If you're an IT professional and you haven't sharpened your cybersecurity skills lately, get cracking.
Security is the top-rated skill IT pros need to have in 2018, according to a survey released by Spiceworks, the online community for IT professionals. In Spiceworks' "2018 IT Career Outlook," 81 percent of respondents targeted security/cybersecurity as a critical skill.
Security barely edged out networking (80 percent) as the most critical skill needed. Infrastructure hardware (79 percent), end-user devices (76 percent), and storage and backup (75 percent) were close behind.
"Although the majority of IT professionals are satisfied with their jobs, many also believe they should be making more money, and will take the initiative to find an employer who is willing to pay them what they're worth in 2018," Peter Tsai, senior technology analyst at Spiceworks, says in a statement. "Many IT professionals are also motivated to change jobs to advance their skills, particularly in cybersecurity. As data breaches and ransomware outbreaks continue to haunt businesses, IT professionals recognize there is high demand for skilled security professionals now, and in the years to come."
The survey was conducted in November and included 2,163 respondents from North America and Europe, according to the Spiceworks statement. Respondents are among the millions of IT professionals in Spiceworks and represent a variety of company sizes, including small and medium-sized businesses and enterprises. Respondents come from a variety of industries, including manufacturing, healthcare, nonprofits, education, government and finance.
Why Security Tops Must-Have IT Skills in 2018
It's not a surprise that security is the most highly-prized IT skill to have right now, Tsai says in an interview with BizTech, as there is a "general awareness around the need to secure corporate networks." Over the past year there have been a number of high-profile cyberattacks and security vulnerabilities exposed, including the WannaCry ransomware attack, the Petya/Nyeta malware attack and the Meltdown and Spectre chipset exploits.
"Security is a job that's never really done," Tsai notes, since defenders must cover all their vulnerabilities but attackers need to only successfully exploit one to cause damage.
The scope of systems that IT security pros need to defend is "enormous" and they also need to master multiple security disciplines, Tsai says. They must know how to handle security for operating systems, networks and devices, as well as train end users. Even physical security comes into play.
Perhaps the difficulty of the job explains why, according to the Spiceworks survey, only 19 percent of IT pros reported having advanced security/cybersecurity knowledge.
"Millennial IT pros are the most green when it comes to security: 15 percent reported having advanced cybersecurity skills compared to 22 percent of Gen Xers and 26 percent of baby boomers," the report found.
Organizations can increase their IT staff's cybersecurity skills by offering them training courses or enabling them to receive cybersecurity certifications, Tsai notes. Among the most popular certifications cited by Computer Science Zone include Certified Ethical Hacker, Certified Information Systems Security Professional, Certified Information Systems Auditor, Certified Information Security Manager and Certified in Risk and Information Systems Control.
Organizations can attract talent or encourage staffers to get these certifications by offering continuing education opportunities or at least funding a part of the training, Tsai says. "I think that would be an attractive incentive for a lot of folks," he adds. IT pros are aware that they need to enhance their cybersecurity skills and knowledge, but a lack of time or money to complete training may be holding them back, he says.
More organizations are realizing that they do not have the skill sets, time or knowledge to perform a security audit that "covers all their bases," Tsai says. "So, many people in the community have been inquiring about which providers can perform good penetration tests" and security assessments to find cybersecurity material weaknesses that need to be addressed.
"I think it is a popular option and more organizations are turning to third parties to gain security expertise or just another set of eyes to look at the network for a different point of view," Tsai says.