Cybersecurity Skills by Industry
Written by:
East Carolina University®
• Sep 11, 2024
Cybersecurity Skills by Industry
Cybersecurity skills are in high demand across the country due to an increase in cyberattacks and rapidly evolving cyber threats. That translates into a growing demand for information security professionals. The U.S. Bureau of Labor Statistics (BLS) projects that information security analyst jobs will increase by 32% between 2022 and 2032. The BLS further reports that information security analysts had a median annual salary of $120,360 in 2023.
While organizations across all sectors rely on cybersecurity professionals, the specific skills needed to protect networks, prevent data breaches, and secure information in any particular organization vary depending on the industry. For example, the rise in the number of employees working remotely has created new security challenges for organizations in many industries, while the increased use of telehealth services has created data security risks for healthcare organizations.
Current skills gaps among cybersecurity professionals across industries are leaving many organizations vulnerable to sophisticated cyberattacks as well. By learning about in-demand cybersecurity skills and building those skills through a cybersecurity degree program , prospective information security professionals can prepare for a career in this growing field.
In-Demand Cybersecurity Skills
Which cybersecurity skills are the most in demand? In ISACA’s 2023 survey for its report on the state of cybersecurity, 2,000 cybersecurity professionals identified the top skills they look for when hiring as well as the skills they believe are most lacking in their field. More than half of respondents reported that soft skills were one of the most critical areas where information security professionals require additional training. Technical skills also topped the list.
Here are the cybersecurity skills that were identified as lacking the most among cybersecurity professionals along with the percentage of respondents who identified each:
- Soft skills: 55%
- Cloud computing skills: 47%
- Security controls skills: 35%
- Coding skills: 30%
- Software development skills: 30%
Before turning to industry-specific information security skills, the following are the critical cybersecurity skills required across industries.
Technical Cybersecurity Skills
Cybersecurity professionals rely on technical skills to prevent data loss and implement security plans. Employers reported the highest need for technical skills in the following areas, according to the ISACA 2023 survey, listed here along with the percentage of respondents who identified each:
-
Identity and access management (49%): Also known as IAM, identity and access management focuses on preventing unauthorized access to networks and systems by securing authorized users. With IAM skills, cybersecurity professionals can prevent data breaches while allowing seamless access to authorized users.
-
Cloud computing (48%): The increasing reliance on cloud computing, or delivering services wirelessly, opens organizations to new security risks. Cybersecurity professionals with cloud computing skills secure servers, databases, and cloud-based apps.
-
Data protection (44%): Cybercriminals often target sensitive data, and skilled data protection specialists know how to protect private information from data breaches or data corruption. As organizations store increasingly larger amounts of data for various purposes, data protection is becoming a key cybersecurity skill for employers.
-
Incident response (44%): Organizations implement incident response plans to detect and respond to potential attacks and security breaches. Specialists in incident response use cutting-edge techniques to prevent damage and secure networks quickly.
-
DevSecOps (36%): Also known as development, security, and operations, DevSecOps focuses on security in software development. Cybersecurity professionals working in this area implement security practices during the design, testing, and deployment phases of the software development cycle.
Cybersecurity Soft Skills
Technical skills are critical for success in a cybersecurity career—but so are soft skills. The ISACA 2023 survey found that soft skills in the following areas were the most in demand by employers, listed here with the percentage of respondents who identified each:
-
Communication (58%): Cybersecurity professionals relate complex technical information to organizational leaders, which requires strong communication skills. Patience, clarity, and interpersonal skills also benefit professionals in cybersecurity.
-
Critical thinking (54%): The ability to anticipate security threats and implement cybersecurity policies ranks high among in-demand cybersecurity soft skills. Critical thinking skills also help cybersecurity professionals adapt to changing threats.
-
Problem-solving (49%): Cybersecurity professionals need to have strong problem-solving abilities. They must be able to implement solutions to security flaws, evaluate security alerts, and stay ahead of hackers.
-
Teamwork (45%): Cybersecurity professionals coordinate with software developers, information technology (IT) professionals, and nontechnical employees to do their jobs. Cybersecurity work often requires a team-based approach. Strong collaboration and teamwork skills help cybersecurity professionals advance.
-
Attention to detail (36%): Cybersecurity professionals need to be detail-oriented to be able to detect cyberattacks and identify security vulnerabilities. Monitoring security systems, informing employees about security procedures, and tracking network performance also require a heightened attention to detail.
In addition to these top soft skills, cybersecurity specialists also benefit from having resilience, adaptability, and the ability to manage stress.
Industry-Specific Cybersecurity Skills
Cybersecurity plays a critical role in organizational success across industries. But what skills do information security specialists need to work in specific industries?
In finance, cybersecurity experts need to know how to protect financial information and implement access management procedures. Healthcare cybersecurity jobs require an understanding of medical devices and electronic health records. And in government, cybersecurity plays a critical role in national defense.
Finance
Finance is one of the highest-paying industries for information security analysts. Finance organizations rely on cybersecurity professionals to protect financial transactions and sensitive data. Information security analysts in finance had a median annual salary of $126,230 in 2023, according to BLS data.
Finance Cybersecurity Threats
The finance industry faces many unique cyber threats, particularly from hackers attempting to access sensitive financial information. Here are the major threats the industry faces:
-
Protecting customer data: Financial institutions house sensitive data, particularly their customers’ financial information. That makes the finance industry a target for cyberattacks. Protecting customer data from breaches represents one of the most important fronts in finance cybersecurity.
-
Preventive cybersecurity: Rather than just reacting to cyberattacks after the fact, the finance industry faces pressure to prevent attacks before they take place. That requires identifying potential security vulnerabilities.
-
Confidentiality: In addition to customer data, financial institutions maintain many other confidential records. Unauthorized attempts to access confidential records represent a significant threat to finance.
Finance Cybersecurity Skills
What skills do cybersecurity professionals need to work in the finance industry? Strong access management, risk identification, and cloud computing capabilities are critical in these roles. Skills in these areas are the most important for success in a finance cybersecurity career:
-
Access management: Only authorized users should have access to financial systems, which can include employees and customers. Access management skills allow cybersecurity professionals to verify users’ identities, track security threats, and prevent unauthorized access.
-
Risk identification: Proactive approaches to cybersecurity require risk identification skills, including the ability to identify vulnerabilities and implement solutions. Risk management skills help finance cybersecurity professionals secure private data.
-
Cloud computing: As financial organizations increasingly offer cloud-based services, information security analysts with cloud computing skills are needed to secure these systems. Both customer-facing and internal cloud systems require strong security.
Government
There’s a reason why organizations in Virginia employ more information security analysts than those in any other state, including California. Virginia is home to key federal government agencies, and cybersecurity professionals working in these agencies protect national security, identify threats to critical infrastructure, and investigate cybercrimes.
Government Cybersecurity Threats
Government organizations face more cybersecurity threats than organizations in any other sector, in part because the government is responsible for so many functions critical to citizens’ lives, including infrastructure, national security, and the storage of information. Following are some of the greatest cybersecurity threats the government faces:
-
Cyberterrorism: Terrorists are increasingly turning to computer-based terrorism to target Americans and government organizations.
-
Cyber espionage: State and nonstate actors target American organizations to gather intelligence. Countering cyber espionage through counterintelligence represents a critical part of government cybersecurity efforts.
-
National security: The U.S. Department of Homeland Security (DHS) and the armed forces employ cybersecurity professionals to protect national security and defend America’s key assets.
Government Cybersecurity Skills
Cybersecurity jobs in government at the federal, state, and local levels require specific skills. Cybersecurity skills in the following areas are key to keeping government agencies safe:
-
Digital forensics: Government information security analysts who work in the criminal justice system use their digital forensic skills to detect and prosecute cybercrimes. This can include financial fraud, identity theft, and cyber espionage.
-
Vulnerability detection: The ability to detect vulnerabilities and strategically assess risk represents an important skill for government cybersecurity professionals. For example, professionals may look for security weaknesses in critical networks or create response plans to protect critical infrastructure from cyberattacks.
-
Incident response: When government agencies detect a cybersecurity incident, they must react quickly. Whether in the armed forces, intelligence, justice, or transportation branch of government, cybersecurity professionals need strong incident response skills to address potential breaches and prevent outages or disruptions.
Manufacturing
In the manufacturing sector, cybersecurity professionals protect manufacturers from threats like operational disruptions. The U.S. government considers many manufacturers and certain manufacturing functions to be part of the country’s critical infrastructure.
Manufacturing Cybersecurity Threats
Cybersecurity threats in manufacturing include attacks that halt production lines and cause major disruptions to crucial supply chains. The following are some of the major cybersecurity threats in manufacturing:
-
Operational disruptions: Cyberattacks can stop production lines or halt operations, which can mean both delays and financial losses for manufacturing companies.
-
Data breaches: Manufacturers are targets for cyberattacks because they store crucial data on manufacturing processes and intellectual property. Data breaches represent one of the most critical cybersecurity threats in manufacturing.
-
Internet of Things (IoT): Manufacturers produce billions of IoT products––physical objects that have internet connectivity. From smart home devices to smart energy tools, these products are often targets for cybercriminals. By securing IoT products during production, manufacturers can stop hackers from compromising them before they reach consumers.
Manufacturing Cybersecurity Skills
Specialists in manufacturing cybersecurity need to protect products throughout the production cycle, along with the entire infrastructure of the manufacturing sector. Skills in the following areas are key for success in a manufacturing cybersecurity career:
-
IoT security: Today, more than 24 billion IoT products connect users to the internet. However, the prevalence of IoT products has created more attack points for hackers. In the manufacturing sector, cybersecurity skills can include being able to update the default settings, firmware, and software of IoT products to improve their security.
-
Attack surface management: Attack surface management involves analyzing potential vulnerabilities in a system that a hacker might use to gain unauthorized access. Cybersecurity professionals in manufacturing use skills in this area to defend against attacks before they take place.
-
Ransomware defense: Ransomware attacks lock targeted users out of their systems until they pay a ransom. In the manufacturing sector, this can cause major production disruptions. Manufacturing cybersecurity professionals need to have the ability to monitor networks and systems for ransomware threats and prevent attacks before they take place.
Healthcare
The number of ransomware attacks targeting healthcare delivery organizations doubled from 2016 to 2021, according to a report in JAMA Health Forum. Those attacks exposed the personal health information of nearly 42 million patients. As the healthcare industry continues to grow and increasingly relies on technology to manage its information and processes, the industry’s need for well-trained cybersecurity professionals is also growing.
Healthcare Cybersecurity Threats
Healthcare organizations hold vast quantities of data on patients. Maintaining the privacy of patients’ health information is a major concern in this sector. Other healthcare cybersecurity threats include the following:
-
Personal health information: On the dark web, personal health information commands much higher prices than credit card information. That makes hospitals, clinics, and other healthcare organizations attractive targets for hackers. Not only do healthcare organizations collect large amounts of personal health information, they store that information for many years.
-
Internet of Medical Things (IoMT): In healthcare, IoMT devices such as remote monitors and infusion pumps can save lives. However, using internet-connected devices can leave organizations vulnerable to attacks. Further, disruptions to internet-connected operational technology can delay procedures, put patients at risk, and disrupt operations.
-
Legacy systems: Many healthcare organizations have not invested in keeping their technology current. Using legacy systems that are no longer supported by their manufacturers leaves healthcare organizations vulnerable to cyberattacks. These systems no longer receive patches or security updates to protect against breaches.
Healthcare Cybersecurity Skills
Healthcare cybersecurity jobs require strong data protection and system security skills. In addition, cybersecurity skills in the following areas help professionals working in healthcare information security excel in their roles:
-
Medical device security: Hospitals rely on medical devices to monitor patients, issue prescriptions, and maintain health records. Securing these medical devices against unauthorized access or malware represents an important front in healthcare cybersecurity. Similarly, healthcare organizations rely on many internet-controlled devices that require securing.
-
Malware detection: Cybercriminals use malicious software to gain access to healthcare organizations’ networks and systems. The ability to detect malware attacks and prevent data loss or corruption is key for healthcare cybersecurity.
-
Configuration management: Configuring new devices and software represents an important security step. Cybersecurity specialists in healthcare need to be skilled at configuring and updating their organization’s technology to prevent unauthorized access. This can include securing electronic health records systems, authenticating users, and implementing multifactor authentication.
Software Development
Exploitable security vulnerabilities can be introduced at any stage of the software development cycle. That’s one reason the National Institute of Standards and Technology created the Secure Software Development Framework (SSDF), which details the best practices for software security. Software publishers rank among the top-paying employers of information security analysts, so jobs in this field require specialized skills.
Software Cybersecurity Threats
Customers access millions of apps from their phones on a daily basis. In the software field, the increasing reliance on mobile and cloud-based apps poses a unique cybersecurity threat. The top threats in this sector include the following:
-
Mobile devices: With the explosion in mobile device use over the past decade, software developers need to ensure that their apps remain secure on mobile devices. A vulnerability in a mobile app can put all of a user’s data at risk, making this a major threat.
-
Unpatched vulnerabilities: Cybercriminals identify unpatched vulnerabilities in software programs to access data. Bugs in software that developers have not yet identified, known as zero-day vulnerabilities, provide hackers with time to access systems. Zero-day vulnerabilities are especially harmful for software as a service (SaaS) platforms.
-
SaaS attacks: Software as a service gives users live access to software that’s hosted through cloud computing. However, the reliance on cloud infrastructure makes these platforms vulnerable to attacks. Cloud misconfigurations and cloud leaks can put these apps in danger.
Software Cybersecurity Skills
Cybersecurity professionals who specialize in software draw on their testing skills to protect apps throughout the development cycle. Cybersecurity skills in these areas are some of the most important for professionals working in software development:
-
DevSecOps: Development security operations teams apply security testing tools to apps in order to identify any vulnerabilities and patch them before releasing the software. Strong DevSecOps skills help cybersecurity professionals keep the software development process secure.
-
Software maintenance: Software programs require updates to maintain their security. Being able to monitor software for necessary patches and implement security updates are important skills for software cybersecurity professionals.
-
Penetration testing: Cybersecurity experts stay one step ahead of hackers by attempting to gain access to software in a practice known as penetration testing. This allows the testers to identify vulnerabilities before hackers can exploit them. Cybersecurity professionals with penetration testing skills help software publishers create secure products and prevent theft before it takes place.
Earn a Bachelor’s in Cybersecurity at East Carolina University
Professionals working in cybersecurity often have high salaries and benefit from strong job growth. The online Bachelor of Science in Information and Cybersecurity Technology with a Cybersecurity Concentration degree completion program at East Carolina University®️ is designed to help students strengthen in-demand cybersecurity skills.
In our beginner-friendly program, you’ll study advanced cybersecurity practices, including incident response, digital forensics, risk management, and cyber threat intelligence. The program’s curriculum prepares you to pursue a career in any of a range of fields, with coursework on secure software development, penetration testing, and cyberinfrastructure security. Contact ECU today to find out how the cybersecurity program can help you embark on a rewarding career.
Recommended Readings
Cybersecurity vs. Information Technology: What’s the Difference?
Network Security Engineer Salary & Job Description
Sources:
CompTIA, “How to Transition From Finance to Cybersecurity”
CompTIA, “How to Transition From Software Development to Cybersecurity”
CompTIA, “What Is IoT Cybersecurity?”
Cybersecurity and Infrastructure Security Agency, Federal Cyber Defense Skilling Academy
Cybersecurity and Infrastructure Security Agency, “2022 Top Routinely Exploited Vulnerabilities”
DevTalents, “10 Cyber Security Risks in Software Development and How to Mitigate Them”
Dice, “As Healthcare Cyber Threats Increase, More Tech Pro Talent Is Needed”
Indeed, “12 Must-Have Cybersecurity Skills (and How to Improve Them)”
Industrial Cyber, “Cybersecurity in the Manufacturing Industry”
Infosec, “Why Soft Skills Are Just as Important as Technical Skills in Cybersecurity”
ISACA, “ISACA’s State Of Cybersecurity 2023 Report Pinpoints Pressing Workforce Gaps”
Microsoft, Cybersecurity Skills
Mission Secure, “A Comprehensive Guide to Manufacturing Cyber Security”
Nasdaq, “The Evolving Role of Cybersecurity Professionals in Finance”
National Institute of Standards and Technology, Secure Software Development Framework
Ordr, “What Is Healthcare Cybersecurity?”
Robert Half, “Navigating the Cybersecurity Skills Gap”
UpGuard, “Top 7 SaaS Security Risks (and How to Fix Them)”
U.S. Bureau of Labor Statistics, Occupational Outlook Handbook, Information Security Analysts
U.S. Department of Homeland Security, Join DHS Cybersecurity