2. Security analysis
Tools are important, but it’s also critical to understand how they fit into your overall security strategy, says Stanger. “Before you can figure out which tools you need and how to use them, you need someone who understands the business of security,” Stanger says. “How does your business work? What are its unique features, markets, customers, infrastructure, industry — all of these aspects inform security policy and each business has different problems.”
Security analysis can identify the conditions that make attacks more likely and help minimize those attack surfaces, he says, adding that CompTIA data shows demand for security analysts growing 18 percent by the year 2020.
3. Project management
IT project management skills are always in demand, but project managers who specialize in managing security projects are becoming especially valuable, Stanger says. What used to be the domain of a general sysadmin or network admin has now evolved into a more specialized role, he says.
“It used to be that you could just install some antivirus, some spam filtering, maybe even some perimeter defense tools and away you go,” Stanger says. “But now, you have to think of these security solutions as a weeks- or months-long project, and figure out how to integrate it with the rest of your systems, add training, maintenance, upgrades — security-focused project management skills are extremely important,” he says.
4. Incident response
Incident response is another vital area when it comes to securing IT systems. Here, Splunk is among the best-known tools, mostly because of its prevalence in government IT systems. Incident response help you identify threats quickly, and the demand for professionals with Splunk skills has increased tremendously, says Zafarino.
“A lot of the time, companies can’t keep staffing levels where they need to be, and even if they could, it becomes a matter of affordability. So what we’re seeing is organizations bringing in contract security specialists to do analysis, and then upskilling the company’s existing personnel so they can keep up,” he says. That can involve training existing staff and beefing up automated detection and mitigation tools, too, he says.
Cybersecurity threats and tools are constantly evolving, making it difficult to keep up, says Zafarino. Traditionally, organizations would have security teams manually monitoring and mitigating vulnerabilities, but that’s not a workable solution nowadays, he says.
“Companies are leveraging devops and automation to be able to manage the threat landscape,” Zafarino says. “How can we understand anomalies and then quarantine those to be able to analyze them? What threats are we dealing with, where did it come from and how do we block that access? What are our weaknesses? How can we prevent those from happening again? These are all incredibly important questions, but so many organizations don’t have the staff to handle them all at once.”
Sign up for Computerworld eNewsletters.