Cybersecurity consultants have never been more in demand. Information security analyst roles are expected to grow by nearly 30 percent between now and 2034, according to the US Bureau of Labor Statistics. More than 15 million incidents of cybercrime will occur worldwide by 2024, Statista reports.
Data breaches are costly and pose a direct security risk. Statista reported that more than US $10 trillion is spent annually to repair the damage caused by cybercrime, typically phishing, fraud, fraud, and data breaches. In another example in the United States, breathalyzers installed in cars were disabled, leaving hundreds of drivers stranded, as described in IEEE Spectrum the subject.
To help you gain the skills you need to set yourself apart from other cybersecurity job seekers, the IEEE Computer Society offers a guide called “What Makes a Good Cybersecurity Consultant”. The 23-page PDF includes the hard and soft skills you need, a list of certifications to pursue, and key IEEE cybersecurity conferences to keep you updated on developments in the field.
The guide includes advice from two cybersecurity experts. John D. Johnson, an IEEE senior member, is the founder and CEO of Aligned Security in Bettendorf, Iowa. Ricardo J. Rodriguez is an associate professor of computer science and systems engineering at the Universidad de Zaragoza, Spain, who researches digital forensics and other cybersecurity topics.
“Technology, remote work, and a shortage of skilled workers make this an opportune time to consider becoming a cybersecurity consultant,” Johnson said in the guide. “Consulting can give you flexibility, variety, and control over where you want to take your career.”
Hard and soft skills
At a minimum, cybersecurity professionals should have a general understanding of IT including operating systems, communication protocols, network architecture, and programming languages such as C++, Java, and Python. They should also have extensive experience in security research, firewall management, penetration testing, and encryption technologies.
Principles of ethical hacking and coding can also be useful.
“To be able to defend the system properly, you must first know how to attack it,” said Rodriguez.
The guide explains that there are now many technologies available to help cyber security consultants monitor threats and protect systems. It includes security orchestration, automation, and response (SOAR) platforms, which automate workflows to collect security data, direct incident response, and perform repetitive tasks.
Rodriguez points to the development of domain name system security extensions (DNSSEC), which use digital signatures based on public key cryptography to strengthen domain name system authentication. By verifying data authenticity, DNSSEC protects against attacks such as DNS spoofing and ensures that users are connecting to the correct IP address.
Technologies such as artificial intelligence, blockchain, and quantum computing will be increasingly used to help prevent cyber attacks, the guide suggests. AI is expected to improve the quality of data analysis, Rodriguez said.
While hard skills are important, soft skills are also important, according to the guide. Critical thinking, project management, flexibility, collaboration, and organizational and presentation skills are essential.
It is not enough to be good at security risk analysis; you also need to clearly describe the situation and describe possible solutions.
“Soft skills are important to achieve good team cohesion,” said Rodriguez, “because consultants often lead diverse teams from their clients’ organizations.”
“It’s important,” adds Johnson, “that you demonstrate to clients that you are a team player and that you have the ability to communicate, and that you meet your responsibilities.”
Safety certificates
Having specific security credentials is an important way to demonstrate your expertise to potential clients, according to the guide. Because hundreds of certifications are available, Johnson says, identifying the most appropriate ones can be challenging. Some people focus on theoretical knowledge, while others want to incorporate the practical application of technology.
“Explore the industry and compare it to your skills,” advises Johnson. “Decide what you want to do, and identify where you have gaps in your skills and knowledge.”
Here are four of the nine certifications listed in the guide that are often cited as important. All providers are cybersecurity organizations.
Additional industry-specific certifications may be required in financial, government, health care, or manufacturing organizations.
Sound general knowledge—backed up by experience, training, and certification—is an important foundation for becoming a professional, Johnson says.
Conferences and networking opportunities
Events sponsored by the IEEE Computer Society can help you learn about the latest research and developments in cybersecurity:
Conferences can give you insight into the industry and allow you to do some networking, but it’s important to network elsewhere, experts say. Consider joining the IEEE Technical Community on Security and Privacy, which connects experts and professionals who advance research in areas such as encryption, operating system security, and data privacy.
Learning and meeting people keeps your knowledge sharp and can lead to training opportunities with established cybersecurity consultants, Johnson said.
Other IEEE resources
The IEEE Computer Society’s cybersecurity resources page provides a wealth of information including basics, possible workarounds, and standards development. To keep up with trends, the community publishes IEEE Transactions on Privacy as well as IEEE Security and Privacy magazine.
In addition to this guide, the IEEE Learning Network offers nearly 30 courses on Internet security. You can also find research papers in the IEEE Xplore Digital Library.
From Your Site Locations
Related Topics on the Web
