Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 critical security skills every IT team needs

Sharon Florentine | Sept. 29, 2017
Focus on hiring talent with the following security skills and your team will be equipped to prevent, protect and mitigate the damage of cybersecurity attacks — and speed recovery efforts.

10 critical security skills every IT team needs
Credit: Thinkstock 

As hackers become more sophisticated, and attacks more frequent, it’s no longer a matter of if your organization becomes a target, but when. That reality has forced many organizations to reassess how they address security efforts, and how best to allocate scarce resources toward mitigating the damage as quickly as possible.

Here, having the right mix of security skills on board is key.

“For a lot of our clients, they’re starting to realize that while they certainly want to hope for the best, they absolutely have to prepare for the worst,” says Stephen Zafarino, senior director of recruiting for IT recruiting and staffing firm Mondo. “Earlier this year, with the Chase and Home Depot breach, with the ransomware attacks on Britain’s NHS top-of-mind, everyone’s trying to figure out how to fortify defenses,” Zafarino says.

Following are 10 security skills your organization should focus on when staffing up or upskilling your security teams.


1. Security tools expertise

It may go without saying, but sound security begins with knowing the tools. Unfortunately, many organizations take a set-it-and-forget-it approach, because they don’t have security tools know-how on board.

James Stanger, senior director of product development at CompTIA, points to security information and event management (SIEM) tools as an example. “These tools are great in that they give you a fifty-thousand-foot view of your network and infrastructure landscape, but also let you look very granularly at incidents so you can identify problem areas,” Stanger says. “Are most incidents the result of end-user error? Are there security flaws that could be exploited through your cloud implementations? Now you can see those vulnerabilities, and you can address those. How can we get our users to stop clicking on attachments? How can we make sure sensitive data isn’t in a vulnerable place?” he says.

Of course, these tools aren’t helpful if you’re not using them to their full potential, he says. “Most of these tools are, unfortunately, left at their defaults because they were installed just to comply with a requirement. For example, what we see a lot of is, ‘Do you have an incident manager installed? Okay, you do, now check that box … and ignore it.’ That’s incredibly dangerous,” he says.

That’s why it’s imperative to staff up with experts for the tools you have, says Ashley Stephenson, CEO of Corero Network Security. Product-specific knowledge is important to making sure you can leverage whichever tools you choose to their utmost, Stephenson says.

CIOs should invest in extensive training and even upskilling security staff to make sure they know the ins-and-outs of every security tool in their arsenal, or they’re little more than a placebo, Stephenson says.


1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.