If you’re thinking about becoming an application security professional, you’ve picked an ideal time to enter the field. According to the U.S. Bureau of Labor Statistics, the demand for security experts is expected to grow exponentially through 2022.
More importantly, there’s never been a better time to invest in developing application security skills and gaining hands-on experience. The threats facing the software industry are more numerous and complex than ever, but the current security workforce can’t keep up. As ISACA (formerly the Information Systems Audit and Control Association) reported in its 2015 Global Cybersecurity Status Report, a global survey of more than 3,400 of its members revealed a massive gap in cybersecurity skills, meaning that companies who want to hire cybersecurity professionals this year will likely have a difficult time finding qualified candidates.
Here are four essential traits you’ll need to match employers’ hiring needs:
1. Academic Credentials
There is no clear academic path to becoming an application security expert. Because these positions aren’t entry level, general degrees in computer science, information security, or information technology usually aren’t sufficient.
Many forms of cybersecurity certifications exist in the industry that can supplement a degree. Some of the more popular certifications are the Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified Hacking Forensics Investigator.
However, while certification tests demonstrate to hiring managers that people were able to study and remember enough material to pass an exam, they aren’t sufficient to demonstrate real-life skills. On-the-job experience is usually required.
2. Practical Skills
Many candidates for these positions will have years of experience in the full software-development life cycle. However, it is likely that those that have development or design experience don’t have much training in application security. And, if they did learn about security in school, their experience may be out-of-date.
Top candidates should also have some experience in ethical hacking. They should be well-versed in security protocols as well as in software security techniques; ideally, they will have strong cryptography skills. Software security architects should also have experience with malware, intrusion detection and prevention and firewalls.
Threat vector analysis and modeling skills are a plus.
3. Soft Skills
No one set of personal skills defines the consummate application security professional, but the following aptitudes can be essential to your success:
- analytical skills and a passion for problem-solving;
- creativity to imagine various attack scenarios and outsmart cybercriminals;
- attention to detail;
- interpersonal skills and the ability to work as part of a team;
- oral and written communication skills that enable the candidate to break down complex concepts into simpler ideas that nontechnical people can understand;
- the ability to make decisions under pressure;
- the flexibility to handle a rapidly changing environment, processes, and threats; and
- a willingness to learn new tools and techniques on the fly, as change is nonstop in this field.
In short, the ideal application security professional is something of a Renaissance person.
4. Security Training
If you think you’ve got the background and soft skills required to become a security professional, investing in application security-specific training could give you the edge.
Look for security training programs that are taught by actual practitioners rather than academics. That way, you’ll have access to the latest information on emerging threats and techniques for combating cyber attacks.
If you don’t have the time for in-person training courses, consider e-learning sessions that fit with your schedule.
Chances are, you’ll find an immediate use for the skills you learn. And, you’ll build the expertise you need to move ahead.