Whenever one looks at the cybersecurity job market, there’s never a lack of speculation as to the shortage of cybersecurity skills. And I don’t recall recently speaking with a chief information security officer who thought it was easy to find security talent.
Consider a recent report from the Center for Strategic and International Studies titled Hacking Skills Shortage. This study found that a majority of the 775 IT decision-makers surveyed believe that their organizations lack workers with the necessary cybersecurity skills. About a third of these respondents believe this cybersecurity-skill shortage is so severe that it makes them hacking targets.
Don’t expect this cybersecurity-skills-demand gap to close any time soon. According to the 2015 (ISC)2 Global Information Security Workforce Study conducted by Frost & Sullivan, there will be a staggering 1.5-million-person global cybersecurity worker shortfall in 2020.
This is good news if you are a job seeker, especially if you have the right set of security skills that employers need now. And with that in mind, I have been asking, quite informally, CISOs and CIOs over the past few weeks what cloud security skills they see as the most in demand in the near future. The skills I list below are the cloud security skills that came up repeatedly in these discussions.
Cloud Security Architects
Those who can manage cloud security assurance processes understand how to review cloud vendor proposals, and vet planned deployments will be in high demand. Individuals involved in this type of work, such as cloud security architects, need to have strong communication skills to communicate with technical teams and business units alike. They need a good understanding of IT regulatory controls, privacy controls, and data security processes and controls. They must also be adept in many different types of technologies that intersect with the cloud, including networking, firewalls, encryption, identity management, virtualization, DevOps practices, and many other technologies depending on the nature of the organization and its technology needs.
They must also be expert at migrating legacy on-premises systems to the cloud. Organizations need to know how to choose secure cloud apps and services and know how to securely move systems to public and hybrid clouds.
Cloud regulatory and policy compliance expertise
As more applications, storage, and networks move to the cloud, more regulated data is sure to follow. Enterprises are going to need to understand where their regulated data resides, how it is managed, how is the data secured, and how the security and regulatory compliance management of the data can be verified, as well as provided to regulators and auditors if need be.
Not only must the individuals in these security and compliance roles understand the technologies behind security and compliance controls – such as vulnerability and configuration management, encryption, change management and more –they must also understand SLAs and how to parse complex cloud services contracts, how to negotiate these contracts, or how to help those who will be negotiating in their organization to better negotiate with cloud service providers.
Security data analysis
Increasingly good security is about good insight about what is happening within and without cloud services and software-defined networks. This requires good data and the ability to analyze that data. Most of that security data today is gleaned from within application, server, and network logs, behavior management systems, and other systems.
Skills that will be in demand here will be understanding how to analyze structured and unstructured data, and platforms such as data processes frameworks like Hadoop, predictive model development, decision modeling, and working with advanced visualization.
Secure cloud application development
As enterprises continue their digital transformation efforts, they will be developing more applications for cloud than ever before. And to meet app demand, they’ll continue to implement and optimize their continuous development pipelines. This increases demand for application security experts and those who can also automate tests in continuous development and integration pipelines.
Organizations are going to need more help when it comes to training and coaching development teams to develop applications more securely.
Of course, these skills will also be in demand for years to come, and likely help build the foundation for any long-term career in cloud security.