5 Top Skills for an IT Security Specialist
The threat of cyber attacks and security breaches is increasing daily. According to IBM in their Global Analysis of the cost of data breaches, the cost of stolen records and datacan range from $154 to $350. And with only 38 percent of organizations claiming to be ready for a sophisticated cyber attack, based on information given by ISACA International, it's more important than ever to have a securityteam with the right skills to fend off these threats.
1. Threat and VulnerabilityAssessment
The ability to spot risks is one of the primary skills for an IT security specialist, and while there are a number of tools that can help with this, a specialist can do more with less if they implement and follow a basic security routing, or patching. Patch management of Windows and third-party software will do more to combat cyber attacks than any other single tool.
2. Ethical Hacking Skills
Ethical hacking trains security specialists to think like a hacker when it comes to their company network. Ethical hacking skills will allow a specialist to find the holes a hacker would use and then plug them. These skills will show where there are security flaws, not only with the technology but also with the users and how they access their files and resources.
3. Network Security
The infrastructure of a network is complex and requires a lot of focus and maintenance. Having an understanding of routing and switching as well as network security protocols is very helpful for IT security specialists, as it will let them see the footprint a hacker makes when accessing resources. A number of cyber attacks like Distributed Denial of Service Attacks and Man in the Middle attacks also target the network level, so a strong understanding of network security best practices will aid in preventing these kinds of issues.
4. Penetration Testing
This skill set is similar to Ethical Hacking, but the core focus is finding and exploiting weaknesses in applications. All applications, whether it's the operating system of a network switch or a productivity software like Microsoft Office, can be compromised. Penetration testing uses hacker-designed tools to run every known exploit against a piece of software, and when it finds a weakness the IT security specialist can address it. Penetration testing also allows IT personnel to experience the effects of a real cyber attack, and like a fire drill can give themthe real-life experience they need to deal with the stress from similar threats.
5. Intrusion Prevention and Detection
According to Microsoft Advanced Threat Analytics, the average time that a hacker stays in a system undetected is 200 days. That is a long time for an attacker to do a lot of damage. Having an Intrusion Prevention System, or IPS, in place is thus a key defense against cyber attacks. As with any tool, there are expensivesystems with early warning alerts and ones that do more with less, like the open source software Snort. The basics of IPSs are the same: to establish a security perimeter and keep a watch for attack signatures from threats. An IT security specialist should be familiar with both the commercially available software and the open-source versions, as both have their place in IT security.
While there are a number of other skills that can help in a career in cyber security, these skills are the key to protecting your network resources and security. With the number of security incidents increasing by more than 30 percent every year, and new ransomware hitting the industry every day, organizations need people that can keep honing their skills in these areas and developing new tools to help keep the company safe.
- "Cost of Data Breach Study: Global Analysis" | IBM/ Ponemon, http://www-03.ibm.com/security/data-breach/
- "2015 Global Cybersecurity Status Report" | ISACA International, http://www.isaca.org/cyber/Documents/2015-Global-Cybersecurity-Status-Report-Data-SheetmktEng_0115.pdf
- "The Global State of Information Security Survey 2016" | PWC, http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html