After 10 months of adjusting to the COVID-19 pandemic’s impact on businesses, as well as the shift for many employees to permanent or semi-permanent work-from-home, cybersecurity professionals are gearing up for even more challenges next year.
The cybersecurity challenges for 2021 are numerous: There are cybercriminals and nation-state hackers still taking advantage of the confusion and uncertainty over the pandemic, tailoring their attacks to play on those fears. There are also concerns over ransomware and extortion, attacks that weaponize cloud resources, and the ever-shrinking perimeter that makes networks even more vulnerable.
And the attacks themselves are becoming more intense and intrusive, as demonstrated by the recent breach of incident response firm FireEye, followed by the hacking of the U.S. Treasury and Commerce departmentsas well as other U.S. agencies.
“Cyber risk management has entered a new reality in 2020 with a surge in cybercrime and ransomware attacks that has led to significant business interruptions,” Isabelle Dumont, vice president of market engagement at Cowbell Cyber, an insurance firm that focuses on cyber coverage, told Dice. “In 2021, security professionals will need to collaborate more than ever with their business colleagues to quantify the value of security to the organization—or the cost exposure due to a lack of security.”
While day-to-day cybersecurity operations will continue to prove challenging in 2021, the opportunities for those who have the right skill sets remains open with possibilities.
A recent study by the International Information System Security Certification Consortium (also known as (ISC)²) that collected data from 3,790 security professionals throughout North America, Europe, Latin America and the Asia-Pacific region found that, despite COVID-19 and related economic pressures, organizations plan to increase cybersecurity staffing over the next 12 months.
And while there was actually a decrease in the so-called cybersecurity skills gap over the last several months, millions of potential positions remain open, with companies looking to hire those with the right skill sets both in the U.S. and around the world.
“Our 2020 survey revealed that the gap between desired positions and those employed in cybersecurity has declined somewhat compared to previous years,” the (ISC)² study noted. “Worldwide, the cybersecurity gap narrowed from 4 million worldwide in 2019 to 3.1 million. The gap in the U.S. shrank from 498,000 to 359,000, with a rest-of-world gap of 2.7 million.”
Now, heading into 2021, which are the cybersecurity skills that matter the most, and which ones can offer professionals an edge—whether it’s getting a job, applying for a promotion or looking to for a pay bump? Here’s a look at some of the most prominent:
Digitalization
For Dirk Schrader, global vice president at security firm New Net Technologies, one of the biggest skills to master in the coming year is digitalization. This means not only finding security professionals who can make sense of vast reams of data, but who can also explain the significance of this data to other parts of the business (including those executives who are ultimately responsible for assessing risk).
“Companies will seek two kinds of cybersecurity people, which will be asked for one specific soft skill. The first one will be those that can make sense out of vast sets of events, as the machine-to-machine communication embodied by digitalization generates massive amounts of them,” Schrader told Dice. “The second breed will need to have a profound understanding of cybersecurity architectures and security operations and a similarly profound understanding of a company’s sector and business model, the processes it’s using to generate the value out of that model. Both will have to have the same soft skill, the ability to share clear digestible information to outsiders using remote communication tools.”
VPNs
While VPN might be considered an older technology, large and small enterprises relied on these virtual networks in 2020. IT teams needed VPNs to ensure that newly remote workers could securely access the data and apps needed for their jobs.
Vulnerabilities in VPNs also meant that hackers had new ways to gain a foothold in corporate networks, which is why cybersecurity professionals who understand the technology will find themselves in demand again in 2021, said Timur Kovalev, CTO at security firm Untangle.
“Many companies had a VPN solution in place, but had not been used to having so many employees use it all at once,” Kovalev said. “As employees continue to work remotely in 2021, it will be important that VPN connections perform well and are reliable. Being aware of new VPN technologies that are available today will be important to ensure employee productivity. Using the right VPN technology will ensure that employees keep their VPN clients running without feeling the need to turn them off due to loss of performance.”
Cloud Skills
Whether a security professional at a larger enterprise, someone looking to break into the field, or a white hat hacker looking to make extra money by finding vulnerabilities in apps, having a good mix of cloud security skills is essential for 2021, said Jobert Abma, co-founder of bug bounty platform HackerOne.
“Many organizations have large ongoing cloud lift and shift projects where engineers and architects are required to quickly ramp up on new technologies and platforms, such as AWS, GCP, Azure, Terraform, authorization policies, data storage in the cloud, and applying separation between systems,” Abma told Dice.
Due to the complex nature of these systems, Abma added, “It’s often hard to oversee the consequences of seemingly minor changes. Security professionals and white-hat hackers will benefit from a deep understanding of running applications on cloud providers and the tools that come with it. Security professionals will use the knowledge to defend, while white-hat hackers will use the knowledge to test and attack. Cloud lift and shift projects open an organization to a different set of risks that they didn’t have to worry about as much when they were running on their own bare metal.”
Speaking of Hackers…
As bug bounty programs grow and security professionals can earn extra money on the side (or start a full-time career) as a white hat hacker, mastery of certain skills can help boost a lucrative side hustle (or launch a whole new career), according to Ben Sadeghipour, head of hacker education at HackerOne.
Sadeghipour notes that, for 2021, extensive knowledge of JavaScript can assist in understanding how applications and endpoints work, which can help find vulnerabilities. He also noted that more applications are using Node.js, so bug hunters should start understanding this runtime build.
Besides JavaScript and Node.js, Sadeghipour said, white hat hackers and security professionals should also have an understanding of scripting languages such as Python or Bash.
“Any scripting language, especially Python or Bash, can help them with automating their work when it comes down to writing efficient proof of concepts for the vulnerabilities they find, doing reconnaissance or information gathering on large companies, and automation in general,” Sadeghipour said.
Soft Skills
While knowing cloud and certain programming languages can help any cybersecurity professional, mastering some of the so-called soft skills can assist those looking to move into more management jobs or gain deeper insights into what are the ultimate goals of the organization.
Tom Pendergast, chief learning officer at and security training and consulting firm MediaPro, notes that empathy and flexibility are two soft skills that will be in demand for the coming year.
“Human error increases in the face of stress and vulnerability, so if you’re going to help employees improve their cybersecurity during this time, you’ll need to practice empathy and understanding,” Pendergast said. “Shifts in the security environment are going to continue in 2021, no matter what, so preparing yourself mentally to be flexible in how you achieve your goals is critical.”
Kovalev also notes that these types of soft skills, along with the ability to help train non-security employees about cybersecurity issues, are essential for 2021.
“Just as IT professionals and security pros adapted quickly to a remote workforce, malicious actors have also adapted quickly to take advantage of any weaknesses that came with the quick adoption,” Kovalev said. “Continual employee training so employees can recognize and avoid the latest types of attacks and data breach attempts through emails for example, will be important.”