Being a cyber professional involves similar work, no matter the industry. There are many foundational practices and required skills that apply in every vertical. However, some cyber roles require specialized experience or attributes. In building your cyber workforce, this is something to consider. You don’t necessarily need to hire based on someone matching every line of your job description. Once they do come on board, development may need to happen, including technical and soft skills.
In this post, I’ll break down the unique skills cyber professionals need for specific industries and provide insight on how to support this development.
The Basic Skill Sets for Every Cyber Professional
Before we get into the details, let’s first look at the basic skill sets cybersecurity staff should have. Currently, there’s a significant shortage of cyber talent. In reviewing the 2023 cybersecurity workforce landscape, we know that over 3.4 million jobs remain unfilled. This gap is driving risk up and causing some organizations to hire in desperation. I’d encourage you not to do this because you’re likely to bring on more “paper tigers,” and those folks don’t have the skills you need. Rather, they only look good on paper, not in real life.
So, always go back to the basics of what a cyber professional should have to start. Here are the top skills for the buckets of technical and soft.
Networking and system administration — these are the building blocks of maintaining the network infrastructure. Being proficient at this is the foundation for cultivating more technical skills.
- Risk analysis. This is labeled as a technical skill because it’s about analyzing, preventing, and mitigating risk. It’s all about deciphering the impact of a breach. It’s like a hybrid of technical and people skills because people also need to have some soft attributes, including critical thinking, communication, awareness, and curiosity.
- Incident response management. This process involves identifying and investigating security incidents, administering response efforts, and restoring systems. This skill is hard to teach in the classroom. Training is how most people learn this, starting with going through simulations.
- Network security controls. Controls are a critical part of the security ecosystem. They include firewalls, antivirus and antimalware software, and intrusion detection systems. Cyber professionals should have a broad knowledge of these and how they provide protection.
- Coding. For entry-level cybersecurity jobs, coding isn’t a requirement. As someone continues within the career, having coding skills can be helpful.
- Cloud security. Most everything’s in the cloud these days, so understanding configuration and other components is critical to creating a robust security posture.
These are just a handful of the technical skills someone may bring to the table. People must have most of these to be able to do the job. Soft skills are equally essential to success.
- Communication. Nothing within your cyber team will drive up risk, like poor or nonexistent communication. Miscommunication is a leading cause of cyber failures, and you won’t build a world-class team without it. Keep in mind that communication involves speaking and listening.
- Adaptability. Cybersecurity is a dynamic industry, and your employees must be able to roll with this. It’s often hard for technical people to be flexible because they crave certainty. Evolving this fixed mindset to be one that’s open is crucial for anyone to have long-term success in cybersecurity.
- Curiosity. The more inquisitive someone is, the better they are at investigating and probing, which are necessary for the cyber field. These people love to learn and are eager to innovate.
- Critical thinking and problem-solving. Along with curiosity, cyber minds must be excellent at critical thinking and problem-solving. It’s the nature of the job, and if someone has this, technical skill development is much easier.
- Cognitive empathy. This type of empathy is the ability to understand someone else’s perspective and feelings. It’s also a choice to connect with someone and relies heavily on strong communication skills.
In looking at technical and people skills, these are all vital regardless of the industry. One thing to not get tripped up on in the skills discussion is someone’s hands-on experience. Yes, it would be ideal for new hires to have this, and it’s in demand from employers. However, those newly entering the field may not have this. If they are going to break into cybersecurity, they need to start somewhere. With the right coaching, training, and support, these people could become star employees.
Next, we’ll go through industries and what’s critical for cyber professionals to excel and thrive in these organizations.
Industry-Specific Cyber Skills
Let’s review the skills that are valuable by industry.
Health care is an industry that embraces technology in so many ways. From electronic health records to medical devices to monitoring systems, health care depends on technology. However, it’s a really complicated vertical. There are compliance factors for data usage, legacy systems, an often-understaffed team, and extensive networks that keep growing.
Health care also has a huge target on its back. In 2022, the industry experienced a 74% increase in attacks. Multiple hospitals were the victims of ransomware, with devastating consequences that impacted operations and patient care.
As a result, cyber professionals in health care should work to attain some specific skills, including:
- Becoming fluent in HIPAA compliance and guidelines
- Honing knowledge of medical device cybersecurity
- Understanding of IoT (Internet of Things) sensors, which often tie to medical devices
- Aptitude in ransomware, as they are a hacker favorite when targeting health care
Along with these technical attributes, some people skills are critical. First, awareness and perspective can be useful for health care cyber professionals. Understanding the hacker, on the other side, can drive the development of new defensive and proactive strategies. Another is the ability to collaborate with technical and nontechnical personnel. There are many stakeholders in the health care technology space, and working together is a must to reduce risk.
Manufacturing’s pursuit of digital transformation and Industry 4.0 infused technology throughout this mature industry. Leveraging technology like networked equipment and IoT creates efficiencies for the vertical, drives decision-making based on data, and modernizes workflows. All this connectivity also means cyberattacks are more prevalent.
One of the biggest risks for this industry is legacy systems. Those entering cyber careers in manufacturing should be proficient in understanding such a structure. Having experience in decommissioning these systems, migrating data, or integrating them with newer technology will be valuable.
For people skills, cyber professionals in manufacturing should be effective communicators who are great negotiators. That’s because many in the industry need education and awareness about risk in general. Technical folks need to be able to make a case for more cyber controls and security while battling the business side that wants everything to go faster.
Besides health care, finance is the most targeted vertical. In 2021, it led all others. It’s another very appealing industry for hackers. Larger banking systems dedicate entire teams to this. Smaller community banks and credit unions have fewer resources but must manage the same kind of risk. So, what skills do financial cybersecurity professionals need to possess?
Like in health care, finance has compliance regulations, so familiarity with these is a good starting point. Identity and access management (IAM) knowledge is imperative too. Ransomware is trending up in banking, so skills regarding this help. Experience with app security will be key, as most financial institutions have consumer-facing apps.
On the soft-skill side, you’ll want excellent communicators who can deliver concise, clear, and timely information to all parties. Working well in a changing environment is another must-have because of the target on the back of banks. Critical thinking and problem-solving and the ability to collaborate effectively will also be great assets for your team members to have.
This industry doesn’t usually command the cybersecurity attention of others, but it should. Water and power have been adopting more and more technology. As a result, it’s received more attention from hackers. Usually, their motivation is to disrupt operations and cause harm versus seeking data for monetary reasons.
Utilities are highly regulated industries, so awareness of this and the regulations is critical for cyber teams working in the field. There are also many vulnerabilities in these systems as they move to digitization. As a result, cyber professionals will need expertise in migrations and legacy reconciliation. A solid understanding of utility frameworks and infrastructure would also be valuable.
These give someone a good baseline. Adding in people skills improves their capabilities. First, they’ll need the ability to work backward from an incident to dig into root causes and determine remediation. Being organized and effectively managing projects are attributes that matter in utility cybersecurity.
Developing Your Cyber Professionals: Skills That Always Matter
Certain industries do have specific needs for cyber professionals. The soft skills addressed above are often the most critical. They are transferrable as well. Building and developing these in your team takes time, commitment, and a strategy. You can start with the Secure Methodology™, a seven-step guide to transforming technical folks into excellent communicators and collaborators.
You can learn all about it in my book, The Smartest Person in the Room. Check out the Secure Methodology course, available now.