What does it really take?
You’re going to find a mixed bag of qualifications that define whether or not a company thinks you’re fit to do the job. Below is a curated list of what we know people want, and what we know works. This is what you need do the job.
Cybersecurity Qualifications
A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by NIST (SP) 800-53, NIST SP 800-53A, NIST SP 800-37, and related NIST publications.
Demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field, preferably in support of U.S. Government information systems.
Experience performing information security risk assessments and communicating results to executives and senior management.
Experience providing information security advisory services to internal departments or external clients.
Experience aggregating metrics demonstrating the effectiveness of the security program.
Proficiency with developing, maintaining, and managing Security Authorization and Assessment packages.
Experience with developing and managing Plans of Action & Milestones (POA&M’s).
Experience conducting research and providing review recommendations on software and technologies to address vulnerabilities.
Knowledge of standard concepts, practices, and procedures within project management and program management.
Experience conducting audit log reviews or other security operations functions.
Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
Experience performing risk assessments of third parties or service providers.
Experience reviewing vulnerability scans and providing mitigation techniques.
Experienced writing security-related policies and procedures.
Excellent oral and written communication skills.
Excellent documentation skills.
Education Prerequisites:
Bachelor’s degree in Information Security, Information Technology, Computer Science, or similar field.
Information Security or related certification, such as:
(CISSP)
GIAC (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
CompTIA Security +
CEH
Cybersecurity Responsibilities
Support corporate information security policy development and maintenance
Conduct project risk assessments and support internal security policy audits
Document security policies, controls, mappings, and exceptions in GRC system
Support information security standards and compliance efforts
Support information security awareness campaigns, trainings, and promotions
Perform supplier and service risk assessments
Conduct audits of information systems and cloud services to policies
Support incident response
Support security operations
Support security engineering and controls implementation
Provide billable project surge support when necessary
Interview for ISSO and other security personnel needs
Support business proposal efforts
See something missing? Email it to support@noshitsecurity.com with subject: Career Qualifications