Making It in InfoSec: 7 Skills Security Pros Need To Sharpen


Information security professionals have a tough task ahead of them in 2021. Massive shifts in IT has necessitated the need to refresh the skill set to stay on top of evolving attack vectors. Research by CyberedgeOpens a new window reveals that cyberattacks are constantly growing, propelled by third-party risks and the rise of the remote workforce. This, in turn, has led to a 60% uptick in BYOD adoption, adding unmanaged devices that increase the enterprise’s attack vector. 

Amid the relentlessly accelerating pace of change, a key skill that all security professionals should build to rise up the ranks is a deep understanding of automation. An Exabeam surveyOpens a new window showed nearly half of respondents are currently using AI and machine learning to improve response times and cut through alerts. Security analysts are increasingly relying on security orchestration, automation and response (SOAR) to battle the alert fatigue in the security operations center (SOC), but understanding machine learning and behavioral analytics can help them ferret out elusive threats. 

Also, as organizations become more customer-first, infosec pros should build expertise on both the managerial and technical sides of cybersecurity to solve real-world, on-the-ground challenges. McKinseyOpens a new window believes urging security professionals to upskill themselves around the remote user’s needs, including both employees and your consumer base, should be a key priority in 2021. 

InfoSec professionals and IT generalists who moved up the career ladder through popular certifications like Certified Information Security Manager (CISM)Opens a new window by ISACA or Certified Information Systems Security Professional (CISSP)Opens a new window by (ISC)² should invest in self-driven upskilling to improve their preparedness to meet the business outcomes effectively. 

In 2021, the top skills in information security will revolve around two things — securing the WFH perimeter and managing consumer-facing network traffic in an increasingly digital world. It will be vital for security pros who are deep in the trenches to focus on the following areas in the next few quarters to meet the unique challenges of the post-pandemic world. 

Learn More: Gender Pay Gap in Cybersecurity: Women in Australia, U.S. Are Grossly Underpaid 

1. Third-party risks management (TPRM) 

Even if you secure your immediate perimeter, your partners and vendors could be introducing vulnerabilities that slip under the radar. The Cyberedge report confirmed that a 2x increase in the remote workforce and the consequent BYOD adoption had increased the volume and severity of cyberthreats for organizations themselves and their strategic partners. 

Globally, approximately three in four enterprises now have elevated third-party risks. 

A third-party risk management program tells you how to evaluate vendors in terms of the expanded attack surface from their remote workforce members, as well as their data encryption policies, processes, and procedures. You will also learn how to evaluate and establish SLAs to define third-party liability in case of a security event. Automation is another critical skill in this area, as automating reporting, risk prioritization, etc., through a TRPM platform can help you improve your security posture in 2021. 

2. Doubling down on preventive techniques like MFA & IPS 

Technologies like multi-factor authentication (MFA) and intrusion prevention systems can help stave off cyber threats even before they can reach your enterprise. These measures are all the more critical in a remote working landscape, where employees would have to access data assets outside of the corporate network. Some of the key skills to remember are MFA implementation, browser isolation, sandbox threats, device virtualization, and network firewalls. 

Apart from this, your SIEM systems should also be updated with new rules and freshly discovered hashes for novel malware. Ensure a robust layer of analytics to help you study access patterns, preempt gaps, and anticipate any fraud risks. 

3. Nurturing a compliance mindset 

In the face of a challenging InfoSec environment, it can be tempting to find workarounds and stopgaps that help you reach quick wins. But a mindset change is required here, as shortsighted measures could leave gaps in your security infrastructure and cause vulnerabilities. The need for certain security and IT tools may seem urgent to close security gaps arising from WFH arrangements. InfoSec professionals must lead by example, follow standard due-diligence processes regarding vendor selection and product deployment instead of resorting to shadow IT.

Learn More: 7 Cybersecurity Certifications for IT Pros to Uplevel Career in Security 

4. Familiarity with technologies to solve new security challenges 

This is among the top priorities for 2021, as threats such as Zoombombing and social engineering attacks that take advantage of vaccine or lockdown-related uncertainty continue to dominate. Some of the technologies you should be familiar with are: 

    • Cloud-based IT security solutions such as secure web gateway, next-generation firewalls, and secure email gateways on the cloud. 
    • Cloud access security brokers or CASBs to mitigate risks in data exchange to and from the cloud. 
    •  SOAR to address labor shortage in InfoSec. 
    • Secure access service edge or SASE to develop cloud-native security frameworks for a remote working world. 
    • Browser isolation that sandboxes all network traffic, malicious or otherwise.
    • Mobile device management or MDM and mobile application management or MAM to extend corporate security policies like identity and access management, password policies, and patch schedules to BYOD. 

Some of these skills can be learned by referring to your existing security provider, given that most enterprise-grade cybersecurity vendors come with ready competencies in cloud security, remote workforce security, and secure mobile access. 

5.  Balance business continuity with security 

Security measures should not get in the way of employee convenience by making workflows too complicated or adding disproportionately to user efforts. InfoSec professionals have an important role to play in maintaining ease of use in their security systems, which will ultimately drive up adoption rates among non-technical users. 

To achieve this, you need end-to-end visibility across the network and endpoint landscape, understanding where the business-critical workflows reside and which are the points of vulnerability. In instances where absolute sandboxing or keeping employees restricted to corporate networks isn’t possible, you should be able to reframe corporate policies for BYOD use. 

This also means that your cybersecurity plans must be linked to the company’s business continuity and disaster recovery (BC/DR) roadmap. If a security breach is estimated to disrupt business-critical workflows, your response mechanisms should trigger the BC/DR plan to recover critical assets. In other words, InfoSec professionals must be conversant in technology usability, process mapping, and BC/DR. 

6. Effective communication and persuasion Skills 

It isn’t just hard skills that are necessary to keep up with 2021’s InfoSec challenges. It will be your responsibility (often in conjunction with HR) to ensure that employees who work from home do their part to keep the enterprise safe. There could be some resistance in this regard. It isn’t always easy to get non-technical users to care about cybersecurity, especially if it causes them a degree of inconvenience. 

Therefore, communication, persuasion, and even a degree of marketing skills will be important in 2021, helping you run awareness campaigns around surging COVID-19-themed (and vaccine-related) phishing attacks. 

7. Sharpening project management skills 

Finally, InfoSec professionals will be expected to launch new security initiatives in 2021 and not just stick to the status quo. Robust project management skills can help you chalk out resource-efficient and goal-oriented pathways, whether it is for a system upgrade, a pentest campaign, or an incident response system overhaul. 

These eight skills will be central to InfoSec success in 2021.

Last but not least, do remember to pay attention to your work-life balance when upskilling and on-the-job, as 36%Opens a new window of cybersecurity professionals reported unhealthy levels of stress in 2020. Time management and the ability to disconnect may just be the most critical skills for you to master in 2021 as part of a steady, forward-looking career curve. 

Do you agree that security professionals should invest in upskilling in 2021? Comment below or lest us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We are eager to hear from you!