The Cyber Workforce, Part 5: What does success look like?
Over the course of this series, we've discussed the need for more cybersecurity professionals and how we must look for new talent to build dynamic teams, including those who transition into cybersecurity roles. But what does success look like in cybersecurity? If this were a movie or TV series, you would see the figure with a dark hoodie typing furiously at a laptop, perhaps with tattoos, piercings, and wildly colored hair. Or, you could envision overworked, sassy IT professionals like in the popular Dilbert® cartoons. There are certainly people who appear as those stereotypes and work in cybersecurity, but in reality, we have a much broader community of successful professionals that isn’t often shown.
No matter the stereotype, individuals with successful careers in cybersecurity have several common skills and traits that support their work, namely: curiosity, critical thinking, communications, collaboration, and confidentiality. These five Cs apply to many fields, but are particularly exercised in cybersecurity.
- Curiosity. Great cybersecurity professionals have a desire and ability to ask questions, seek out data, develop patterns, identify connections, pivot to further understand, and challenge assumptions. When talking to potential hires, we seek those with an investigative nature who are "curious with a cause" to complete their work effectively. As systems become more interconnected and adversaries more clever to evade our defenses, we must continuously improve our ability to hunt for advanced threats, which demands focused curiosity to seek out the root cause of anomalies to better detect and remediate.
- Critical thinking. We rely on professionals to be able to analyze and evaluate available information about an issue, technology, event, or alert to make a judgement on what we do next. The result of these judgements impacts our security posture immediately and in the long run. We need analysts who can develop a holistic understanding of cyber threats and effective counterstrategies. With emerging technologies and approaches, we try to train security systems to support critical thinking, but to this day, are reliant on cybersecurity professionals to make meaningful connections and decisions.
- Communications. We have to talk to each other and be able to communicate across groups of stakeholders. From discussing technical details with teammates, mitigation actions with system administrators, better design choices for developers, and critical actions with decision makers, we have to speak in the level of “cyber geek” that each audience understands. It's a new kind of Rosetta Stone to talk to these different groups and we need technical people who can do that seamlessly. Increasingly, cybersecurity experts must be able to translate packets into decision-able data for the C-Suite; this is not a trivial task and requires skill and practice.
- Collaboration. Similar to communications, we must reach out to groups outside of our own teams to identify bigger picture trends, in-depth details of similar kinds of threats, and to share novel approaches to better defending and protecting critical information and systems. It takes a vast community spanning vendors, cyber defenders, threat analysts, penetration testers, and more to identify, protect, detect, respond, and recover from cyber incidents.
- Confidentiality. Now, there is a balance to sharing everything through communications and collaboration; effective cyber professionals need to show discretion and understand appropriate sharing of information. Particularly for Leidos as a cybersecurity service provider, we are entrusted with our clients' information and knowledge of their systems, networks, and business processes that are potentially vulnerable. We may hold the keys to exploiting their vulnerabilities by merely the fact of working with that customer. Integrity is the No. 1 value at Leidos — we are a trusted provider and want to maintain that trust amongst ourselves and with our clients. To that end, we seek professionals with an ability to understand that trust and who agree to our comprehensive Code of Conduct. We perform critical functions for our customers that demand confidentiality.
Variety of roles
The five Cs may be innate to an individual, or more often, they are developed over time through experiences to build up the requisite knowledge, skills, and abilities to perform a variety of roles over the course of a career. One of the best parts of cybersecurity is that it isn't one size fits all. There are a wide range of careers and positions that professionals can pursue, move onto, and master.
A seminal work describing these roles is the Department of Homeland Security-sponsored Cybersecurity Workforce Framework, developed under the National Initiative for Cybersecurity Careers and Studies (NICCS). It lays out an organized blueprint of the categories and specialty areas for more than 50 cybersecurity positions, complete with associated knowledge, skills, and abilities, and recommended training and academic coursework.
Leidos has begun using the Workforce Framework to assess our ability to perform the wide variety of cyber roles across industries and to help our cybersecurity professionals chart their personal career paths. Each of the roles reflects a different combination of skills that are necessary to have a successful career in cybersecurity, and are not all technical skills. From Privacy Officer to Systems Security Analyst to Cyber Crime Investigator to Security Architect — there is huge potential to have an impactful career in cybersecurity.
Making a difference
There is so much more to a career in cybersecurity than the stereotypical images of hackers and overworked IT professionals. Our mission at Leidos is to make the world safer, healthier, and more efficient through information technology, engineering, and science. In the field of cybersecurity, the work that we do enables real impact in the real world. Here are some examples of work that our Leidos cybersecurity team performs:
- Building resilient cybersecurity for next generation nuclear power plants
- Developing data analytics solutions for IT, operational technology (OT), and IoT systems
- Defending networks for the United States and our allies
- Providing cybersecurity services for hospitals so they can focus on clinical outcomes
- Developing cutting edge technology with embedded security to minimize vulnerabilities
- Testing and evaluating software and systems to validate their claimed security features
- Designing policies, procedures, and standards to improve security across technologies
If you are considering a career or a career change in cybersecurity, or ready to take the next step in your career path, please browse the available roles throughout Leidos.