12 min read

6 in-demand cybersecurity roles — and what hard and soft skills to look for

Cybersecurity is one of the fastest-growing industries in the world. 

In the US alone, there were more than 700,000 job openings for cybersecurity roles between May 2021 and April 2022. And this is showing no sign of slowing down any time soon — according to the US Bureau of Labor Statistics, cybersecurity roles are set to grow 35% in the next decade. To put this into perspective, the average growth rate for all occupations is just 4%. 

The demand for cybersecurity experts in the us
Organizations are struggling to source skilled cybersecurity experts, and this demand is expected to grow 35% in the next decade, according to BLS

Whether you’re a large organization wanting to protect your most significant assets or a small business concerned about the severity and frequency of cybercrime, there are plenty of reasons to consider hiring cybersecurity professionals.

In this article, we’ll unpack the mysterious nature of the cybersecurity industry, break down common cyber roles, and delve into the most important skills for cybersecurity — hard and soft — that will set aside top-performing professionals from the rest. 

Why does cybersecurity matter more than ever?

Cybersecurity is a growing issue affecting individuals and organizations in all corners of the world. Unfortunately, in recent years, cybercrime has intensified, putting tremendous pressure on organizations to prioritize security resources to mitigate the risk. Yet, according to a Center for Strategic International Studies (CSIS) report, 82% of organizations lack cybersecurity skills

Consider the following statistics from IBM’s Cost of a Data Breach Report 2022:

  • Global data breaches reached an all-time high in the last year, with the cost of a violation averaging $4.35 million in 2022. This is a 2.6% increase in data breaches from 2021 and a 12.7% increase from 2020. 
  • The United States continues to have the highest average total data breach cost, costing US businesses, on average, $9.44 million per breach. This is a 4.3% increase since 2021. 
  • For the 12th year in a row, the healthcare industry represented the highest cost for data breaches. The average total cost of a healthcare breach increased from $9.23 million in 2021 to $10.10 million in 2022 — a 9.4% increase. 
  • There is a strong correlation between organizations with largely remote workers and higher data breach costs. The average cost of data breaches for organizations with 81-100% of remote workers was $3.99 million, compared to $1.11 million for those with less than 20% of their employees working remotely. 
  • On average, organizations with an incident response team that tested an incident response plan versus those without experienced $2.66 million in breach cost savings
The cost of data breaches in the us
The cost of data breaches continue to increase globally, with the US leading the pack, according to IBM

6 in-demand cybersecurity roles — and hard and soft skills to look for

1. Chief Information Security Officer (CISO)

What does a CISO do?

A Chief Information Security Officer, more commonly known as a CISO, is a senior-level cybersecurity officer responsible for developing, implementing, and maintaining an information security program for an organization. As part of their role, this may include:

  • Building a security team to help them deliver upon the strategy. 
  • Developing and maintaining procedures and policies to help protect communications, systems, and assets. 
  • Ensuring compliance with applicable laws and regulations. 
  • Interacting with stakeholders concerning information security issues and solutions.

Additionally, according to Evanta’s 2022 Survey Report, a CISO’s top priorities in 2022 are cloud security, strategy and architecture, third-party risk management, measuring and communicating risk, user access/IAM, and security operations. 

Ciso's top 2022 priorities
According to Evanta, CISO’s are focussed on third-party risk management, cloud security, strategy and architecture, and more in 2022

Whether you’re considering a cybersecurity career or striving for more progression to reach an executive level, a CISO is generally considered the most senior-level position in one’s cyber career path and is generally the final stop for many industry professionals. 

What hard and soft cybersecurity skills are required to be a CISO?

CISO hard and soft skills
Hard skillsSoft skills
IT skills and cybersecurity knowledgeStrong communication and presentation skills
Security incidents managementDrive and determination
Business expertiseLeadership and supervisory skills
Risk assessment managementForward-thinking
Policy development and administrationAnalytical
Knowledge of regulation and compliance with standards Collaboration and conflict management
Security operations Interpersonal skills

2. Security Architect

What does a Security Architect do?

A Security Architect is a senior-level role responsible for helping design, build and maintain an organization’s security system to help safeguard employees, data, and client information. A Security Architect’s daily responsibilities will be largely influenced by the size and structure of the organization they’re working for. As a general idea, duties may include:

  • Designing a security strategy.
  • Overseeing/managing projects to improve security.
  • Leading/managing security testing strategy (i.e., vulnerability scanning, penetration testing, etc.).
  • Regularly undergoing threat analyses.
  • Leading/managing a team.
  • Ensuring compliance with applicable laws and regulations.

Due to the seniority of a role like Security Architecture, many candidates enter the field via an alternative role. As such, entry-level roles like Cybersecurity Analysts, Security Specialists, and Incident Responders are a great way to enter the industry, building up relevant skills for those interested in pursuing a career in Security Architecture. 

What hard and soft cybersecurity skills are required to be a Security Architect?

Security Architect hard and soft skills
Hard skillsSoft skills
Cloud security skillsCollaboration
Network security skillsProject and team management
Software development and DevSecOpsWritten and verbal communication
Identity and access managementProblem-solving and analytical
Scripting languageIntegrity
Linux, Windows, and Mac operating systemsEthical

3. Cybersecurity Engineer

What does a Cybersecurity Engineer do?

Cyber Engineers may also be referred to as Data Security Engineers, IT Security Engineers, and Web Security Engineers. 

Cyber Engineers combine electrical engineering and computer science skills to create and manage hardware, software, and security policies designed to keep computers, networks, and information safe. Essentially, their role is centered around developing and executing security solutions to minimize the impact of hackers, cyberattacks, and threats. 

A Cybersecurity Engineer’s daily tasks will vary from organization to organization, based on industry, size, and team structure. According to HBU, a Cybersecurity Engineer’s duties may include the following: 

  • Handling a network of system security breaches and viruses. 
  • Designing, implementing, and testing security measures to protect systems, networks, and data. 
  • Reporting and communicating with various departments. 
  • Performing penetration testing to identify system and network weaknesses. 
  • Working with IT experts to modify or strengthen computer code to address weaknesses. 
  • Penetration testing to understand network, application, and data system vulnerabilities. 
  • Installing, testing, and configuring networks. 

What hard and soft cybersecurity skills are required to be a Cybersecurity Engineer?

Cybersecurity Engineer hard and soft skills
Hard skillsSoft skills
Coding (i.e., proficiency in Python, C++, Java, Ruby, etc.)Analytical
Firewall and intrusion detection systemsProblem-solving
Knowledge of operating systems Teamwork and collaboration
Security protocolsCreative thinking
Cybersecurity toolsCommunication
Mathematical skillsAttention to detail 
Engineering knowledgeThe ability to work under pressure
IDS/IPS, penetration and vulnerability testingTime management 

4. Malware Analyst

What does a Malware Analyst do?

As the name suggests, a Malware Analyst is responsible for examining, identifying, and understanding various cyber security threats, including viruses, worms, bots, rootkits, and trojan horses, according to Infosec Institute.

While responsibilities and expectations will depend on the size and structure of the organization, a Malware Analyst is commonly responsible for one or more of the following:

  • Responding to incident reports. 
  • Recommending and implementing changes to support system recovery. 
  • Responsible for preventing malware attacks. 
  • Staying up to date on the latest malware and software updates.
  • Communicating with the security team about any vulnerabilities or changes to the system. 
  • Creating security policy documentation.

Malware Analysts are said to combine the skills of a programmer and a cyber detective. Many Malware Analysts will have a background in cybersecurity, computer science, or programming. 

What hard and soft cybersecurity skills are required to be a Cybersecurity Engineer?

Cybersecurity Engineer hard and soft skills
Hard skillsSoft skills
Knowledge of operating systems and networking Creative thinking
Knowledge of security principlesStrong communication skills
Skills in programming Determination
Identify, contain, disassemble, and mitigate zero-day malwareCuriosity 
Proficiency in coding (to be able to reverse engineer code)Analytical 
Proficiency in programming language (to work with high-level languages)Critical thinking 

5. Penetration Tester

What does a Penetration Tester do?

Penetration Testers are responsible for identifying and fixing security weaknesses impacting an organization’s digital assets and networks. Generally, a penetration test will mimic a cyber attack, whereby the tester will seek to hack the computer system to exploit potential weaknesses and vulnerabilities to suggest improvements to strengthen the security. A Penetration Tester is also known as a “good hacker” or “ethical hacker.”

Penetration Testers often use a five-step process to facilitate testing. According to Imperva, this includes:

  1. Planning — The penetration tester defines test goals and gathers relevant information. 
  2. Scanning — The penetration tester uses scanning tools to gain greater insight into how a target may respond to threats. 
  3. Access — The penetration tester stages a web attack to reveal the organization’s weaknesses. 
  4. Access maintenance — The penetration tester imitates APTs to see if the uncovered weaknesses can be utilized to maintain system access. 
  5. Analysis and configuration — Based on the results, the penetration tester will configure WAF settings and conduct more tests to assess vulnerabilities. 

Like all cybersecurity roles, the Penetration Tester’s responsibilities and daily duties will depend on the organization’s size and structure. However, here are a few common responsibilities:

  • Investigate and experiment with different cyberattack methods. 
  • Carry out penetration tests on apps, cloud infrastructure, and network devices. 
  • Design and implement penetration testing methodologies. 
  • Assess and amend code to improve security weaknesses.
  • Document security and compliance issues. 
  • Automate relevant testing techniques to ensure efficient processes. 
  • Gather findings and recommendations to report to stakeholders.
  • Reverse engineer malware and spam.

What hard and soft cybersecurity skills are required to be a Cybersecurity Engineer?

Penetration Tester hard and soft skills
Hard skillsSoft skills
Programming languages (i.e., Python, BASH, Java, Ruby, Perl, etc.)Problem-solving
Comprehensive knowledge of network and application security Written and verbal communication
Unethical hacking techniques Collaboration and autonomy
Threat modelingself-motivated
Pentest management platformsStrong aptitude
Linux, Windows, and MacOS environmentsAnalytical
Security assessment toolsCreativity
Cryptography skillsEthical

Why do cybersecurity skills matter?

Historically, many candidates would find their way into a cybersecurity career by obtaining a bachelor’s or master’s degree in a related field — including computer science, IT, cybersecurity, electrical engineering, and more. 

Yet, the growing global shortage of qualified cybersecurity professionals has forced organizations to reassess what’s truly important for a candidate to succeed in the role, recognizing that candidates may have obtained their skills through alternative pathways or self-teaching. This allows employers to gain access to a broader talent pool and improves diversity by making the role accessible to underrepresented candidates. 

Many employers are now relying on skills testing and job simulations to assess candidates from all walks of life to understand if they have what it takes to thrive in the role and within the company’s environment. To do so, organizations need to know what hard and soft skills are fundamental to the role’s success. 

Vervoe’s AI-powered skills assessment platform effectively allows organizations to add confidence to their hiring decisions. Through our ready-made assessments and completely customizable options built from scratch, Vervoe’s skills validation platform reassures employers that the chosen candidate has the skills required to do the job while giving applicants a realistic job preview. 

Final thoughts

Cybersecurity poses an undeniable threat to organizations of all sizes. The reality is: cybercrime is on an upward trajectory, requiring companies to take a pragmatic approach to safeguard their digital assets. 

In 2022, cybersecurity professionals are lacking in just about every job and industry. Yet, demand is growing particularly fast in certain roles — including Chief Information Security Officers (CISO), Security Architects, Cybersecurity Engineers, Malware Analysts, and Penetration Testers. 

While many cybersecurity skills are transferable across various roles, including collaboration, ethics, and proficiency in operating systems and networks, many roles require candidates to have a fundamental understanding of more niche technical skills, such as threat modeling and engineering proficiency. 

Therefore, organizations must thoroughly understand the cybersecurity skills needed for candidates to succeed in open roles, accompanied by proper measures to confidently validate said skills. AI-powered skills testing platforms like Vervoe are a great way to add confidence to the hiring process.

Bec Eaton

Bec Eaton

Bec Eaton is a Copywriter with over eight years of experience in writing compelling, brand-aligned, and solution-driven copy across a range of industries. Bec joined the Vervoe team in 2022, and currently works as their Content Marketing Specialist.

Similar articles you may be interested in​

Traditional hiring processes are notoriously slow and long-winded. That’s a fact. According to LinkedIn, it takes companies 41 days to...

November 9, 2022

Cybersecurity is a global issue and a growing one too. Every 39 seconds, a cyber attack occurs, amounting to more...

October 30, 2022

When you think of a “hacker,” you probably unconsciously envision a mysterious hooded man, wearing blacked-out sunglasses, surrounded by illuminated...

October 20, 2022