Automation canidentify and shut down threats and attacks before they overwhelm a company, after which IT personnel can step in and perform the more intricate, context-sensitive security tasks, says Brad Antoniewicz, adjunct professor and hacker-in-residence at NYU’s Tandon School of Engineering. “These security professionals need to problem solve and troubleshoot; take in a lot of information and make a determination about where the investigation needs to go based on what the tools tell them and their own insight. And, unfortunately, that isn’t a skill set you can easily pick up — it’s about having a lot of experience over time,” Antoniewicz says.
6. Data science and data analytics
The enormous amounts of data companies collect can be used to track threat vectors, identify potential attacks and monitor the effectiveness of countermeasures, Stephenson says. But doing so requires analytics skills and experience.
“The cybersecurity field needs people with the training, experience and knowledge to leverage these analysis tools — including machine learning, algorithms and even AI — to process all this data, crunch the numbers and analyze reports to get results,” he says.
“Our clients want data scientists in general, but more specifically in security, as well as areas like e-commerce and especially where those two areas intersect,” Zafarino adds.
Antoniewicz is part of a team comprised of ethical hackers and data scientists whose job it is to research new and emerging threats, identify them and figure out the best way to counteract them, he says.
“I can’t emphasize enough how important the data science and analysis part of our team is,” Antoniewicz says. “For large organizations, there can be thousands of data streams feeding millions of events into tools — like Splunk — as well as information about financial transactions, netflow logs, security alerts, DNS traffic — all of this dispersed data flowing into a single repository. And that’s a totally different animal than what most security professionals know. The data scientists help to pull the signals from the noise so we can all better respond to incidents,” he says.
With so many different moving parts, scripting skills are a requirement to get all these elements and tools to work well together, says Stephenson.
“My personal preference is Python for scripting, but others use Perl or even another scripting language. You need all these tools to interface well with messaging systems like Slack, dashboards and monitoring systems and incident management tools,” he says.
8. Soft(er) skills
In the security arena, soft skills take on a slightly different meaning, says Antoniewicz. While communication, collaboration and teamwork are important, there’s an element of critical thinking and even psychology involved, he says.
Sign up for Computerworld eNewsletters.