7 Characteristics of Next Generation Cyber Professionals

As we wrap up National Cyber Security Awareness Month, it is important to consider how businesses and users can take what they have learned and apply it to their current and future needs. Cyber threats are evolving, and keeping up is becoming harder and harder. The threat landscape is changing, and with more and more devices being connected to the Internet every day – with over 40.9 billion connected devices expected to be in use within 5 years. That is nearly 5 times the 8.7 billion connected devices that were recorded in 2012.

Number-of-Connected-DevicesWhat we need is a refreshed approach. Cyber security is a discipline that has seen no shortage of militaristic and defense analogies as a way of describing the processes, but how is it measured? Tom Gillis wrote an article last week for Forbes Magazine titled “Cyber is by Definition Inherently Destabilizing” in which he examines this concept a little more. Essentially, Gillis pointed out that the world of cyber security is drastically different than other types of warfare in that our enemy’s capabilities are unknown to us. This concept is very different than during the Cold War when we saw images of the missiles the Soviets had as they paraded them around. Successfully conducting a cyber attack requires vulnerability in the system, which if revealed would be fixed.

The rapid evolution of technology over the past several decades has caused the threat landscape to increase exponentially. When the first viruses took over the news in the early 1990’s, the creators of the Melissa and ILOVEYOU viruses had no real objective or financial motivation. This of course evolved over the coming years, but it wasn’t until 2009 that cyber security became a national concern, with most individual users thinking of it as “something that would never affect them” or “just a nuisance.” Fast forward to the modern era, and the threat has become very real for the majority of Americans. The Target breach opened many eyes with the information of more than 40 million credit and debit cards stolen. And the harsh realization for many in the security space came from the knowledge that the vulnerability that allowed the hackers to gain access to Target’s customer data wasn’t a flaw in Target’s security, but rather a vulnerability in a third-party system that was exploited.

This kind of damage is something that we would typically consider to be the work of well funded and well organized groups. At least that is how it would work in traditional warfare. But, what is really crazy about this concept is that the cyber security landscape extends far beyond just national threats and organized groups. The digital age has brought an era where one of the poorest countries can successfully hack one of the biggest motion picture companies in the world, and a seven year old can hack a public Wi-Fi in under 11 minutes. These attackers, ranging from state-actors to bored kids, are also after more than just government information.

The Internet of Things also effects cyber security. Every device that connects to a network is pretty much vulnerable to attack. That’s right: EVERY device. From our mobile phones, to our FitBits, to the systems that support our critical infrastructure. Much of the technology that keeps our economies and societies moving, such as telecommunication systems, transportation infrastructure, water sources, and more are all commonly owned not by the government, but by private sector companies. In fact, as much as 85% of our critical infrastructure is owned by United_States_Critical_Infrastructurethe private sector. Imagine the chaos that would happen if all of the traffic lights in your area suddenly stop working. That scenario would get much worse if you also became the victim of car-hacking or your air-bag being disabled. These instances are not the result of an imaginative movie producer, though I certainly understand the Hollywood flair that could be interpreted. But these are all examples of vulnerabilities that have been proven to exist.

Cyber security is no longer about protecting our data, privacy, and information. It is about basic safety. In order for all of us to be safe, security has to be the result of intense collaboration between governments and businesses, not just one or the other.

So, how will the cyber security professionals of tomorrow need to be prepared differently than the cyber security professionals of today? I have outlined some critical characteristics that I think will be an absolute requirement in the future of cyber security professionals.

7 Characteristics of Next Generation Cyber Professionals

Creative and “Out-of-the-box” Thinking

Gone are the days of the stereotypical “right brain” vs “left brain” with IT security professionals. Cyber threats are evolving at such a rapid pace that training and guidelines that were put in place as little as months or a year or two ago could be inadequate to protect your firm today. Creative thinking skills are critical characteristics of the next generation of cyber professionals in that they provide them with the innovation to come up with new ways to address various threats.

Thrive in “Hands On” Work Styles

Cyber security education and training has to be about more than lectures and theories in order for policies to continue to evolve to keep up with threats. Without hands on experience, cyber professionals wont be very effective, even if they possess advanced degrees and multiple certifications. Cyber professionals who thrive in a “hands on” work environment will have a greater ability to make quick decisions. I strongly encourage cyber professionals to engage in Bug Bounty programs or other situations that allow them to gain an insight into looking at the code at a deeper level. 

Constantly Learn and Evolve

Cyber security professionals must constantly be thriving to learn. This is not a position for someone who thinks they can take what they learned a few years ago and be protected from threats going forward. Threats are evolving too fast. Sure, experience is invaluable. But just because something worked once, doesn’t necessarily mean that it will work the next time.

Next_Generation_of_Cyber_Security_ProfessionalsA Mile Deep in Technical Knowledge

Information security is not a place for the “those who can’t do, teach” crowd. The complexities involved in modern technical systems don’t allow for cyber security professionals to be a one trick pony. Cyber security professionals should have a working understanding of all systems that an organization needs to protect. They should be proficient in networking and all elements of tech support. This will allow them to find vulnerabilities buried within code and be able to efficiently conduct penetration tests. Other areas should also be explored, such as basic Unix/ Linux commands and distributions. Some programming experience, such as C, LISP, Perl or Java is encouraged so that threats or weaknesses embedded within program code can be recognized.

 Not a Traditional 9-to-5er

Attacks are going to happen around the clock. This is just a fact of life. Cyber security professionals are going to have to be prepared to respond in the middle of the night to an attack. 

Ability to Think Quickly About Solving New Challenges

Another trait of the next generation of cyber professionals will be an ability solve complex problems quickly. Security is no longer about preventing an attack, it’s about how to respond once the attack has occurred. This is strengthened by having a reasonably thorough understanding of overall business operations, so that consequences of various actions can be understood. Sometimes the best answer to an attack is to “pull the plug” on the system that is being attacked. Cyber professionals must understand the consequences of taking a system offline and be ready to make split-second decisions to thwart attacks in progress.

Can Speak Both Techie and non-Techie

As I mentioned in my intro, the threats that exist now are more than can be applied by just “the IT guys.” Cyber security professionals need to talk fluently to a layman who may have little technical knowledge, while still making them understand the importance of, and their responsibilities to uphold, information security policies. They also need to communicate with IT specialists that run the components of their business and security systems.

Conclusion: “Think Like a Cyber Criminal”

All in all, the future of cyber security relies on everyone’s ability to “think like a cyber criminal.” The next generation of cyber professionals will need to be much more agile and technically savvy than in the past.

Facebooktwitterlinkedin
By | 2017-03-24T13:47:43-04:00 October 27th, 2015|Security|

About the Author: