In this post, Gonzalo Cuatrecasas, the professor of Global MBA in Digital Transformation and an IT specialist for Risk Assurance analyzes with a magnifying glass the cybersecurity skills.
For a long time, even before the internet existed in everyone´s life, I was married to a clinical psychologist Ph.D. that did some evaluation tests for the new recruits of the NYPD. One day she had been evaluating exams all afternoon, and during dinnertime, I asked her, “What skills does the NYPD look for in a recruit?” She quickly answered: they look for criminal minds without a record. I still remember my surprise at her perfectly logical answer. The NYPD, understandably, wanted to have in their staff people that have the same mindset as the people that are after, but, with a superior sense of integrity and self-esteem.
Cybersecurity is the practice of risk management to protect systems, networks, and programs from potential digital attacks. With this objective, the individual that engages in cybersecurity normally will fit in one of two groups.
The first group, and very important one, includes the business leaders, the IT consultants, the department directors, the network, systems and application analysts, and the technical staff. These folk need to have a clear understanding of all the cyber threats present in their areas of responsibility.
Business leaders must dominate the cybersecurity language to complement their communication skills and perspectives. IT consultants must have a good analytical mindset to include cyber risk in their assessments. Department directors should have a good handle on security risk management and business continuity skills. Network, systems and application analysts require good problem solving and security knowledge across the platforms. And, a precondition for technics and IT staff, is the computer security knowledge and attention to detail in all they do.
The other group, the specialists, are at the core of the cybersecurity ecosystem. These include CIOs, CISOs and security experts. These people define the strategies for vulnerability assessments and develop information security policies and procedures for businesses. They also manage teams of computer analysts, information security specialists, and comparable professionals to identify, neutralize, and eliminate security threats.
Understanding the applicable data protection laws, and developing business response plans to cyber-attacks are also key requirements. To do all of this, they also have to stay abreast of changing technologies and ensure that proper resources are allocated to facilitate efficiency and efficacy in cybersecurity activities.
The main skill required to be in the inner cybersecurity circle is to be able to understand the mind of a cyber-criminal. That is, having an analytical mind that understands malware; some programming know-how to understand how malware moves through the systems; good risk analysis to recognize threats; but most of all; complex thinking and a sense for finding anomalies, such as a missing piece in a puzzle.
So, the aforementioned traits are of paramount importance for any person to be in the inner or outer cybersecurity ecosystem. In the view of dramatic and lightning-fast changes happening in the world of technology today, where do you stand?