“You have to think like the ‘bad guys’ — you have to know social engineering tricks so you can identify vectors like phishing attacks, spear-phishing and other malicious endeavors and how to mitigate them,” Antoniewicz says. “You have to know how your employees and your customers are likely to respond and what would get them to let their guard down and then figure out how to fortify against these threats.”
Security pros also need to work well under pressure and be able to triage quickly, prioritizing actions to lessen the damage should an attack occur, he says, or to know how to proceed when conducting a post-mortem after an attack.
“You are getting all of this information, all these alerts — you know something’s happening, and maybe it’s bad. Maybe there’s an attacker on the network, and you have to shut them down. Knowing how to quickly prioritize issues and respond quickly and accurately is crucial,” he says.
Admittedly, some of this comes down to tenure and institutional knowledge about an organization’s unique vulnerabilities, strengths and which solutions they have deployed, he says, and that can only be gained with time.
“That’s why it’s so critical that organizations not only hire great security talent, but that they retain them,” he says.
9. Post-mortem deep forensics
Security talent must also understand how to conduct a post mortem and/or forensic investigation after an incident, says Ryan Corey, co-founder of free online security MOOC provider Cybrary. A number of large organizations put their security teams through extensive deep forensics training to help them develop better incident response skills, Corey says.
“We’re seeing threat response, malware analysis and post-mortem/deep forensics enrollment increase as companies learn about these existing and emerging threats and improve their capabilities to deal with them,” Corey says.
Finally, good security talent has a passion for their work and a desire to share that knowledge, says Antoniewicz. That can manifest itself in various ways, from picking up a new programming language to taking courses to actively sharing knowledge across their organization or at community meetups, he says.
“A good security person will have a major passion for sharing, learning and growing their knowledge all the time,” he says. “I’d argue that this is the most important skill, because you can’t teach or train this like you can with technical acumen. Find someone who asks to go to conferences, who’s signing up for courses, who loves talking shop with others in the industry,” he says.
If you already professionals like this on board, do whatever you can to encourage and support them. “Develop teambuilding exercises, knowledge-sharing sessions, get-togethers, hack-a-thons, demos of new products or solutions, bug bounties — any way you can continue their engagement and add fuel to their fire,” he says.
Sign up for Computerworld eNewsletters.