What are some of the most important skillsets for IT Security?

[cyberdrifter]

This is an open question, I'm asking for your opinion.


Lets pretend we're doing this because we're writing a book about the ultimate hacker. What skillsets would this individual have?


What do you think are some of the key areas/skillsets/behavioral traits/knowledge sets that are critical to be competent in this arena? Everything, from the most simple to the most complicated. What would be most useful?

A compiled list of skillsets and attributes:

Technical Knowledge-base:

• Computer Related Mathematics: Having a grasp on things like number systems, algorithms, logic, etc can certainly help assist someone in their endevour to create programs relying on such things.
• Computer hardware knowledge (ie: CompTIA A+ level of knowledge): ofcourse
• Networking: Understanding the ins an outs, from ports and protocols etc.
• Physical Security: Understanding how locks and surveillance systems work could potentially be useful in certain situations.
• Tool Specialization: Being well versed in many systems from Operating Systems to Tools: Windows, Linux, OS X, etc and things like NMAP, Wireshark, Metasploit, etc.

Skillsets

• Capacity to Acquire Knowledge: This includes OSINT, Googlefu, and just general capacity to perform research, acquire, and compile information into a useful form.
• Programming: In order to effectively manipulate a machine you have to be able to speak its language. This would include debugging, reverse engineering, creating exploit code, scripting, etc.
• Social Engineering: In order to get information on a specific area, sometimes the soft target is the best one.

Behavioral Traits:

• Motivation: Clearly if an individual is to reach any level of mastery in something, they need to be motivated to do so.
• Persistence and Resilience: Something like this requires someone who can persist through difficult problems, things don't always go how we expect them and often times require us to hack our way through the problem-set.
• Hunger for Knowledge:As a field that grows and evolves at such a rapid rate, one is required to stay up on the latest developments in the IT realm in order to stay relevant. Therefore an eagerness to learn new things is critical.
• Creativity and Out of the Box thinking: Hacking is essentially the effort of asking "how can I make this do something different" this requires the capacity to bend your perception of what something is or "should" be. It requires you to think beyond your preconceived notions and question everything you think you know.

========
What do you think are some critical areas for such a professional?

[Syntax990]

Motivation. If you are not motivated then you wont get anywhere with IT security. It's somthing you have to want to do by choice.

[cyberdrifter]

Motivation. If you are not motivated then you wont get anywhere with IT security. It's somthing you have to want to do by choice.

That's more of a behavioral trait than a skillset, but it certainly is needed so I'll add those too.

[cyberdrifter]

Advanced understanding of how computers work?

How do you mean?

[cyberdrifter]

Well, you have "Basic understanding of how computers work". What do you mean by that? A basic understanding is good, but a thorough/advanced understanding is obviously better.

By basic understanding I mean like compTIA's A+ level understanding of computer hardware.
How exactly do you quantify advanced?

[Spacecow]

Metasploit is best sploit

[cyberdrifter]

I haven't done A+ so I don't know what it consists of but my understanding is that it is primarily for noob techs... configuring windows networks, replacing ram? etc?

I'm talking an actual understanding of how the processor works, the input, instructions, output, storage in ram. how data is manipulated, virtual memory, etc. you probably wont learn about smashing the stack/buffer overflows by completing A+.

A+ is a basic introductory course that primarily assesses your familiarity with computer hardware, actually has very little to do with windows.

Here's a list of topics covered
http://certification.comptia.org/docs/default-source/exam-objectives/comptia_a_220-801_objectives.pdf

No it won't tell you how to smash a stack, but it does explain how the processor, ram, etc works. More over it lays the foundation for more advanced topics. As I said it's an introductory course cert.

That said, if someone wanted to learn how to do buffer overflows understanding the basics of the underlying hardware could be beneficial. In any case, I'm not saying anyone needs to get the cert, i'm simply talking about the information covered in it.

[Spacecow]

I haven't done A+ so I don't know what it consists of but my understanding is that it is primarily for noob techs... configuring windows networks, replacing ram? etc?

Its basically a cert saying you're certified to work for geek squad or in a similar tech repair position

[cyberdrifter]

Metasploit is best sploit

You're not secretly mobix are you?

[Deque]

In my opinion the most important skills in your categories technical knowledge base and skillset depend on your specialization.
IT Security is such a broad field. E.g. a malware analyst needs other skills than pentester.

There are only a few commonalities everyone should have. Googlefu (I like the term) and ability to do proper research is one of them. A basic understanding of how computers and operating systems work is a must.
All of your mentioned behavioural traits are a must, otherwise you won't be good in that job.

I would add to that an open mind and creativity. Both are necessary to come up with good solutions. Persistence alone won't help if you run out of ideas what to do. Being stuck in your own thinking and biases doesn't help either to find ideas.

[Syntax990]

I think rather than just knowing the basics of computers (Basic is subjective, I'm not going to define basic), It's essential to understand how data and information alike are related to computing. I know computer numeric systems are 'basic', but try explaining how these numeric systems work to someone outside the field.

Hexadecimal, Octal..., all these are minimal requirements to advancing anywhere in IT. If you just assumed that the CPU and RAM send information to each other magically, Not knowing how the information is actually used will leave you feeling 'outside' (For lack of better word)

[cyberdrifter]

I completely agree, the average IT Guru needs to specialize and have a focus area. Otherwise they'll be spinning their wheels... this field is massive. But I want to reiterate we're not talking about the average person. This is a fictional character, the Jason Bourne of hackers. He/She would possess all of those skillsets. My question is what are all of the critical skillsets that someone like this would have, to be supremely effective in the cyber realm?




I also agree with creativity and having an open mind. (adding it)

In my opinion the most important skills in your categories technical knowledge base and skillset depend on your specialization.
IT Security is such a broad field. E.g. a malware analyst needs other skills than pentester.

There are only a few commonalities everyone should have. Googlefu (I like the term) and ability to do proper research is one of them. A basic understanding of how computers and operating systems work is a must.
All of your mentioned behavioural traits are a must, otherwise you won't be good in that job.

I would add to that an open mind and creativity. Both are necessary to come up with good solutions. Persistence alone won't help if you run out of ideas what to do. Being stuck in your own thinking and biases doesn't help either to find ideas.

[cyberdrifter]

I think rather than just knowing the basics of computers (Basic is subjective, I'm not going to define basic), It's essential to understand how data and information alike are related to computing. I know computer numeric systems are 'basic', but try explaining how these numeric systems work to someone outside the field.

Hexadecimal, Octal..., all these are minimal requirements to advancing anywhere in IT. If you just assumed that the CPU and RAM send information to each other magically, Not knowing how the information is actually used will leave you feeling 'outside' (For lack of better word)

Right, i see what you're saying. That's a good point. The basics can (at least in the beginning) be quite complex themselves. I suppose this does require me to reword my original thought.
You post brings up another good point: Mathematics as they relate to computing.
Number systems, algorithms, logic, all play a part in the thinking process of someone who deals in computer science. (adding that)