Saturday, November 25, 2017

What are the cybersecurity skills needed to land a job in a data centre?

by Simon Wright, operations director, Careers in CyberSecurity

Data centres are one of the most valuable assets owned by any company. They sit at the heart of an organisation, storing assets including web and database as well as DNS and email servers. It can actually be said for most companies that data centres are essentially the brain of an organisation.

Every company’s success invariably depends on these smooth software operations – and those have to be safeguarded, for obvious reasons.  It’s no surprise then that  data centres are increasingly the  preferred target of cyber-criminals seeking financial gain, important information and hacker-wide fame.

In today’s world, it’s crucial  that businesses have people on board who are skilled in recognising the types of attacks that befall data centres, such as web application attacks, DDos server attacks, weak authentication, DNS infrastructure and SSL-induced security blind spots and the ability to recognise and pre-empt attacks is one of the most valuable skills that a cyber security professional must have in order to be successful.

This skill simply cannot just be learned, it invariably comes with much experience, which results in the ability to recognise the tell-tale signs of an on-going persistent attack amid the usual traffic, from penetrating backdoors to initiating hidden tunnels.

Cyber criminals targeting data centres will likely avoid the traditional malware or phishing routes, opting for more sophisticated methods via vulnerable devices or theft of user or administrator credentials to access or destroy data centre assets.

However searching for the “perfect” candidate can be a tall order –  because such a person simply doesn’t exist according to the intricate set of criteria that cyber security demands. Ideally, of course, employers will be prioritising those candidates with a good grasp of programming, scripting, network security and computer forensics but these assets shouldn’t prevent a role from being filled for months on end.

Instead, employers should be investing in their current IT security staff via training and rotating duties within an existing team to offer far more viable and time effective strategies to solving the skills gap and securing the assets contained within their data centre.

Looking beyond the traditional scope of a cyber security candidate, companies should strive for flexibility in their search and focus not only on the necessary technical expertise but also skills in communication, critical thinking and problem solving, as with these tools already employed within an intelligent candidate, the fundamentals of security can be added later on.

Of course, IT and cyber security experience is a strong preference but in the face of increasing risk and frequent cyber-attacks, hiring managers and employers would be wise to focus their attention into securing their data centre and thus organisation’s technology assets as quickly and effectively as possible.

So, using an interview to decipher whether an individual has the potential to be a cyber security pro is time better spent than waiting for the illustrious Mr or Mrs Right.

Employers and recruiters are looking for individuals who can apply secure coding practices to ensure applications are compliant with industry standards, and that their data security is in line with existing and future standards like the EU GDPR.

Not to mention someone who is passionate about continued self-education both via certified courses and staying abreast of market events and trends.

That desire for continuous learning is a fundamental step in becoming a successful cyber security professional as is the ability to communicate with people across the business, from key business stakeholders to IT peers and members of the board.

For security professionals hoping to stand out from the crowd, demonstrating skills or knowledge in the areas of network security, application security, cloud and data security and the coveted penetration “pen” testing will certainly stand them at an advantage.

The protection of data centres and cloud environments is undeniably key to sustaining the growth of the digital economy and as more and more businesses transition their data into virtual and Cloud initiatives, the demand for those individuals who can educate their colleagues and superiors of proper Cloud usage and etiquette will undoubtedly increase.