
Ask HN: When they say there's a Cybersecurity skill shortage, what skills exactly? - ef743b3baa573
every few months there is an article or some study on Cybersecurity Professionals shortage.<p>as a Network Engineering Student with interest in Security, What exactly are the skills that companies want ?
======
netman21
There are several categories:

1\. Tools. People who can configure and maintain security products. Firewalls,
IPS, SIEMs, Identity and Access Management, key management, email security
products.

2\. Analysts/Incident response (IR) These are the people who research and
diagnose the alerts spewed by the above products. They usually recommend
compensating controls for the people above to implement. They work in a SOC
either at a big company or an MSSP. This is where knowledge of networking is
most valuable.

3\. Malware analysis. Considered the elite they reverse engineer code samples,
create signatures, and try to determine source and purpose of attackers.
Usually work at security vendors.

4\. "Researchers" These people look for exploitable bugs in critical (or any)
software. They may work for the dark side.

5\. And yes there is a need for people who can build teams to do the above.
Requires experience in the above.

The one area discipline there is no shortage in is cyber policy. :-)

~~~
ef743b3baa573
I'm very interested in area 2, I'm taking a new job in the next weeks in a
team involved in maintaining a medium sized critical network and involves
sysadmining linux/unix servers.

How do I position myself to get into category 2 that you list above.during
this job or the next job.

thank you very much for replying btw.

~~~
netman21
Take a pen testing course. Even get "certified" Your new perspective will give
you tremendous insights that you can apply in your day job. Your next job (if
they don't put you on the security team at your current one) could be at an
MSSP. IBM, Symantec, esentire, etc.

