What Skills Do You Need to Launch and Advance a Career in Cyber Security?

July 8, 2022

Keeping systems and data secure from hackers and attackers is challenging, and research suggests many organizations aren’t up to the task. First, there are more digital assaults than ever — the number of cyber attacks grew by 50% between 2020 and 2021. According to Cybersecurity Ventures, there is a new cyber attack every 11 seconds in the U.S. The most devastating year so far for data breaches was 2021, according to the Identity Theft Resource Center, exceeding 2020’s incident rate by 17% through just September. Second, organizations don’t have the infrastructure to respond to those attacks. One survey by cyber security firm Purplesec found that 50% of security professionals surveyed don’t believe their organizations can defend against ransomware attacks

Ransomware attacks alone cost businesses more than $75 billion per year. Cyber threats of all kinds interrupt business operations and erode consumer confidence, and recovery can take weeks or even months. Organizations urgently need experienced, qualified professionals with skills for cyber security to help lock down information and systems.

According to the U.S. Bureau of Labor Statistics, employment in the cyber security field will increase by 33% between now and 2030. Whether you want to launch a new career in cyber security or advance into a more senior position, you need to cultivate in-demand foundational and advanced cyber security skills. The four cyber security certificate tracks offered by San Diego State University’s Cyber Tech Academy make it easier to upskill so you can transition into entry-level positions or advance in a cyber security career more quickly.


Cyber security professionals must have a broad range of skills related to system security and information security to detect and mitigate threats across platforms. Essential cyber security skills include existing and emerging technical skills (e.g., networking, cloud security, virtualization and programming). Cyber security specialists at all levels also need soft skills. They must be comfortable educating the people in their organizations about why having robust cyber security policies is essential. Building the following must-have skills for cyber security may involve self-study, learning on the job, pursuing a degree or enrolling in SDSU’s skills-focused certificate programs.


Understanding networking fundamentals allows cyber security professionals to recognize vulnerabilities in data transmission systems, such as unprotected endpoints or out-of-date firewalls. Network security skills related to configuring and maintaining hardware securely, updating firmware or identifying outdated hardware that needs to be replaced can open the door to positions such as network security analyst, network security engineer and network security solutions specialist.


Cloud security encompasses the policies and processes that ensure data, applications and systems are only accessible to authorized users. Cyber security professionals apply traditional cyber principles to the cloud to secure systems and ensure application security. SDSU’s Cloud Security and Governance Certificate provides learners with the necessary foundational principles in this area of the discipline. Coursework explores the innovative adaptations required to manage risk and unlock the cloud’s full potential.

The use of cloud-based systems shows no signs of slowing down, with public cloud spending jumping from $145 billion in 2017 to an anticipated $482 billion in 2022. Burning Glass ranked cloud security as the second-fastest growing skill for cyber security, with a forecasted five-year growth rate of 115%


Virtual tools introduce new software layers on host systems, which means more infrastructure to manage and secure. That allows for reduced downtime, increased efficiency and more independence for developers but also creates new cyber security challenges. However, virtualization, applied wisely, can also enhance system security. It isolates operating systems to keep digital assets safer. In software development environments, it allows developers to spin up virtual machines for testing without impacting the production environment.

The application virtualization market may grow to $5.76 billion worldwide in 2026 — more than double 2018’s $2.09 billion. In cyber security, useful virtualization technologies include application virtualization, browser virtualization, operating system virtualization and virtual desktop infrastructure (VDI).


While not every cyber security role requires programming or even basic scripting skills, having no programming experience may limit career prospects. A basic understanding of coding can help cyber security professionals advance their careers and improve their organization’s cyber security postures. For example, some cyber security professionals use scripting languages to automate security threat detection. 

A general understanding of some languages can be a career booster. The most common programming languages used in cyber security include C and C++, JavaScript, Python, Shell and SQL. Cyber security professionals who know one or more may better understand applications, systems (including operating systems) and their vulnerabilities, and may be able to spot potential cyber threats and security issues more quickly.


Risk analysis is a top in-demand cyber security skill, according to Cyberseek, a tech job-tracking database created by the U.S. Commerce Department and CompTIA. Cyber security analysts who focus on risk examine how organizations would hold up against cyber attacks. Considering how remote work has opened up organizations to cyber attacks — 67% of attacks targeting remote employees — organizations are turning a keen eye toward cyber risk management and prevention. During risk analysis, analysts and other cyber security professionals consider how attacks will affect finances, operations, organizational reputation and system performance.


A LinkedIn study found that 92% of organizations listed soft skills as required qualifications in job postings. Hard skills like network security, programming and risk analysis are common among cyber security professionals, so many employers look for security specialists who also have communication skills, collaboration skills, critical thinking skills, problem-solving skills and a strong work ethic.

SDSU’s cyber security certificate programs are unique in that the instructors act as industry mentors rather than professors. Their firsthand knowledge of the field lets them provide students with practical “street knowledge” and soft skills informed by their own professional experiences.


Growing in a cyber security career involves building on the above foundational skills. Threat intelligence and intrusion detection skills, AI skills, digital forensics skills and other advanced skills can help early career professionals climb the ladder in the cyber security industry. The key to doing more and earning more is often putting together a specialized skillset featuring some or all of the following competencies.


AI can detect anomalies such as unauthorized access attempts before attackers successfully break into networks or systems. Related technologies such as natural language processing (NLP) and machine learning (ML) help enterprises expedite incident response times, saving thousands of dollars. But AI also has a dark side: 77% of security leaders expect attackers will weaponize AI, increasing cyber attacks.

SDSU’s Artificial Intelligence for Cyber Security program prepares students to understand AI as an evolving security concern. Students in the program study how AI can be part of both cyber defense and cyber attacks, preparing them to mitigate the security risks of AI implementation and leverage AI to secure organizations against cyber attacks. 


Threat intelligence helps organizations understand the mechanisms and the motives underlying attacks. Cyber security professionals with threat intelligence skills can identify what’s going on in the minds of the perpetrators of cyber attacks as readily as they can identify system vulnerabilities and changes in the threat landscape. Threat intelligence skills are the key to staying one step ahead of would-be attackers, and jobs for cyber security specialists with threat intelligence skills may grow by 41% over the next few years.

Threat intelligence encompasses three related disciplines. Operational threat intelligence focuses on understanding what malicious actors might be doing, infrastructure vulnerabilities and tactics, tips and procedures (TTP). Strategic threat intelligence zeros in on high-level trends and adversarial motives. Tactical threat intelligence specialists work in the weeds, performing malware analysis to understand threat indicators. 


Ethical hacking, or “white hat” hacking, involves temporarily walking in the shoes of cyber criminals to identify likely avenues of attack and shore up vulnerabilities. Ethical hackers are cyber security professionals who have permission to bypass system security using the same methods as cyber criminals to break into systems and access protected data. They test system defenses so cyber security engineers can put stronger protections in place. They might, for example, look for exposed endpoints or access control gaps.

White hat hackers often specialize in one type of ethical hacking, such as server hacking, social engineering, system hacking, web application hacking or wireless network hacking. Some cyber security professionals attain the Certified Ethical Hacker (CEH) credential, while others pursue certificates in ethical hacking.


Many websites and articles use ethical hacking and penetration testing interchangeably, but these two skills for cyber security are not the same. According to EC-Council, “Penetration testing focuses on the security of the specific area defined for testing. Ethical hacking is a broad term and penetration testing is one of the functions of the ethical hacker.” In other words, penetration testers zero in on a particular element of information technology systems to look for weaknesses. Often, penetration testers are brought in for compliance auditing to ensure new systems meet security standards.

During penetration tests, cyber security professionals run simulated cyber attacks against organizations to see how systems respond to attacks. Cyber security engineers can then plug any holes that the penetration testers find.


Like digital crime scene investigators, digital forensics specialists collect, analyze and preserve evidence of cyber attacks and data breaches or criminal activity. Some are data recovery experts who understand chain of custody rules for preserving digital evidence, such as audit logs. These digital forensic specialists often have titles such as cyber crime investigator or digital forensics analyst. Others work in incident response and are called cyber defense forensics analysts, incident response engineers or intrusion analysts. All follow digital trails to help catch cyber criminals and bring them to justice.

Digital forensics skills revolve around documenting evidence and processes, organizing evidence to tell the story of how the system was breached, preserving digital evidence so that it will stand up in court and recovering deleted or otherwise manipulated files. 


Without strategic leadership, organizations fall short on cyber security strategies and risk mitigation. Leaders in cyber security oversee cyber operations, develop security strategies and manage teams of analysts and engineers. Cyber security professionals with significant experience and management and leadership skills may be in charge of large-scale security programs for enterprise organizations.

Critical skills for cyber security management and leadership include decision-making, delegation, emotional intelligence, problem-solving, strategic thinking and team-building. Leaders in cyber security must also advocate for security investments, manage cyber security projects, design vulnerability management programs, create security awareness among stakeholders, analyze vendor solutions and negotiate the cost and deployment of security tools. This combination of soft skills and practical knowledge is critical to success.


Whether you are launching a new career in cyber security or want to build upon your existing skills to advance in a cyber security job, the Cyber Tech Academy at San Diego State University has a certificate program that will help you achieve your goals. Maybe you’re a certified information systems professional looking to move up the career ladder, an IT professional who wants to move into IT security or an analyst ready to take on more responsibility. SDSU’s cyber security program can give you the knowledge and skills you need to land a cyber security position or pursue advanced or specialized cyber security certifications.

Industry professionals built the SDSU Cyber Tech Academy. These professionals know what organizations are looking for in their employees and what it takes to stop the scourge of ransomware, security breaches, IP theft and infrastructure attacks that not only endanger businesses but also pose a severe threat to national security. The SDSU Cyber Tech Academy provides applied and agile cyber security training in four focus areas that align with industry demand — cloud security, cyber security in healthcare, AI in cyber security and cyber governance — so students can protect organizational assets across sectors. Students receive immersive training and graduate ready to tackle today’s most pressing cyber security challenges head-on.

The time to enroll in one of SDSU’s certificate programs is now.