What Tech Skills Do Employers Look For?

[ForgottenSeer 55474]

With the new year upon us, it’s time to dive right into the hopeful feeling of making a few significant life changes. The age-old “get healthy” and “fix my finances” promised are worthy resolutions, but many people use this time of self-reflection to explore the job market, intent on finding a better position that pays more, offers them room for growth, and utilizes their skills and education.



You can’t work the cash register at a major chain retailer these days without some level of comfort around its computer-based setup. But if you’re going into a career-oriented job hunt in the coming year, you might be surprised by the results of a new study by Novel Aspect. Their report shows that employers are still seeking the same old Microsoft Office skillset – typically Outlook, Excel, and PowerPoint–but that the highest paying jobs aren’t feeding out of Microsoft experience. It’s Amazon Web Services that’s bringing in the higher salaries.

“The most popular software applications featured in Indeed.com job listings serve a range of business needs. The top 20 list includes programs that focus on everything from accounting to document management as well as client services and design. The three most popular software skills are all part of the Microsoft Office Suite of products, which has consistently reigned supreme since the company began in 1989.

“Excel, Outlook, and PowerPoint rank the highest for desirable software skills since spreadsheets, email, and presentations drive just about all business environments. Companies mention the three products collectively in 35.4% of job listings. By comparison, Microsoft Office competitor iLife – produced by Apple – is only represented in 9.7% of Indeed job listings. Microsoft Access, an industry-leading database management system, was No. 5; overall, the company secured 4 of the 10 most sought after software spots.”

So why are employers still listing Microsoft experience if the real money is in your ability with other platforms? It could be a simple matter of failing to update their expectations. After all, a couple decades ago knowing how to put together a really vibrant, dynamic PowerPoint could make you the company’s go-to guy. Now, first graders are using PowerPoint to create their Thanksgiving recitals. Of course, as unlikely as it may seem in the current job market, there are still candidates who aren’t familiar with those old standbys, so employers may still feel the need to be specific.

If you’re in the market for a new job, take a look at Novel Aspect’s comprehensive list of skillsets and their correlating pay expectations. Then brush up on at least the lingo while you begin your search, and make a few “For Dummies” books part of your holiday wish list for today’s current hot-ticket skills.

 

[Wave]

One thing employers look for is cyber-security skills, because 9 times out of 10 the enterprise ransomware infection is down to ignorance of e-mail usage (e.g. accepting attachments from unknown senders and running them or even being tricked by a spoofed e-mail to believe it's from their boss, leading them to click a link/download an attachment and run it, thinking it's from a trusted sender).

They may not specifically look for it/ask you about it; if you have skills in the area of cyber-security, tell them, it'll higher up your place most likely. But don't say you do unless you do, because if they check it up and you have no idea what you are talking about then you'll get caught out for lying.

 

[Crypto]

This is an interesting topic as I would like to know what to list on my resume at a later date.

 

[Svoll]

One thing employers look for is cyber-security skills, because 9 times out of 10 the enterprise ransomware infection is down to ignorance of e-mail usage (e.g. accepting attachments from unknown senders and running them or even being tricked by a spoofed e-mail to believe it's from their boss, leading them to click a link/download an attachment and run it, thinking it's from a trusted sender).

Thats a very nice tip, I am gonna list MT on my resume/CV as regular browser on the Vault forums to learn about infection and prevention methods.

 

[Zero Knowledge]

I would advise people looking to break into security or network security to create a personal GitHub page. Work on some projects.

You should also consider working on your own security blog. And you really need a good looking Linkdin profile page.

If you haven't learnt a coding language yet I would advise to start ASAP learning Python, Java, PHP or C++.

With those skills you will impress your employer more than if you have a university level education.

 

[Wave]

I would advise people looking to break into security or network security to create a personal GitHub page. Work on some projects.

You should also consider working on your own security blog. And you really need a good looking Linkdin profile page.

If you haven't learnt a coding language yet I would advise to start ASAP learning Python, Java, PHP or C++.

With those skills you will impress your employer more than if you have a university level education.

True, but depending on the job, learning programming languages and the such would probably be a waste of your time unless you want to do it as a hobby.

Whereas, being knowledgeable on cyber security and having good online practises will be useful regardless of the job as long as you'll have access to a system at work.

Some employers don't even handle things themselves and just own it all and have everyone doing the work, they might not even know anything about programming themselves.

That being said, learning to code will be beneficial mentally as it'll make you think and be creative (potentially creative).

 

[Zero Knowledge]

The market has shifted in recent years. I know that most network security jobs now require programming skills.

If you want to work in malware analysts knowing C++, C# or Python is very desired skill/mandatory to have.

Incident response/Threat Intelligence you will need to be able to reverse engineer malware so programming is very valuable skill.

If you write "being knowledgeable on cyber security and having good online practises" on your resume you will never get a call back ever.

 

[Wave]

If you want to work in malware analysts knowing C++, C# or Python is very desired skill/mandatory to have.

Incident response/Threat Intelligence you will need to be able to reverse engineer malware so programming is very valuable skill.

This is pretty obvious.

You failed to read an important part in my previous post:

depending on the job

This thread isn't about jobs specifically related to malware analysis and the such, it's about tech jobs in general - it could be a simple job of checking e-mails and forwarding information to other employees. Therefore, having knowledge on cyber-security and therefore being stronger against attacks such as phishing is beneficial, whereas needing to know internals of Windows, being able to reverse engineer malware and program in C/C++ and the such would only be required depending on the job you want.

Understood now? I don't think I can explain it any simpler.

 

[Zero Knowledge]

Yes I understand. But most people on this forum would be looking to get into security industry in a security role.

Those skills I listed are very much needed for any job that deals with security day in day out.

I don't think forum members are looking to work in the help desk.

 

[Wave]

Yes I understand. But most people on this forum would be looking to get into security industry in a security role.

Those skills I listed are very much needed for any job that deals with security day in day out.

Yes.

As for reverse engineering, you'll need more than knowledge on C++, C#.NET and some web languages. You'll want experience with Assembly (x86 and x64, but if you know 16-bit ASM as well then that's even better for you); then you'll be able to perform disassembly and convert the instructions to pseudo-code in a higher-level language such as C/C++, or rely on an extension to automatically do it for you.

Learning C#.NET/VB.NET would be useful for reverse engineering MSIL assemblies however it's done differently to programs made in languages like C++ (since .NET uses a Just-In-Time compiler). The common language run-time must be activated (initiated at run-time) and this is responsible for translating the byte-code to the CPU instructions; the MSIL byte-code can be reversed back to pseudo-code (source code) however it won't be identical to that of the original source code. You can use utilities like .NET Reflector or ILSpy to do it - if the sample is obfuscated then you can work with de-obfuscation methods and of course knowledge on unpacking (e.g. via debuggers, dumping and the such) is required say on case the MSIL PE has been packed as opposed to obfuscated.

That being said, you'll need more than the basics of a language if you want to go anywhere and it'll take you a long time of studying to get anywhere decent - speaking of C++, it would be wise to study the Win32 API and then move onto the NTAPI, and afterwards focus on topics such as redirecting execution flow with the usage of function detouring (also known as API hooking), injection attacks (e.g. manual map DLL injection via LdrLoadDll as opposed to basic Win32 methods via CreateRemoteThread), .... And eventually device driver development.

(In other words, you need to know how malware internals really work, focusing on studying rootkit development would be your best bet at mastering such stuff).

Learning a bit of a few languages would be a complete waste of time if you can't do anything special, what you gonna do when the system gets attacked with a rootkit, open up Visual Studio and print "Hello World" to a console window with cout in C++?

Python, Java, PHP or C++.

I agree that Python can be quite useful (e.g. with IDA Pro to write scripts) but I really would invest your time in Assembly, C and C++ because you'll most likely get further.

Good luck.