The Hacker's Cache

#78 Top 10 Cybersecurity Skills (Where to Learn Every One)

Kyser Clark - Cybersecurity Season 3 Episode 79

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 33:31

Whether you're trying to break into cybersecurity or level up your career, knowing which skills actually matter can save you years of wasted time. In this episode of The Hacker's Cache, I rank the top 10 cybersecurity skills for 2026, explain why each one is important, and share the best ways to learn them through certifications, TryHackMe, Hack The Box, books, hands on practice, and real world experience. We cover networking fundamentals, Windows and Linux, cloud security, identity and access management (IAM), risk assessment, incident response, application security (AppSec), Python automation and scripting, AI security, communication, and problem solving. Whether you're pursuing a career in penetration testing, ethical hacking, SOC analysis, cybersecurity engineering, red teaming, blue teaming, or AI security, this episode will help you prioritize your learning roadmap and focus on the skills employers value most. 

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY


Music by Karl Casey @ White Bat Audio

Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

Opinions are my own and may not represent the positions of my employer.

Welcome to the Hacker's Cache, the show that decrypts the secrets of cybersecurity one byte at a time. I'm your host, Kyser Clark. In this episode, we're going to be talking about the top 10 skills that you need in cybersecurity, where to get those skills, and how important they actually are.

 

So without further ado, let's go ahead and hop straight into it with skill number 10. We're going to be doing this in reverse order from least important to most important. But honestly, all these are very important, to be honest with you guys.

 

But there are some that's more or less important, depending on the skill. But starting with number 10, communication and problem solving. This could be arguably the most important, but I have it here at number 10.

 

Every major hiring study finds that communication and problem solving skills are often valued as highly as technical skills because security professionals must explain risk, influence decisions, and work across teams. And if you're wondering, where do you get communication or problem solving skills? This is probably the hardest skill to obtain, because there's no course, there's no bootcamp, there's no certification that's going to teach you how to communicate, how to problem solve. You only get these skills by doing things in the real world.

 

And that's what makes them pretty rare, especially in our field, cybersecurity, where everybody is not everybody, but the majority of us are introverted people. I'm an introvert myself, despite making a podcast. So this is a skill that you absolutely have to develop over time with real world application.

 

But you don't need to have a cybersecurity job to develop these skills. You can get these by working in a hotel, working in a restaurant, customer service, any kind of customer service job is really going to help you with this communication and teamwork skills. And any job really, because you're going to be working with people in any position that you go into.

 

It doesn't need to be cybersecurity related. Any kind of job, you're going to get these communication skills. Problem solving, it's a little bit different, but problem solving skills, you're going to get mostly from helpdesk.

 

And this is why hiring managers and employers love people who come from helpdesk backgrounds, because problem solving communication is so important in those roles that you're going to know how to do this stuff like the back of your hand. So you can't really teach it. You have to, you have to learn it on the job with real world application and helpdesk roles is a fantastic opportunity to develop them.

 

And another job that I would think would be good at problem solving, if you are coming from this background, then you kind of have an advantage, that's mechanic. So any type of mechanic who's figuring like diagnosing problems on vehicles and engines, then you are already going through the problem solving process. Now, fixing a car is different than fixing a computer, but the problem solving process and isolating the issue and really diagnosing like what the problem actually is, is pretty much a core similar.

 

It's similar. It's going to be about the same. So I've never been a mechanic.

 

However, I do imagine mechanics being really good problem solvers because they are really good problem solvers. And they're good at communicating with people too, because they not only have to diagnose this car, but also communicate that to the customer and explain why this is a big deal and what they can do to fix it. So that's one of those professions that we wouldn't think would translate well into tech, but it probably does.

 

Moving on to skill number nine, AI security, the newest skill on the block, we probably wouldn't put this on the top 10, two years ago, but here we are. It's that important that it came in the top 10 this quick. So securing LOMs, RAG systems, AI agents, model supply chains, prompt injection defenses, and AI governance are rapidly becoming high demand skills.

 

And I see Nautilus AI among the top technical hiring priorities. And it is because every company, every organization, I want to say every company, every organization, but any company that wants to survive is putting AI in their applications, in their business, in their networks. And any company who is neglecting the use of AI is probably going to fail.

 

That's a hot take of mine, but I think it's just a cold, hard truth and the cold reality of AI. AI is the backbone of the American economy right now. It's super important.

 

Everybody wants to put AI everywhere because they know it's the potential to accomplish great things is there with AI. And AI, there's a lot of risk and there's a lot of insecurities with AI and having AI security skills is going to pay dividends if you learn it. And I would say that this is right now, you can get away with not having it, but I can say, see in five years, like if you don't have AI security skills, like you're going to be out of a job.

 

So it's very important that you guys start learning this. I personally have started learning AI security. I recently got the Contia Sec AI+.

 

I'm currently working on the TrihackMe AI level one. There's also some other AI security certifications out there from Hack the Box and TCM security and Offsec. All these certs are on my radar.

 

If you want my review on the Contia Sec AI+, then you can see it on my YouTube channel. But overall, this is the area that I'm focused on tripling down, quadrupling down on, because I do see it being a vital skill in the future. Like I said, you can get away with not having it now, but I would be very shocked if this wasn't a vital skill set in five years.

 

And like I said, if you don't have this skill set in the next five years, there's a good chance that you're just going to be out of a job. That's how important it is. That's my hot take.

 

That's my bold take. It could be a little longer in five years, but the point is AI security is here to stay and it's not going anywhere. And it's in your best interest to learn it, whether you're a defender or an office security professional.

 

Skill number eight, automation and scripting. So Python, PowerShell, Bash, APIs, and automation multiply your effectiveness regardless of specialization. And this skill set was probably higher on the list at one point in time, if I'm honest.

 

But because of AI, we are seeing entry-level coding positions, entry-level developer positions getting replaced with AI. There's no more entry-level coding positions. And they're even starting to replace intermediate coders as well.

 

There's companies that full-fledged just want AI coding everything. And a lot of security professionals who have been in the field for a while, they're probably laughing. They'll be like, oh, but AI codes insecurely.

 

There's all kinds of bugs and it's just not secure code. And that is true. But the point is, is AI is replacing entry-level developer and coding positions.

 

And that is a fact that we can't not ignore. And if you're wondering, for those who aren't in the field, I would argue that an entry, like an old, like five, 10 years ago, an entry-level coder or an entry-level developer had a higher, typically speaking, higher coding skills than a senior cybersecurity professional. And the reason why I'm saying that is because as a cybersecurity professional, you don't really need to be a full-stack developer.

 

You don't need to know how to program full-fledged applications. You can if you want to. And there are security professionals that absolutely do that.

 

We got tons of cybersecurity tools to show for that, but you don't need to know how to code at that level to be successful. Small scripts to help make your life easier, like automation scripts, is really the crux of what you need to be learning here. And when I say small scripts, we're only talking like a handful of lines.

 

They're not full-fledged programs. They're just things that just automate your workflow and make your life a little bit easier just to speed up time. And also, you can find vulnerabilities in code as well if you're going the office security route.

 

So having that, if you have a deep level coding, then you're going to be able to find these vulnerabilities a little bit faster if you're doing like secure code reviews, which is an applicable skill that we're going to get into on the next skill. But before we move on to that, how do you learn automation scripting? The way you learn, because there's no certifications with programming. This is one of the things that was challenging for me, because for those who follow me, I like certifications.

 

I got 20 of them right now. And I was like, how do I learn coding? There's no coding certifications. And there is, but they're not really relevant.

 

So you just got to learn. You just got to do it. Literally, it's just that simple.

 

The way I did it, I went to Udemy. I just typed in Python, because that was the language of choice. And I would still say Python's probably the top language you would want to learn as a cybersecurity professional.

 

But PowerShell and Bash is also very important. And I know how to code PowerShell and Bash as well. But Python's where I started.

 

Actually, I take that back. The first program I ever wrote was in Bash when I was doing the content of Linux Plus. But when I seriously want to take coding very seriously, it was Python, because Python's very prevalent in this field of cybersecurity, especially for a pen tester like I used to be.

 

So like I said, I went to Udemy, got some bootcamps. And I just did the bootcamps. And I just started coding.

 

I did 100 Days of Code Challenge. And I tried to do three hours a day for 100 hours. However, I did a little bit less than three hours a day on average, and ended up with 2.7 hours a day, 2.8 hours a day.

 

So 270 hours I dedicated to just learning how to code. And that's not counting all the time I've spent coding on the job and all the time I spent coding in my free time to automate some of the tasks. I have some code scripts on GitHub that automate some tasks, like setting up Kali Linux box and fixing the 4K issue.

 

If you guys load up Kali Linux on 4K, everything's super tiny, and you can't see anything. So I wrote a script to automatically fix it. And it took me a long time to fix it, to figure out what the problem is and how to fix that problem.

 

And then it took me more time to figure out how to automate it. But once I did, it's like, dude, every time I spin up Kali Linux, all I do is copy and paste a script and run the script, and boom, it's done. And that's the power of scripting.

 

And that's really what you're using scripting for, guys. You're not developing full-fledged applications. Now, you can make your own tools, like I said, tons of security professionals have done that.

 

But there's enough tools out there, like, that it's not necessary to just write your own tools. Moving on to skill number seven, application security. So this goes hand in hand with automation and scripting, as I said, where I was going to get into secure code review a little later.

 

But secure coding, OWASP 10, API security, SDLC, code review, DevSecOps have become increasingly valuable as software drives businesses. So everyone wants to ask, everyone knows what SaaS is, software as a service. I thought that was a cybersecurity term.

 

That is not a cybersecurity term, guys. That is a business term. Everybody knows what a SaaS app is.

 

Everybody in business knows what a SaaS app is, because that's how prevalent software is. And software runs on code. Who would have thought? So having those application security skill sets is going to be vital, especially if you're trying to get into secure code.

 

You don't need to do secure code review. That's just a specialty that you can get into. But AppSec is more or less just like, it's the same skill set as both bounty and it's the same skill set as web app pen testing.

 

So if you want to learn AppSec, guys, just focus on anything that's web app hacking, anything web app hacking related, you're going to learn AppSec stuff. So the way I learned this skill is, once again, through certifications. I did the OffSec Web Assessor, that's the OSWA.

 

I also did the TCM Security PWP, that's the Practical Web Pen Test Associate. There's also the Burt Suite Web Security Academy. And there's also other web app hacking certifications out there that you can go out and do.

 

Keep in mind, with every one of these skills, guys, there's a module on Hack the Box or Try Hack Me for each of these skills, if not multiple rooms, because these are prevalent skills and Try Hack Me and Hack the Box are going to be able to provide you small nuggets of wisdom in any skill you choose. So there's always a good place to go to learn any new skill, especially when you're just starting out because they're affordable. And another thing is books.

 

There's books on every one of these topics, guys. So I like to read books. If you're on video, you can see my bookshelf in the back.

 

You can learn all this stuff as well as books. And I would recommend doing all the above, like get your certifications, read your books, do your Try Hack Me, do your Hack the Box. And if you're doing all this, you're going to have a complete picture and you're really going to understand these skills like the back of your hand.

 

So for me, a lot of people see my certifications. It's not all I have. I have the complete picture.

 

Like I said, read the books, do your Try Hack Me, do your Hack the Box rooms, and you're going to be set up for success. Moving on to the next skill, detection and incident response. Log analysis, SIEM, EDR, threat hunting, incident response, and digital forensic remains core skills in almost every organization.

 

Now, this skill is very important in the blue team. Blue team, this is very vital. Red team, offense security, pen testing, not as important.

 

This is actually a weakness of mine because I've spent so much time in offense security now that I'm not an expert in detection and incident response. Although I do have some familiarity with it, I do have the Try Hack Me SAL1, which is a SOC level one certification. And that's a good starting point, by the way.

 

And there's also some other certifications from Hack the Box, Offsec, and CompTIA, also like COISA pluses are a good one to learn some of the stuff, the basics. And then just to rewind a little bit, guys, the last skill, Afsec, that's more offensive security, less defense security. So if you want to be in defense security blue team, Afsec is less important, but offense security, very important.

 

Back on the topic of hand detection and incident response, the opposite is true. Very important blue team skill and less important when it comes to offense security. Moving on to skill number five, risk assessment and security architecture.

 

Companies don't hire just to find vulnerabilities. They hire people to understand business risks and design secure systems. So security architecture, that's like the core of any cybersecurity engineer position.

 

Risk assessment, a little bit different. It's you're writing risk, right? You're trying to figure out how severe is this? Is this a problem? Is this not a problem? Why does it matter? And to learn this skill, guys, this is one of those skills that you just can't really learn through a course, a certification, or a bootcamp. You're really going to learn this on the job.

 

It's a hard skill to learn. It's very difficult to master. And even as a pen tester, I was in my last role, we would debate respectively, of course, like how to rate certain findings, because everyone has their own opinions on like how to rate a certain vulnerability, right? And we would even have like senior level pen testers asking me, who was a mid-level pen tester, someone who's a little less senior, asking me, hey, Kyser, what should we rate this finding? And I'm like, I don't know, critical, I guess.

 

You know what I mean? There's a debate back and forth. And you got to explain the reason why. And one of the reasons why I got fed up in my last pen test role is because you write a finding, you mark it as a certain finding, and then the client argues the finding.

 

They argue the finding. I'm like, no, that's not a critical, that's a high, or that's not a high, that's a medium. And I even had to go the other way around.

 

I marked one as a low, and I'm like, can we mark this as a medium? I actually had that, which is interesting. And the reason why clients argue finding, because they don't like the highest severity, the worst they look, people, it bruises their ego when they see marks on their network or marks on their web app that they developed, which you don't want to see that if you're a designer, right? Securing systems, like these cybersecurity engineers, they take great pride in securing their security architecture, right? So when we find findings, obviously that's going to not feel good. And a developer, writing code and developing an app, finding a critical vulnerability, that's going to be not the best news you're going to hear.

 

So there's a reason why I push back on the findings. But so your job is like, in my last role as a pen tester to communicate that risk. And that's where I had to do a lot, right? It's not about finding the vulnerabilities, it's finding the vulnerabilities and explaining the risk.

 

Why does this matter? Why does this need fixed? And that's probably an offensive and defensive security. And once again, guys, you're not going to learn in a certification. I'm going to learn it in a bootcamp.

 

You're going to learn on the job in your first role. So, I mean, you can read about it, but when you're on the hot seat and you're actually need to make these calls, it's not easy. It is not easy.

 

Like you might be able to find the vulnerability easily, right? You might be able to find that SQL injection and you might be able to dump a database, but it's like, well, I guess dumping a database is automatic critical, but there might be some situations where it's a high, you know, it just depends on the context. And I think one way you can learn this is just understand business, guys. There's a reason why I made my minor when I was going through my bachelor's degree, why I made my minor business administration, because business is so important to cybersecurity.

 

Like most of these companies, they don't care about cybersecurity. They care about their business and cybersecurity just happens to be a part of it. And understanding business is essential.

 

So if you understand business, then you can make the appropriate risk decisions. And that's another reason why for those who don't know, I'm going through currently going through an MBA program, bachelor of business administration, because business is that important. I also do a business podcast.

 

I read business books because it's, in my opinion, a great skillset. It's not on the list because it's not technically a cybersecurity skill, but it's a great complimentary skill. And it is a subcategories of expertise for myself.

 

And there's a reason why I'm going down that business skill route, because it's going to help me out. And I would advise you to at least learn the basics of business to help you make those risk assessments. Skill number four, identity and access management, authentication, authorization, MFA, OAuth, SAML, Enter ID, privilege access, and zero trust are critical to modern enterprise security.

 

This is one of those skills that you're going to learn as you go. I wouldn't focus too much time and attention here, guys. It is a vital skill.

 

Don't get me wrong. You need to know IAM, identity and access management. You need to know that.

 

But you don't need to take a dedicated IAM course or a dedicated IAM certification. But IAM is covered in every course, every certification. So you're going to pick this up as you go along.

 

Just make sure you're paying attention. And honestly, in my opinion, it's a vital skill, but it's not that hard to learn, in my opinion. You're going to pick it up.

 

If you're understanding the other concepts of cybersecurity, these are probably, in my opinion, the easier concepts to grasp. Now, I'm sure it's difficult to master some certain areas, but the basics and the fundamentals, you can get away with just knowing the basic fundamentals at an intermediate level. So I wouldn't take an identity and access management dedicated course, unless you want to be an identity and access management professional only.

 

But most blue team positions, often security positions, this is just going to pick up as you go through your career. So I wouldn't dedicate specific time here, because like I said, every course is going to dip its hands in IAM at some point in time. Skill number three, cloud security, AWS, Azure, and Google Cloud Platform dominate enterprise environments.

 

Cloud security is consistently among the most requested technical skills. This is one of those skills that is underrated, in my opinion. We don't talk about cloud security enough, right? I don't see a lot of people getting cloud security certifications.

 

And this is an area that I've been working on. I do have a content cloud plus. However, I wish I spent some more time in the cloud.

 

Now, office security professionals, cloud security is less important, because you don't need to know the back of your hand. But I would say blue teaming, especially if you want to be a cybersecurity engineer, knowing cloud security is essential. So it does help to have an AWS cert or an Azure cert.

 

I would avoid Google Cloud Platform unless the organization you work with or the organization that you want to work for, you know for a fact they use Google Cloud Platform at a very high level. Most organizations are using AWS or Azure. And AWS is more prevalent than Azure.

 

So if you don't know, I would pick AWS. If you do know, then obviously go Azure or Google Cloud Platform, if you know the organization is using something else. There's also the CCSP, a certified cloud security professional from ISC-2.

 

That's a dedicated cloud security certification. And to my knowledge, it's the only vendor neutral cloud security certification there is. Cloud plus is vendor neutral from CompTIA.

 

However, that's not security. That's basics of cloud fundamentals. When I say basics, I just mean you're not going to know cloud like the back of your hand.

 

But it's not an easy cert. It's actually kind of hard. And you do need to have some like security fundamentals in your belt already.

 

You also need to have networking fundamentals on your belt already. We're going to get into networking fundamentals a little bit later. But cloud security is just an extension to networking fundamentals because every company has cloud.

 

And I mean every company. I mean, I would be surprised if you found a successful business who has not using the cloud in some way, shape, or form, because cloud is that problem. Like on-prem is dead for the most part.

 

Like I said, I'm sure there's still some on-prem situations going on, especially if like really secure and classified networks. But almost every organization and maybe even every organization that's successful is using cloud. So knowing cloud security is very important, especially if you want to be a blue teamer.

 

Less important if you want to be an office security professional. Moving on to skill number two, operating systems, Windows and Linux specifically. So Active Directory, Linux servers, permissions, processes, logging authentication, and system administration are everywhere in cybersecurity.

 

And how do you learn operating systems? So Windows, man, I don't even, I've been using Windows so long, like I never had to take a dedicated Windows course. And you're going to learn like Windows, like how to defend Windows and any Windows, sorry, in any blue teaming course or certification that you're going to learn, like Active Directory basics. You're going to learn this by getting help desk roles.

 

The help desk is going to help you with this. Any kind of system administration role is going to help with this. System administrator is also a very good position to get into as a launch pad to get into cybersecurity.

 

Linux, Linux, you can learn. I got the Conti Linux plus a start, but again, you can just get Linux skills by just doing the courses from the other skills, doing try hack me, hack the box, like almost every hack the box and try hack me room requires Linux. Actually, I don't know any hack the box machines that you're always using Linux because Kali Linux and Paradox are like the hacking distro.

 

So you're going to learn Linux just by going after the other skill sets. But if you want to get a solid foundation, I start with the Conti Linux plus perfectly viable, but definitely not 100% necessary. And again, with all these skills, Linux, especially you can get a lot of stuff just by buying a book and reading it and then just download Linux and start using it.

 

Like it's that easy. Like just get Linux and start using it. And Windows, if you're not using Windows, I would recommend getting Windows.

 

I would, I would get off the Mac. Like if you're, I mean, if you, I would only use Mac if you prefer Mac to Windows, if you understand Windows, if you don't understand Windows and use a Mac, like stop using the Mac and go use Windows for years because you need to understand Windows. And if you're not using it, then you're not going to understand it.

 

But there are people inside of security who do have Macs, but these people, they understand Windows. Like they're using Mac because they prefer it, not because they don't understand Windows, it's because they prefer Mac. So the huge, huge difference there.

 

So Windows, you can just, like I said, Windows and Linux, you can just learn from doing. And Mac is not essential. Like I don't, I don't know how to use Mac guys.

 

It runs off of like a flavor of the Linux kernel, I think, but enterprises, companies, they're not using Macs. Maybe some employees in the organization have Macs, but almost every server out there, there's no servers running Mac. I mean, I've never needed to have Mac skills in my career.

 

I'm eight years deep and I have no desire to accumulate some Mac skills. So there's that. Windows and Linux is where it's at.

 

Moving on to skill number one, this is the most important skill. Networking fundamentals, nearly every security problem ultimately comes back to understanding networks, TCP, IP, DNS, HTTP, routing, VPNs, firewalls, segmentation. Without this foundation, everything else is harder.

 

Man, if you don't understand networking, you're just not going to make it in this field, guys. Like you have to, you have to know this. But luckily for most roles, you don't have, I would say the Contia Network Plus is plenty of knowledge.

 

If you just get that certification, or at least equivalent of that certification, you don't need the certification. But if you just go get a Network Plus book, read it, go do some practice questions, make sure you understand this stuff, then you're, you're good to go. Now, as cybersecurity engineers, you're going to need to understand networking a little bit more.

 

You're going to have to understand firewalls. That's where the CCNA comes into handy, the Cisco Certified Network Associate. It's a higher level networking certification that's totally worth doing if you're a cybersecurity engineer.

 

A lot of cybersecurity engineer positions are asking for that CCNA. I have a CCNA, a little bit overkill if you are trying to become a pentester or even a SOC analyst. I haven't touched a Cisco router or switch ever since I got the CCNA.

 

So a little bit overkill, the Contia Network Plus is a great certification. And again, tons of networking books out there, guys. Tons of networking rooms on TriHackMe.

 

There's networking fundamentals on Hack the Box Academy. Like there's tons of opportunities here. There's no excuse to not know networking by your hand.

 

Because here's a, there's a cool thing about networking, guys. Networking does not change. It does not change.

 

TCPIP has been around since the 70s. It stays the same for decades. So once you learn this stuff, you can move on.

 

You don't need to keep sharpening that skill because it literally is everywhere in cybersecurity. Once you get that Network Plus or the CCNA, and you go start doing the more advanced stuff, you're going to be touching all the networking stuff that you learned and expanding on it, actually, because it does get more advanced. But the basics never change.

 

The fundamentals never change when it comes to networking. So there you have it, guys. The top 10 cybersecurity skills that you need to have.

 

I want to give you an honorable mention here. I would say offensive security skills is an honorable mention. That's not on the top 10.

 

But when I say offensive security skills, I'm talking about, you know, like your attacks, you know, SQL injection, cross-site scripting, privilege escalation, insecure permissions, and pretty much anything you're going to learn through any kind of ethical hacking course. Like that's a vital skill. Even as a defender, even if you don't want to get a Pentester, knowing the basics of those offensive security skills is going to pay dividends.

 

You can start getting skills by doing the content of Pentest Plus. And then I would even go out and get something as simple as like the TCM Security Project Code Junior Penetration Tester. Now, I don't have that certification because when I was at the junior level, it didn't exist.

 

So I went and got the EJPT. That's the INE Security Junior Penetration Tester, which that helped me get the OSCP later down the line. But I did let my EJPT expire because I don't need it anymore.

 

But if I had to go back and do it or if I was doing it again, I would recommend the PJPT, the Project Code Junior Penetration Tester over the INE Security Junior Penetration Tester for two reasons. INE is more practical, more real world. And two, they never expire.

 

Like I let my EJPT expire because like it was, to be honest with you, it was marketed as a certificate that doesn't expire, which is very appealing to me. I understand it's important to keep your skills up to date. I understand why certifications expire.

 

But when you have certifications like I do, it gets expensive because you're spending anywhere between $50 to $100 every year on every cert. And when you have 20 certs, that adds up, man. So I like certs that don't expire.

 

And I can keep my skills short by just going to get other certifications. An employer can look like, oh yeah, he got, let's say 10 years from now. Oh yeah, he got OCP in 2023, but, you know, it doesn't expire.

 

So is it still relevant? It's like, well, what has he been doing? Oh, he's been doing this, this, this. He got this cert and that cert and he's been working on it. So obviously he still has a skill.

 

So you can demonstrate skills for on a, like you can demonstrate that you have fresh skills on a cert that doesn't expire, for example. But that's a rant for another time. Get the offense security skills, even as a defender, will help you out.

 

It's going to help you identify attacks. And it's going to help you understand that attacker and hacker mindset. And when you have that, it's going to make you a better defender.

 

So doesn't make the top 10, but I would say it's a, it's a number 11, if you're a blue team. Obviously, if you want to be an offense security professional, that's number one, like learn how to hack, learn how to attack things, learn how to exploit things. That's going to help you out as a pen tester, red teamer, offense security professional, bounty hunter.

 

Uh, but as a blue teamer, um, it doesn't hurt to get those skills. So that was an honorable mention that I want to throw in there a bonus bonus 11. So to recap at 11, as the honorable mentioned, we got ethical hacking, pen testing, offense security skills, and there's a whole, like a million skills underneath of those, but we don't have time to unpack every single one of those.

 

Uh, number 10, we have communication and problem solving number nine, AI security, number eight, automation and scripting number seven, application security, number six, detection and instant response. Number five, risk assessment and security architecture. Number four, identity and access management.

 

I am number three cloud security skill. Number two, operating systems, specifically windows and Linux one, and the most important networking fundamentals. Hopefully you got some value out of this guys.

 

If you're on YouTube, drop a comment, let me know what skills I might've missed, or let me know if you think one of these skills deserves to be out of the top 10 and a different skill deserves to be in the top 10. Hey, you guys write to show five stars. It really helps us show out a lot.

 

I don't market this at all. Like I don't put ads anywhere. So, um, only people who find this organically are finding the show on audio.

 

So when you write the show five stars really helps me out. And, and then if you're on YouTube guys, hit the like button, hit the subscribe button, and hopefully I see you on the next episode until then. This is Kyser signing off.

 

Thank you. Thank you for watching. Thanks for listening.

 

Take care.