The Most in-Demand SkillsSecurity professionals should look to increase their skills in several areas:
Experienced-based certifications - such as ISACA's CISM and CISA certifications. These certifications are usually valued more highly by hiring organizations because they provide an assurance that the holder has extensive experience in their fields. Other certifications based on simply passing a test to demonstrate specific knowledge will be in less demand. Companies want to know that candidates can do the job, not pass a test.
Business skills - One of the greatest challenges in information security is alignment with business objectives. Companies are increasingly demanding that information security professionals understand financial, legal and regulatory, organizational and people issues.
Core security skills - Too many information security practitioners are engineers and technicians that "just fall into security" and do not have "core security skills" such as the ability to perform threat and risk assessments, assess control system effectiveness or the legal issues involved in incident response activities.
Converged security skills - Many organizations are beginning to understand that having separate risk management functions is wasteful, and executives who are demanding a greater return on their security investments are looking for ways to consolidate various corporate risk functions. This is not simply creating a CSO position to oversee both IT and physical security but is the convergence of IT, physical, legal, financial, audit, HR and regulatory risk functions. Security professionals that at least understand the basics of risk management in these other areas will be of greater value to organizations.