Technology and, by extension, the cybersecurity field, evolve rapidly. There is a lot of material published around the evolving threat landscape, everything from data breach reports to deep-dive analyses on the latest advanced persistent threat (APT) group. Technology continues to change, but so have the skill sets needed to thrive in this industry. Let’s explore three different skill sets that I believe teams need to invest in to succeed today and into the future.
1. Data Skills
Data is driving more and more across almost every industry, cybersecurity included. I believe the SIEM-based approach of the past, primarily geared toward serving the SOC, will continue to serve us in the future.
Investing in skills around extracting value from data will be key for this future state. This is inclusive of, but not limited to, data engineering, data science, and analytics/BI skills. All of these disciplines orient around collecting, preparing, organizing, and analyzing data to get the most value out of it.
I believe that data work will span into just about everything we do in our discipline in a nontrivial way; from the way we do compliance to threat hunting to supply chain risk management. Preparing your team to be familiar with forward-thinking data skills will help ensure you’re extracting the maximum value from the data you’re collecting or creating.
2. Engineering Skills
Building, deploying, and operating scalable and reliable systems that have programmatic interfaces is becoming important in more and more fields. I do not believe that security is any different. Engineering is relevant and helpful in two main areas for security teams:
- Building application services that serve the security team or stakeholders of the security team
- Engaging with engineering teams to help make their code and systems more secure (this is often referred to broadly as application security)
Doing anything with systems without the right skill set can result in a significant accumulation of technical debt. Technical debt is often a drag on productivity and effectiveness. It can also represent a significant risk in itself.
3. Red Team Thinking
When I refer to red teaming here, I’m not talking about security testing, phishing, or exploit development. Red teaming is highly conflated with penetration testing across our industry, understandably. Red team thinking, to me, is about true critical thinking; approaching a problem, a system, or a situation from a contrarian perspective.
Security leaders cannot just run a change playbook or take the latest marketing strategies and make things come together in their respective organizations. There are people dynamics, technology dynamics, policies and compliance needs, and, not to mention, adversaries who always get a vote.
I believe that it’s critical to always be challenging the assumptions of yesterday and today to prepare effectively for tomorrow. Assumptions are constantly being made about how to solve a particular problem. It’s dangerous when teams are not willing or capable of revisiting assumptions. It’s dangerous when teams are not willing or capable of rethinking solutions that were implemented in the past but seem to struggle today.
A good example of this, in my experience, has been data loss prevention programs — starting with good intentions, perhaps a well-crafted scope. DLP programs are notorious for not having a return on investment that make them worthwhile; they’re riddled with false positives, they’re expensive, they’re prone to break legitimate capabilities, and more. Revisiting assumptions can and should happen at tactical and strategic levels. It’s a muscle snag that should be flexed and built over time.
The cybersecurity field continues to evolve quickly. Teams and individuals need to invest in skills that will help them future-proof. Being able to make effective use of data, building applications to solve problems and building them well, and thinking outside the box are all foundational skill areas. As situations continue to change or new problems present themselves, I believe these skill domains will be key to success, especially when taken alongside a general security background and mindset.
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel: