The 7 Skills Security Professionals Need in 2023

A severe worldwide shortage of cybersecurity skills has left organizations exposed to cyberattacks. In a survey conducted by Fortinet, 80% of companies reported suffering at least one network breach that could be attributed to a lack of cybersecurity skills among their workers.

At the heart of the matter is a simple issue of supply and demand. According to a 2021 report from (ISC)², the world needs about 2.72 million more cybersecurity professionals to fully meet global demand for cybersecurity skills.

Instead of hiring external candidates to fill their skills gaps, CISOs and other security and IT leaders will need to take a different approach. As they look to strengthen their defenses against cyber threats in the coming year, they’ll need to rely on training. Comprehensive learning programs, like Skillsoft’s Cybersecurity Career Journey, can help veteran IT workers master the latest cybersecurity best practices — or even help total rookies successfully make the switch to cybersecurity careers.

That said, security leaders must zero in on the most impactful skills if they want to get the most out of cybersecurity training. When it comes to preparing for the biggest cybersecurity threats of today and tomorrow, organizations would do well to focus on cultivating these seven skills in their workforces:

In 2021, learners earned a combined total of 12.7 million digital badges for completing courses in Skillsoft’s learning experience platform Percipio and Aspire Journeys. According to the 2021 Lean Into Learning Report, the four most commonly earned badges all dealt with application security: Application Security Awareness & Validation, Secure Application Architecture & IAM, API Security, and OWASP Top 10 List Items.

It’s important to note that these application security skills didn’t top the list of most-earned cybersecurity badges — they topped the list of most earned badges in any domain. They even beat out broadly applicable skills like communication and understanding unconscious bias. That reflects just how necessary application security is for today’s organizations.

The average large firm uses 129 different apps across teams and functions, and every single one of those apps could be a target for malicious actors. That’s why cybersecurity professionals who know how to build, implement, and maintain secure applications are in such high demand today.

Interested in learning more about application security? Check out these courses on Skillsoft:

• Secure Application and Data Architecture Design
• CompTIA Security+: Analyzing Application and Network Attacks

Cloud skills also held a prominent place in Skillsoft’s 2021 list of the top digital badges, with Cloud Security Fundamentals: Cloud Application Security and Cloud Computing Fundamentals: Introduction ranking in the top 10.

In the era of digital transformation, organizations increasingly rely on cloud services for everything from data storage and analytics to the outsourcing of critical business functions. But using the cloud is not without risk — and much of that risk comes from a company’s lack of internal cloud security skills. According to Gartner, “nearly all” cloud security breaches stem from user mistakes rather than errors on the part of the cloud service provider. Cultivating in-house cloud security skills is the key to avoiding these mishaps.

Moreover, cloud security is a natural complement to application security, given that a significant number of the apps companies rely on are cloud-hosted. You can’t have secure applications without a secure cloud.

Interested in learning more about cloud security? Check out these courses on Skillsoft:

• Securing AWS: Fundamentals
• Cloud Security Management: Risk Management
• CCSP 2019: Cloud System Architecture Design

Identity system defense came in at number two in Gartner’s list of the top seven cybersecurity trends for 2022. That’s because most data breaches — as many as 67% by some estimates — are caused by credential theft, social engineering, and other means of compromising employees’ accounts.

The best way to defend against these common attacks is with a robust identity and access management (IAM) strategy. Organizations are safer when their cybersecurity teams can implement and maintain secure IAM technologies and tactics like multifactor authentication, passwordless authentication, privileged access management, single sign-on, and more.

Interested in learning more about identity and access management? Check out these courses on Skillsoft:

• Microsoft Identity and Access Administrator
• Microsoft Security, Compliance, and Identity Fundamentals
• Cyber Generalist to Cloud Security Identity Professional

Identity system defense may have taken the number two spot in Gartner's list of 2022 cybersecurity trends, but attack surface management was number one. The average organization’s attack surface is larger and more distributed than ever, comprising on-premises, hybrid and cloud-based infrastructure — plus mobile devices, IoT devices, and more. Between all those assets, there may be millions of vulnerabilities lurking in a company’s network. To monitor and mitigate all of them, Gartner recommends “security leaders look beyond traditional approaches.”

Enter attack surface management, the cybersecurity subdiscipline that focuses on tracking network assets, assessing vulnerabilities, and thwarting attacks before they can happen. Companies need cybersecurity pros who can use the latest and greatest tools and best practices to corral their ever-expanding attack surfaces.

Interested in learning more about attack surface management? Check out these courses on Skillsoft:

• Risk Assessment and Management
• Network Security and Emerging Technologies

Secure network architecture goes hand in hand with attack surface management. If attack surface management is about closing vulnerabilities across the enterprise network, secure network architecture is about building those networks so that minimal vulnerabilities are present in the first place.

Learning secure network architecture skills enables your cybersecurity team to use approaches like zero trust architecture to design, implement, and protect today's distributed, interconnected networks.

Interested in learning more about secure network architecture? Check out these courses on Skillsoft:

• Linux Exploits & Mitigation: Linux Exploit Architecture
• Cybersecurity Specialization: Architecture and Policy
• Information Security: Securing Networking Protocols

So much of cybersecurity — perhaps more than you realize — is built on the foundations of ethical hacking. Being able to assess your organization’s cybersecurity systems from the viewpoint of your adversaries is critical for penetration testing, of course.

But ethical hacking skills can also yield valuable insights in domains like vulnerability management, threat hunting, incident response, and even secure software development. If your cybersecurity team knows how hackers behave and what they’re looking for, they’ll have an easier time heading off their attacks.

Interested in learning more about ethical hacking? Check out these courses on Skillsoft:

• CyberSec First Responder: Threat Detection and Response
• Cyber Generalist to Ethical Hacker

Soft skills rarely come up in conversations about cybersecurity. That may have something to do with why so many organizations are struggling to build cybersecurity awareness among their employees.

As Forrester notes in a recent report, How to Manage the Human Risk in Cybersecurity, existing approaches to cybersecurity training for the general employee population aren’t cutting it. Despite organizations pouring time and money into these campaigns, the average employee is still susceptible to social engineering, unsafe browsing habits, and other behaviors that put companies at risk. To change that, Forrester says, cybersecurity teams must make a greater effort to win the hearts and minds of non-security employees.

Toward that end, Forrester recommends that cybersecurity teams not overlook leadership skills like communication, influence, and emotional intelligence when building cybersecurity capacity. Armed with these soft skills, cybersecurity teams may have an easier time earning the trust of their peers — and that trust is a key catalyst for company-wide behavior changes that keep the organization safe and secure.

Leadership skills can and should be incorporated into cybersecurity training. One good way to do that is by offering a mentorship program, such as the one provided by Skillsoft’s Cybersecurity Career Journey. With support from real experts in the cybersecurity field, learners will be able to see those leadership skills in action.

Interested in learning more about business leadership skills? Check out these courses on Skillsoft:

• The Influential Leader
• Leader as Motivator
• Leading Through Change

Cyberattacks and data breaches can cost companies millions of dollars in terms of lost revenue, remediation expenses, and reputation damage. They’re also becoming more common, with the frequency of cyberattacks increasing by 50 percent between 2020 and 2021.

Organizations need to build strong cybersecurity teams to defend against these attacks. That’s hard to do when a third of cybersecurity job vacancies regularly go unfilled, and 60% of organizations struggle to recruit cybersecurity talent. With cybersecurity skills in short supply, security leaders’ best bet is to invest in cybersecurity training to build the skills they need in-house.

Comprehensive cybersecurity training programs, like Skillsoft’s Cybersecurity Career Journey, offer IT professionals and novices a pathway to mastering today’s most vital cybersecurity skills. Cybercriminals won’t stand a chance.