October is National Cyber Security Awareness Month. So now is a great time to assess the people responsible for protecting your organization's infrastructure and data. This is something you should be doing on a regular basis, but certainly this month is a better time than ever to ensure you're hiring information security professionals with cutting-edge skills as well as improving the talents of your current IT team.
Right now, a lot of organizations seem to be basing their security strategy around meeting compliance requirements. Information assurance and cybersecurity policies are certainly important, but they don't make for the innovative, proactive approach needed to guarantee protection in this increasingly threatening environment. Tools and policies are essential, but what really makes IT security effective is the team of professionals behind the processes and operations.
What InfoSec skills should you look for?
As Dark Reading recently pointed out, technical expertise is not the only factor to consider in an InfoSec professional. HR leaders should also vet candidates for competencies beyond that, such as strong communication, creativity, an eagerness to learn and other social and soft skills.
"For a strong information security team, you need a range of skills and competencies."
To have a truly powerful and dominant cybersecurity team, you need employees who possess a wide range of skills. This doesn't mean that every IT worker has to have both highly technical expertise and business savvy, just that, ideally, you will have a combination of individuals that, together, have the compilation of competencies needed to ensure a strong cyber defense.
The skills you look for in any given InfoSec professional should depend on the specific role they will be filling. Contrary to popular assumption, not all IT security roles are the same.
Core cyberdefense competency areas
If you want to build a highly skilled and competent InfoSec team that can defend your organization against sophisticated cyberthreats, you need to focus on hiring and/or training professionals in these four main areas:
- Protection: Professionals with proficiencies in protection help your business identify and create in-depth risk mitigation strategies for stronger networks.
- Development: Once you have someone who is great at combating risk, put InfoSec employees in development roles that facilitate the creation and implementation of security tools.
- Counter-infiltration: You shouldn't rely solely on monitoring and diagnostic tools to identify threats in your network. InfoSec professionals with counter-infiltration skills take a proactive, offensive approach to finding - and preventing - determined adversaries and sophisticated risks.
- Threat emulation: To ensure your security tools and processes are capable of defending against attackers, you need to put them to the test. These IT pros conduct penetration tests using the same cutting-edge techniques of hackers to discover security vulnerabilities. Then put your protection team and developers to work to fill those gaps.
In order to stay ahead of existing and emerging threats, you need to consistently assess and improve the skills of your cybersecurity workforce. It is important to have professionals who possess technical expertise and have a sound understanding of industry policies and processes. However, it is also critical to provide them with ongoing training that keeps them sharp, informed and updated on the latest and greatest InfoSec best practices.
To get a better understanding of how to best structure your InfoSec team to better suit the needs of today's evolving landscape, click here to download our whitepaper.