The Must Have Characteristics of a Cybersecurity Pro

So you think you want to be a cybersecurity professional?  Or maybe you know (or are) a middle school (that’s right, start ’em young),  high school, or college student who is looking at cybersec as a career path.  What personality characteristics would you need to be successful?  What drives, motivates, and challenges a cybersecurity professional?  Just what kind of wingnut are you?

Here is a short list of personality traits needed for a career in cybersecurity:

  • Thrives on chaos.  This ain’t no walk in paradise.  Whatever plans you had for today are usually out the window by 10:00 am.  But if you get off on the adrenaline rush that comes with responding quickly to emerging threats and attacks, then this could be for you.
  • Self-directed.  No one needs to tell you what to do, you are already doing it.  Or did it.
  • Team player.  You might be great working alone, but you also play well with others.  Can be part of a team, maybe even lead a team.  Your sharing nature and disregard for titles and hierarchy helps you treat team members as equals.
  • Hates routine.  If you need structure and predictability in a job, look elsewhere.  Most of the professionals I know want something different to do every day.  They need constant stimulation and new, unfamiliar challenges to work on.
  • Detail oriented.  Can see the forest AND the trees.  Can use inductive and deductive reasoning.  Can troubleshoot.  Writes great documentation.  Shares information.  Can explain technical concepts to non-technical audiences, such as employees and managers.
  • Driven by curiosity.  Needs to know why.  Needs to know how things work.  Loves to hack stuff and try new things.
  • Never stops learning.  And doesn’t want to, either.  Cybersecurity pros are constantly reading, researching, attending seminars, for trying new techniques to combat new exploits or deploy new defenses.  For me, a day without learning something new is wasted.
  • Great under pressure.  Calm and cool under pressure?  If you stay calm and focused while everyone else is panicking, this is a great quality for your cybersecurity career.
  • Expects to be ignored. You told them this would happen and they ignored you, and you can still keep your composure and resist the “I told you so.”  Especially when dealing with the executive suite and denied requests for funding that could have prevented the current crisis.
  • Handles blame.  Often you receive the blame for issues that you did not cause, or even warned them about.  But you can shrug it off and get back to solving the problem.
  • Failure is ALWAYS an option.  You see failure as a learning experience.  You don’t take it personally, you learn the lesson, and you just move on.
  • The game is never over.  Understands that any gains today can be quickly undone by a new threat or exploit.  Understands that cybersecurity is a evolving process that never ends.  And still shows up for work tomorrow, happy to be there.

This list is hardly conclusive.  What characteristics do you think would benefit a cybersecurity professional?  Please add your ideas and comments below.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.