The COVID-19 pandemic has highlighted the need for solid cybersecurity practices at companies large and small. Phishing and malicious emails are on the rise, and attackers everywhere are testing networks for unforeseen vulnerabilities. Millions of employees working from home adds another layer of complications to protecting a company’s infrastructure.
As a result, there’s a strong need for cybersecurity specialists, which has led to a problematic cybersecurity skills gap. If you’re interested in cybersecurity as a career, now might prove a great time to jump in. But which cybersecurity skills and certifications are most in demand? What are employers actually looking for?
Top Cybersecurity Certifications
Burning Glass, which collects and analyzes millions of job postings from across the country, also analyzes how often employers request certain certifications. Here are the most-requested cybersecurity certifications over the past 12 months:
When it comes to appearances in job postings, it’s clear that CISSP stands head-and-shoulders above the rest. CISSP is a vendor-neutral and advanced-level credential offered by the ISC2 (International Information Systems Security Certification Consortium), and it’s pretty sweeping in scope, demanding knowledge of everything from security and risk management to software development security. Employers likely prefer this one because it shows that technologists can effectively oversee the development of cybersecurity standards and procedures.
Second on this list, CompTIA Security+, is approved by the United States Department of Defense and is compliant with the standard for ISO-17024. It’s a certification that’s often recommended for those just beginning their career, along with the Global Information Assurance Certification (GIAC) Information Security Fundamentals (GISF).
Those interested in following a cybersecurity career path all the way into management should also keep their eye on Certified Information Security Manager certification (CISM), administered by the Information Systems Audit and Control Association – ISACA; it shows the holder can manage security infrastructure across an organization. It’s a certification that cybersecurity professionals often recommend for those in mid-career.
Top Cybersecurity Skills
Of course, employers are interested in far more than just certifications—they want to know whether you actually have the relevant skills for a cybersecurity job. Those candidates for cybersecurity jobs who really want to stand out should know the intricacies of vulnerability analysis and threat modeling; being able to take a holistic view of a company’s potential weak spots is key.
Here’s how Burning Glass breaks down the top cybersecurity skills, as surfaced in job postings. As always, the organization breaks down its skills into three buckets:
Distinguishing skills (advanced skills called for occasionally) that truly differentiate cybersecurity candidates, and generally require a lot of training and experience.
Defining skills are the skills needed for day-to-day tasks in many cybersecurity roles.
Necessary skills are the lowest barrier to entry; these are the “table stakes” for a cybersecurity career.
As you evaluate these skills against the ones you currently possess, keep in mind that the threat landscape is constantly evolving. Attackers are a cunning bunch, and they’re often pioneering new ways to not only penetrate existing vulnerabilities in software, but also tricking unsuspecting employees into giving them access to systems. Because of this, you must pay close attention to what’s going on in the industry, and expend the effort to keep your skills up-to-date.
“Soft skills” such as communication and teamwork are vital, as well. At every stage of their career, cybersecurity experts end up working with a number of stakeholders, from other cybersecurity players to team leaders to management. In order to do your job effectively, you must communicate the nature of threats and solutions in concise, clear language to everyone in the organization. It’s also vital to listen, because employees will tell you their pain points and what they’re willing to do to help the organization stay secure.