What makes a cyber security professional?

One problem we have today, with the attention to cyber security, is that everyone wants to get into the game. And frankly there are all too many ‘security professionals’ and even ‘security companies’ that simply don’t have sufficient skills.  So what makes a good security professional? Here is what I consider the most basic skillset:
First and foremost you need a solid understanding of computers.  Yes a CS/CIS/BIS degree would be good, but without that, a basic skillset equivalent to the CompTIA A+/Network+ certification and a good knowledge of operating systems should be the minimum before you start to study security. Whether you are a security admin, forensic examiner, pen tester, or some other security professional, you have to understand hardware, operating systems, networks, etc. before you can work effectively in security.   It is best if you had a few years in some IT role (tech support, network admin, programmer, web developer, etc.) before embarking on security.  It would be a good idea to at least be comfortable with database technology and routers as well.
Next you must have a strong working knowledge of general security principles. Understand the concepts behind authentication, CIA, least privileges, IDS/IPS, anti malware, etc.  Something equivalent to CompTIA CASP or CISSP.
Then you need at least some working knowledge of forensics and pen testing. Even if you do not intend to specialize in either of those. I think any security professional should have an introductory course in both forensics and pen testing.  Pen testing will help you understand attack vectors so you can better defend against them. Forensics will improve your incident response.

In my opinion the skillset just outlined is the baseline for security professionals.  And in this field more is always better.  If you are going to specialize in forensics or pen testing, then you absolutely need to go beyond this baseline.

Beyond that, learning more about specific technologies (IDS/IPS, SSL/TLS, Kerberos, etc.) and getting a deeper knowledge of the operating system you are trying to protect,  must be an ongoing process. I tell students that this is not a field that you learn a skillset and execute that skillset repetitively for the next several years. Security requires constant learning, constantly expanding your skills.

Also note, I use certifications as a guide to skill level. I am not claiming you must have certifications, just the skillset represented by those certifications.


Chuck Easttom



About the Author:

I am a computer scientist, inventor, consultant, and author. I have over 20 years of professional experience in the IT industry, over 15 years teaching/training, and over 11 years in litigation support/expert witness work including 39 cases and testimony at trial, depositions, and hearings. I have authored 19 published books (including our on security, three on forensics, and one on cryptography), have 6 patented inventions, have been a guest speaker at multiple locations including the Harvard Computer Society, Columbia Chapter of the ACM, Southern Methodist University Computer Science and Engineering Colloquium, University Texas at Dallas ACM chapter, Hacker Halted security conference, Takedown security conference, ISC2 Security Congress, Hackon India, and multiple other locations. I have conducted training and provided consulting for major companies, law enforcement agencies (local, state and federal), and various government agencies as well as friendly foreign governments. I conduct research in cryptography, forensics, and related topics. I also consult on computer security and forensics.