Hot security skills of 2013

Here are the skills that our sources say are among the most important right now.

Most successful CSOs will tell you it was a unique mix of skills that propelled them to their current position. Technical background is important, certainly, but practice in the business and excellence in communication are paramount for any CSO truly worthy of a place in the C-suite. We don't expect that to change any time soon.

But every few years, a few super-hot skills get added to the mix, ones that will make you even more attractive (to your company and to future employers) and keep you on top of your game. You may need to bring in some of these skills by maintaining a well-rounded staff, rather than by acquiring them yourself. Here are the skills that our sources say are among the most important right now.

Diverse technology experience

Familiarity with both information and physical-security technologies is important at the highest rung of the security ladder, according to Carl Young, CSO of Stroz Friedberg, a global digital-risk-management and investigations firm. The increasing interdependence between these areas demands a broad perspective on risk management.

[5 more tough security questions (and how to answer them)]

Ability to anticipate needs. By understanding the needs of the industry and keeping on top of new technologies and threats, good CSOs can identify the special skills and expertise (such as analytics expertise or a specialty in malware) needed in their new hires on both the information- and physical-security fronts, says Young.

Fluency in the IT side of physical security

Tom Verzuh, president of recruiting firm SCW Consulting, is seeing great demand for physical-security professionals who are fluent in technology, especially digital-video software management and analytics. Brent O'Bryan, vice president at AlliedBarton Security Services, confirms his firm is hiring professionals who have experience in the convergence of physical and information security.

Many, if not all, of the devices used in physical security today (including smartphones and digital-video surveillance systems) produce loads of data. Making sense of that sea of data requires special expertise, which is highly in demand right now.

"The way to increase your value as a physical security professional is to invest in learning the world of IP networking and Microsoft server technologies and data analytics solutions," says Charles Foley, chairman and CEO of Watchful Software. "Security pros that know these two areas will be able to spearhead their companies efforts to streamline costs, increase value delivered, and will literally sell information collected to the rest of the organization."

Advanced data-protection expertise

Hardening the perimeter is good basic hygiene, but it is no longer enough. Information-protection skills are in great demand, according to Foley --in particular, knowledge of data-centric technologies such as enterprise rights management, multilevel security models, data classification techniques and biometrics.

[15 tips for landing and acing a job interview]

"This is why you see increasing -- numbers of courses and certifications. The skills to approach the business problem, lay out coherent strategies that are digestible to the common user, and set forth tactical deployment plans are extremely difficult to find," says Foley

Business and financial acumen

Sought-after CSOs understand the key business lines in their respective organizations and the impact of security on a company's bottom line, says Young. This understanding is also important for recognizing where potential vulnerabilities might lie within the organization, such as with outsourced services or data, or lines of business that are popular targets for cyberattacks.

CSOs that have an advanced business degree such as an MBA are always going to be that much more desirable than those who do not, according to Jerry Irvine, CIO of IT outsourcing company Prescient Solutions and a member of the National Cyber Security Task Force.

"From the standpoint of being able to understand business drivers, strategic planning, understanding the mission and vision, CSOs must have business experience. If they're going into large multinational corporations, that will probably require an MBA or a degree in business administration, says Irvine.

Technical certifications such as CISM, CISSP, CRISK and CTBIT are helpful, but CSOs need to prove they have a grounding in business-risk analysis.

Good communication skills

It will always be extremely important to be able to communicate with diverse audiences, says Young. Not only must CSOs make complex security issues understandable to the enterprise at large, they must also make it clear how important security risk, particularly digital risk management, is to the executive suite's agenda. David Luzzi, executive director of Northeastern University's Strategic Security Initiative, adds logical reasoning and the ability to inspect ideas as important skills to build on the foundation of excellent verbal and written communication skills.


David Frymier, CSO at Unisys, has more than three decades of experience in IT, with much of his recent years devoted to information security. Frymier is not inclined to get a certification or an MBA to make himself more attractive at this point in his career. His take on one of the top skills to have today?

"The ability to self-teach is a given," says Frymier. "As fast as things change, you have to be able to teach yourself how to do new things."

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about CSOMicrosoftUnisys Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lauren Gibbons Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place