View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 15, 2016updated 05 Sep 2016 11:25am

Cryptography, information assurance, cloud and others: 5 key skills for cyber security professionals

List: Protecting data and systems in the modern business requires a range of disciplines.

By Alexander Sword

Cyber security professionals are in high demand at the moment, but what skills do they need to have to be able to protect your business? Here are a few of the most valuable skills that a cyber security worker can have.


1. Cryptography

Cryptography means practising and studying techniques for secure communications. It is an important method for protecting data stored in computer systems.

Encryption, a major cryptographic technique, involves feeding a communication through an algorithm, effectively scrambling it so that it can only be read by somebody with access to the algorithm, or key.

Encryption is already used in applications such as Telegram, Tor Messenger and WhatsApp.

More generally though, cryptography involves analysing and constructing protocols to prevent third parties from reading private messages.

Cryptography involves a good understanding of mathematics due to the use of the algorithms. Professionals need to be aware of the inner workings of cryptographic systems and how to correctly use them in realy-world situations.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Qualifications include the EC-Council Certified Encryption Specialist programme, which introduces professionals and students to the field of cryptography. Some universities offer degrees in cryptography techniques, such as the Mathematics of Cryptography and Communications at the Royal Holloway.


2. Information assurance

Information assurance (IA) means assuring information and managing the risks involved with its use, processing, transmission and storage.

IA professionals understand techniques for protecting data’s integrity and availability, using various physical, technical and administrative controls.

Data breaches do not simply come from outside organisations; there is also a considerable insider threat posed by employees or ex-employees who might have access to the data anyway.

This means designing an overall architecture where IT can oversee whether unusual activity or suspicious patterns of access to data are occurring.

It includes an understanding of computer network design and infrastructure. The type of network required by the company needs to be taken into account; some are local and only used within the organisation itself while others are used by customers across the country or around the world.

Creating a network that suits the organisation’s goals while protecting the data is a key responsibility.

Respected information assurance qualifications include CISSP, CISM, ISO 27001 LA, CLAS and CISA.



3. Cloud security

With many organisations now dependent on the cloud for core business functions, being able to control access to the cloud in a secure way has become a key requirement.

Cloud security has several important challenges: identity and access management is one of the most crucial. This means ensuring that digitally ascertaining the identity of somebody trying to access cloud resources when this access could be taking place from any location or any device.

Professionals also require an understanding of architecture and infrastructure, including patch and configuration management, virtualisation and application security and change management.

With the control of data tightly regulated on an international level, cloud security professionals must also have a strong understanding of compliance and legal concerns.

Cloud security also covers intrusion detection and incident response in cloud environments.

Certifications include the Certified Cloud Security Professional (CCSP) programme from (ISC)2 and the Cloud Security Alliance.


4. Business continuity

Business continuity means planning and preparatory activities to ensure that critical business functions are not hit during serious incidents or disasters, or intentional attacks.

Nowadays, with distributed denial of service (DDoS) attacks shutting down companies’ websites and critical infrastructure relatively easy to pull off, protecting data and infrastructure in times of unavailability is an increasingly important cyber security technique.

Business continuity professionals need to build system design, implementation, support and maintenance in order to keep firms continue without stoppage. This includes developing standards, programme development and policies for all scenarios.

The Business Continuity Institute (BCI) offers the Certificate of the BCI (CBCI), which can be achieved by studying for and passing an examination.


5. Programming

A good background in programming is a valuable tool for cyber security professionals, since it helps them understand the workings of an application and hence how it might be hacked into.

IT security professionals need to be able to efficiently write applications and scripts, sometimes in very short timeframes.

There are various qualifications available in many different programming languages, but proficiency in several could be useful. A good knowledge of frameworks such as Javascript and HTML will be useful.

Python is increasingly considered the must-know language for cyber security professionals.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.