Essential Cybersecurity Skills in 2021

Robert Beckley, Regional Director, Hays ANZ

Cybersecurity breaches continue to make global headlines. Malicious cyber activity has proliferated, and attacks have become ever-more sophisticated. As organisations have sought to increase their ability to protect, detect, and respond to cyberattacks, there has been a sustained need for cyber professionals, with demand often outstripping supply.

COVID-19 exacerbated these trends. Almost overnight organisations were forced to work remotely and entire business processes and models shifted online. As IT departments scrambled to enable working from home, cybercriminals sought to capitalise on the crisis. Valuable data was left exposed, with many remote networks via VPNs hastily set-up prior to enforced lockdowns.

And a remote workforce, using their own Wi-Fi and devices – and prone to lapses in adhering to security guidelines – presented an ideal target to criminals.

With cybersecurity being a priority for business leaders, there has never been a better time to be a cybersecurity professional. But how is the function evolving, what are the key skills employers look for and what roles are available today?

What key skills do employers look for in a cybersecurity professional?

Cybersecurity roles have traditionally fallen into one of two categories: specific technical roles focused on the prevention of, and reaction to, cyber-attacks (such as Security Engineers, SOC Analysts and Security Architects) and roles focussed on governance, risk and compliance.

However, the distinction between ‘tech’ and ‘business’ is now blurring. Today, more roles require someone who is not only responsible for the technical implementation, maintenance and development of security systems, as well as the reaction to any breaches that occur, but someone who can also analyse incidents, processes and procedures. These professionals need to act as a bridge between IT security and the business and look at the risks associated with different business projects and the effect they have on security infrastructure.

These roles, such as Security Analysts or Architects, span more than just the IT department. As a result, the following specific key skills and traits are required:

  • An understanding of current and emerging IT and security technologies, security standards, threats and trends;
  • Knowledge of security, risk management and assessment methodologies and standards (e.g. ISO 27000 series, NIST, OWASP, PCI DSS), and the application of them, often in large enterprise environments; and
  • Professional certificates in IT and Security, such as from CISA or CISM. 

In addition, employers also require candidates with the following soft skills: 

  • Communication skills, including the ability to work closely with those who are not from an IT background; 
  • Analytical capabilities; 
  • The ability to work in complex matrix organisations that may transcend borders; and 
  • An aptitude for learning, since industry experience isn’t always a prerequisite, but the ability to learn quickly is. 

What projects are there for talented cybersecurity professionals?

Here at Hays, we’ve been placing candidates in numerous functions related to cybersecurity, including Security Analysts and Architects, IT GRC Consultants and Specialists on both Red and Blue teams. We’ve also placed professionals into soft-skill focused roles, such as Security Awareness Consultants and leadership positions up to CISO level. Both contract and permanent roles have been available.

For all these roles, it has been the candidates who display a good mix of technical and soft skills who are in demand. As organisations look to uplift their security posture in a wide range of new areas, it is essential to get buy in from key stakeholders. Therefore, candidates who can communicate the importance of their work in a way that senior stakeholders understand are highly valued.

In addition, when Covid-19 struck, organisations looked to make a quick transition to remote working, which meant a rapid uplift in their technical capacity. One key part of this was the implementation of new Identity Management solutions. Throughout the pandemic, we’ve helped numerous employers quickly grow their Identity Management teams to cope with this demand. Of these, most have opted to implement CyberArk and SailPoint as their desired solutions – making candidates with experience working on these technologies in high demand at present.

So, whether you’re a cybersecurity professional interested in a new challenge or are looking for talented cybersecurity personnel to support your organisation, you can send us your CVregister your vacancy, or reach out to your local recruiter


About this author

Robert Beckley is a Regional Director based in Melbourne. Having worked in the Australian IT recruitment market since 2006, Robert leads the Hays Information Technology business in the ANZ region. Robert has a Master’s degree from the University of Birmingham, and two decades of industry experience.

Follow Rob on LinkedIn

00