Essential Skills for New Graduates Entering Cybersecurity

Essential Skills for New Graduates Entering Cybersecurity

Bridging the Knowledge Gap

As the current Cybersecurity jobs market seems to be a bit unpredictable, I felt it would be timely to share insights from a study I conducted during my time as a cybersecurity analyst in a Fortune 500 tech company, during 2021. This study, though limited to a very small sample size and focused specifically on the department responsible for deploying and maintaining security tools, yielded valuable insights. This is definitely not a complete list of desired skills, but hopefully it will give you and insight into where some of the hiring managers see knowledge gaps. Despite the small sample size, I believe sharing these findings could be useful for new graduates entering the field of cybersecurity.

As part of the study, I had the opportunity to speak with five senior managers who lead the key domains within the Cyber Defense team: Network Security, Cloud Security, Data Protection, Infrastructure Management (Compliance), and Security Monitoring Services. Our discussions centred around the common knowledge gaps observed in new graduates entering the field of cybersecurity. Below are the key areas that emerged.

1. Educational Awareness of the Difference Between IT and Cybersecurity

As this study was conducted in 2021, this point may be less relevant now. Understanding the distinction between general IT roles and specialized cybersecurity functions is crucial. To help with this knowledge gap I also recommend this post.

2. Networking Fundamentals

A solid grasp of networking basics is essential. This includes understanding how data flows across networks, the various types of networks, and the protocols that govern network communications. Additionally, knowledge of subnetting is very useful, as it helps design, manage, and secure networks effectively.

3. Network Security Fundamentals

Building on networking knowledge, new graduates should understand the principles of securing networks. This includes understanding firewalls, firewall rules, intrusion detection systems, and VPNs.

4. Systems & Network Architecture

Knowledge of how systems and networks are designed and implemented helps in understanding the potential vulnerabilities and how to protect against them. This includes differentiating between secure and insecure architectures.

5. Cryptography

While not essential for a career in cybersecurity, a basic understanding of cryptography is valuable. This includes knowing how encryption works, the various encryption methods, and when to apply them. It addresses a notable knowledge gap that could enhance overall security awareness.

6. Data Security

Protecting data involves more than just encryption. New professionals should be aware of data labelling, which helps in categorizing data based on its sensitivity and required security measures and data labelling policies. Additionally, understanding data masking techniques, secure data storage practices, and data transmission protocols is crucial for comprehensive data security.

7. Email Security

Given the prevalence of phishing attacks, understanding how to secure email communications is crucial. This includes recognizing phishing attempts and implementing measures to prevent email-based threats.

8. Log Management & Interpretation

Logs provide critical insights into system activities and potential security incidents. Being able to manage and interpret logs is essential for identifying and responding to security events.

9. Data Engineering

With the growing importance of big data, skills in data engineering can be highly beneficial. This includes understanding how to collect, store, parse, and process large volumes of data securely. Proficiency in data parsing helps in converting complex data formats into more accessible and analysable forms, which is vital for security analytics.

10. Vulnerability Management

Identifying and managing vulnerabilities is a core aspect of cybersecurity. This involves regularly scanning systems for vulnerabilities, assessing their potential impact, and implementing measures to mitigate risks.

A Note on Ethical Hacking

Interestingly, our discussions revealed that while ethical hacking is often highlighted in cybersecurity education, it may not be the most transferable skill to the workforce. Although it has its place, there is a greater demand for foundational skills listed above.

Proven Cybersecurity CV Template

To help with your job applications, I am giving away my own CV in template form. This template has helped me get a Cybersecurity internship, a grade role, a promotion to Sr Analyst and a Sr Cybersecurity Engineering role. To get the free CV template, all you need to do is subscribe to our newsletter. If you’ve already subscribed, please just fill out the poll below. I hope it serves you as well as it has served me. Godspeed.

Conclusion

For those considering a career in cybersecurity, it is important to recognize that you do not need expertise in all the areas listed above to start. However, having strong skills in one or two of these domains can provide a solid foundation to build upon. Continual learning and staying updated with the latest trends and technologies in cybersecurity will also be crucial as you advance in your career.

I hope these insights prove helpful for anyone aspiring to enter the field of cybersecurity. The path may be challenging, but with the right skills and knowledge, it can also be incredibly rewarding.

Side note

If you’re looking for more newsletters like this one, let me recommend The Cyber Shortcut’s newsletter for a weekly breakdown on IT and Cybersecurity insights.