skill a cyber security professional can have. When the landscape alters constantly, mastery of a certain program, platform or system is arguably far less essential than the ability (and interest) to learn new things.
“It’s a bad sign when an applicant has a know-it-all attitude,” Rehman says. “In the cyber security field, you can never know it all. And if you have that attitude, you tend to overlook things that can cause damage and cost the company a lot.”
“I wish more cyber security applicants had the habit of reading,” says Roger Grimes, defense evangelist at KnowBe4. “It's good having great skills and hands on experience. But staying up to date in the community is really important.”
4. Writing and speaking
“The ability to craft a clear, cogent and compelling email, message or report will put you light years past your peers,” Kostman says, adding that effective public speaking skills are equally as valuable in the industry.
“Any English teacher can confirm that the writing skills of most students have deteriorated appreciably over the past few decades,” Kostman says. “But that can be to your considerable advantage. Writing and speaking are crafts that can be cultivated by anyone.” These skills take hard work but are worth the effort.
“If you distinguish yourself by being one of the few who make the investment to improve writing and speaking skills, and if you become good at either (or better still, both), I can assure you: you will not only become invaluable to your organization—you'll leave your competition in the dust.”
5. Courtesy and professionalism
This also falls under the communication umbrella, but an awareness of how to respond professionally to clients and customers is critical, according to Derek Iannelli-Smith, owner of Outsourced CIO. “It is amazing to me how many ‘professionals’ cannot respond in courtesy to an email, update a ticket for a customer or follow up with a phone call.”
Knowing your audience is part of this as well, Iannelli-Smith points out. This often means avoiding acronyms the average person wouldn’t know and not relying on electronic communication alone. Ultimately cyber security professionals are service-providers. If you prioritize the people you are helping by explaining your work in terms they can understand, they will appreciate you all the more.
6. Ethical standards
As gatekeepers to a lot of sensitive and valuable information, it’s crucial for cyber security professionals to have a strong moral compass.
“Many applicants seem to want to brag about what they think is ‘cool’ hacking experience—and often what they are mentioning is clearly unethical or illegal,” Grimes says. “But when an applicant appears to be unethical or hacking illegally, it’s game over for me.”
Grimes explains that hiring someone means vouching for them, and he isn’t going to risk employees who don’t have clear standards. “I need to know that you are going to be 100 percent ethical and law-abiding in all your current and future dealings. Convince me that I can trust you to only use your knowledge and powers for good.”
7. Passion for the field
While a Cyber Security program can teach you the core fundamentals and technical skills professionals need in the field today, no program can make you motivate yourself. When the industry shifts in five, ten or twenty years—will you keep up?
“The best applicants really all have a common thread, and that thread is passion,” Grimes says, adding that he would even hire an obviously passionate applicant who lacked the expected levels of experience.
“Show me that you personally care a lot about computer security to the point that you are reading and researching and thinking about it...and I’ll probably give you the job,” Grimes says. “Because if you have passion, you can learn. You will learn. And if you don’t have it…well, it’s the opposite.”
A cyber security professional like you
Soft skills, relational skills, personality—all of these things matter in cyber security, just as they would in other environments. What could you add to this list? What would your particular combination of skills and experience bring to this role underneath the technical knowledge?
If that thought seems encouraging, get some more information about paths into a cyber security career. Check out our article, “How to Become an Information Security Analyst & Fill the Gap in the Tech Field.”