Cybersecurity is one of the hottest topics in IT, and for good reason. As companies go through digital transformation, they are tying their future success to their technology and their data. It’s more important than ever to keep digital assets secure, not just to keep the company running, but also to maintain a good reputation. Facebook’s latest security breach affecting at least 50 million users was just the latest example of how a security incident can impact trust.
Just as security is becoming more critical, it is also becoming more complex. Attacks are coming from a wide variety of locations, and hackers aren’t just looking for important data they can sell. Many times, they can leverage data that seems unimportant to launch a phishing attack aimed at a bigger target. The end result is still a security breach that can disrupt operations or disappoint customers. As companies explore new types of technology such as the internet of things (IoT) or artificial intelligence (AI), they also expose themselves to new types of attacks.
One tactic that companies are exploring to address the growing importance and complexity of cybersecurity is the creation of focused security teams. CompTIA’s whitepaper on A Functional IT Framework described how security is becoming a standalone discipline for many organizations, and our 2018 Trends in Cybersecurity research report focuses on the details behind building these specialized teams.
The Right Set of Cybersecurity Skills: 3 Considerations
Obviously, one major ingredient of a security team is the level of expertise. The breadth of security attacks demands a similar breadth in security skills. For IT pros who are part of a security team or pursuing some specialization in security, there are three things to consider in building the right set of skills.
- Security skills start from a strong foundation. At companies where security is not treated as a standalone function, it is part of the IT infrastructure team. The employees responsible for servers, networks and devices also take responsibility for securing those components.
As security becomes a focus area, cybersecurity specialists usually emerge from an infrastructure background. Especially for the technical aspects of a security team, many companies cite prerequisite skills in areas such as server administration (71 percent), networking (69 percent) or endpoint devices (66 percent). This is why CompTIA A+ is the first step on the CompTIA Cybersecurity Career Pathway.
- Securing emerging technology requires emerging techniques. The same models that complicate the security landscape can also provide tools for security professionals. Many security teams are exploring the use of AI to automate monitoring, which allows a smaller team of experts to manage a massive scope of architecture. Of course, the AI has to be trained correctly, and any output has to be analyzed carefully.
These tasks often fall to a cybersecurity analyst, who uses advanced data techniques to ensure the health of IT systems. Only 59 percent of companies feel that their current resources are up to speed on security analytics. This gap can be closed with the CompTIA Cybersecurity Analyst (CySA+) certification.
- Being proactive is a key part of modern security. For a long time, security has primarily focused on building a strong defense. Firewalls have defined a secure perimeter, and antivirus has provided an extra layer of protection on endpoint devices. Unfortunately, cloud computing and mobile devices have shot holes in the secure perimeter, and the number of attacks happening nearly guarantees that a breach will eventually occur.
The best security, then, doesn’t simply hope that all attacks can be prevented. It also searches proactively for any vulnerabilities, taking the same techniques that hackers use and identifying weaknesses. This activity requires a different mindset in an organization, and it’s not surprising to see that just 46 percent of companies feel that penetration testing is a current skill. The new CompTIA PenTest+ certification was developed to address this growing need.
Security teams aren’t popping up all over the place yet, but they appear to be an emerging strategy for companies trying to get serious about improving their security posture. Whether someone is just starting on a cybersecurity career path or hoping to build some advanced skills, there is no shortage of options that could make an IT pro a valuable member of a security team.
Wondering what's on a CompTIA certification exam? Download the exam objectives to see if you have the skills needed by cybersecurity teams.
