Getting into Cyber Security... Part Two

Aaaaand we’re back with instalment number two of what I *think* will be a five-part blog series, but who knows where this will take us! If you missed the first one, which focused on WHY you want to get into cyber and WHAT area you might want to work in, then you can check it out HERE . But let’s dive in on today’s conversation about skills…

We talk a lot in the cyber security community about ‘skills’. I’m sure everyone reading this has heard of the ‘skills gap’. I’m going to be dead honest at this stage because, well, that's my style… there isn’t really a skills gap at the entry-level/junior end of the market.

The skills gap lies with emergent technologies, things like Blockchain, 5G, AI... and in the senior end of the market - we are always on the lookout for brilliant CISOs, Senior Security Testers, experienced AppSec Engineers, etc. And when we're talking about the skills gap in this context, the skills we're focusing on are technical. That's not what I want to focus on here.

Technical skills ARE essential. They are. We can’t get away from that fact. So honing your skills on platforms like Try Hack Me, Hack the Box, Blue Team Labs Online, etc., is super important if you want to get a technical role in the industry. BUT, the other skills which are just as important are professional skills.?

What do we mean by “Professional Skills”?

Well, you’ve probably heard them referred to as “soft skills”. But I hate that phrase. I hate it with a vengeance. Calling them soft skills makes them sound less important than the technical stuff you’ll need to know. And they’re not. They are just as important.?

Professional skills are abilities you will need in any role you take, not just in the cyber security industry but in any job you have at all. Some are more important than others depending on the type of job you end up in, but it’s a good idea to try and practice your professional skills and hone those at the same time as learning the more practical elements of cyber. They are things that employers will be looking for alongside your certifications and technical capabilities.?

Communication

Comms is one of the most important skills we have in cyber security. And it's the one I want to focus on with this blog. Being able to effectively communicate risk and remediation to an audience of varying levels of technical ability is key to improving an organisation’s security, whether internally at your own organisation or as an external consultant.?

Even those in technical roles, like security testing, need to relay information about vulnerabilities they have discovered, explain how they exploited the vulnerability and provide advice for remediating the issue. If you’re unable to articulate clearly how you’ve done something and help the client to limit the risk, they will not be able to remedy the problem, and their security posture won’t improve.?

Communication isn’t just the ability to speak to someone. It’s also the ability to write things down succinctly and with clarity. A good grasp of the English language is imperative. Leveraging tools like Grammarly can really help you to make sure your writing is clear, uses good grammar and isn’t too informal.?

Practicing Good Communication

There are so many great ways you can practice your communication skills. Writing a blog allows you to showcase your written abilities and your technical prowess. You can spin up a Medium account, use the LinkedIn article feature, or if you want to get fancy, you could even create your own WordPress website.

Some content ideas for blogging:

• A write-up of the latest box you've pwned on Try Hack Me / Hack the Box
• Find a cyber news article and write your own commentary on the issue
• Write a piece about what's inspired you to join the cyber security industry
• Review a piece of technology, a book you've read, or a podcast you've listened to

If it's spoken words you need to improve on, try creating a podcast or making a video for YouTube. It sounds complicated but podcasts are super easy to create and you can literally just have you and some friends talking about the latest cyber security news. The key is being able to articulate ideas and discuss them at more than a superficial level.

There are so many things you could come up with to talk about.... cyber has a huge list of polemic topics that you can discuss with people. Things like whether red team or blue team is better, whether information security and cyber security are one and the same, is hacker a bad word, etc. You can open up lots of points for discussion and it's a great way to highlight your enthusiasm and passion for the industry too!

If you're not ready for the limelight just yet, try practising your communication skills by explaining security concepts to your family and friends. If you can get your parents to understand how multi-factor authentication works, for example, then you'll be able to explain it to a non-technical stakeholder in a work environment.

The bonus of honing these skills is that you get to build up a portfolio to show to potential employers when you start applying for roles! So what are you waiting for?!