10 Essential Skills for a Cybersecurity Professional in 2023

Introduction

Cybersecurity professionals are specializing every day, acquiring skills in different areas to improve their knowledge, especially with new technologies emerging that become more of a concern with both privacy and security. Therefore, I have separated some skills that are fundamental for a cybersecurity professional in 2023.

Essential Skills

1) Knowledge in AI and Machine Learning: Artificial intelligence will not replace us, however, knowing its operation and implementation is the objective of countless companies, integrating cybersecurity solutions with artificial intelligence, will become a huge differential, main in define security standards according to your environment.

2) Cloud Computing and Security: Cloud is something you can't escape nowadays, mainly because the new cybersecurity solutions are all migrating to a cloud, decreasing the on-premise presence and the companies that are migrating their applications to cloud to ensure greater scalability and faster recovery, so AWS, GCP and Azure are among the top clouds to keep an eye on.

3) Container Security: Who doesn't love a container? After all, the power to upload countless applications and services without the need to allocate a lot of hardware for this is something that everyone dreams of, however security needs to be thought about, after all an escaping from docker and other attacks aimed at containers, mainly malware, will increase every more in 2023.

4) DevSecOps: A trend that is increasing every day, however a DevSecOps professional is no longer a differential, but such a great need that companies are professionalizing their own employees to work in this area and cover a Gap that increases every day after all, vulnerable applications are one of the main vectors of compromise.

5) Project Management: Managing projects is not just the work of a PMO, but if the team is not organized to meet the proposed deadlines and control the execution of tasks, meet weekly with the team and set goals, consequently the results will not be good effective.

6) Documentation and report development: Professionals who know how to write a report and documentation should not be a differential, but becoming an essential skill for a cybersecurity professional. Having a comprehensive, detailed report with relevant information will definitely put you ahead as a differential.

7) Programming Language (Go, Python, Rust, .NET): Programming is one of the first things we are faced with in IT, however knowing how to program in a high-level, robust language with gigantic capabilities to interact with desktop applications, web and the operating system itself, will help both in exploiting vulnerabilities for those who are pentester, in automating tasks and even in creating scripts to assist in running a process.

8) Incident Response: Responding to an incident is important, professionals with these skills and who know how to build an incident response plan are increasingly coveted, especially with the increase in ransomware attacks and information exfiltration. In addition, someone who knows about market and open source solutions contributes a lot to the creation of security maturity.

9) Communication, Leadership and Resilience: Professionals with great soft skills are a differential in the market, especially when carrying out training, presenting a report or KPIs and talking to other areas, which ends up generating a very large engagement on cybersecurity for within your organization. And having resilience and ethics at work is something that cybersecurity professionals must have, after all, any type of information that needs to be protected passes through us.

10) New language: Learning a new language in some countries is a very big challenge, so it becomes a differential to have a sharp English or Spanish to further develop your technical capacity and generate opportunities abroad.

Essentials to Companies

Red Team Operations: Having a PenTester on the team or a Security Analyst with knowledge in Red Team is good, but an operation to search for threats and test based on your company's business model is a differential that large companies are looking for, primarily for pentesting, social engineering, adversary emulation, and physical pentesting activities.

Threat Intelligence: Threat intelligence involves collecting, analyzing, and disseminating information about current and emerging cyber threats in order to help organizations protect against these threats. This may involve gathering data from various sources such as OSINT, industry reporting, and first-hand information from cybersecurity professionals.

TOP 20 Certifications in 2023

1. CISSP (ISC2)
2. OSCP (Offensive Security)
3. Security+ (CompTIA)
4. PNPT (TCM Security)
5. Certified Cybersecurity (ISC2)
6. SC-200 and SC-900 (Microsoft)
7. CRTO (Zero Point Security)
8. eWPT and eWPTX (eLearnSecurity)
9. CySA+ (CompTIA)
10. CISM (ISACA)
11. CCSP (ISC2)
12. CRTP and CRTE (PenTest Academy
13. AWS Security (AWS)
14. CEH (EC-Council)
15. BTL1 and BTL2 (Blue Team Labs)
16. CPTS (Hack The Box)
17. CPSA (Crest)
18. OSWE and OSEP (Offensive Security)
19. GPEN and GCIH (SANS)
20. CHFI (EC-Council)